Thanxs, maxi. Here are the logs you ask. About Microsoft Safety Scanner, it only says that I have one infected file, and when I ask to see the detailed scan results it only says, without giving filename or filepath :
Logiciels malveillants: Trojan:Win32/Bumat!rts
Résultats de l'analyse: Partiellement supprimé
I may add that in the result above, "Trojan:Win32/Bumat!rts" is a clickable word with an hyperlink that leads to
http://www.microsoft.com/security/porta ... fBumat!rts OTL logfile created on: 2011-10-27 12:44:26 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\client\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd
1014,08 Mb Total Physical Memory | 529,94 Mb Available Physical Memory | 52,26% Memory free
1,65 Gb Paging File | 1,28 Gb Available in Paging File | 77,51% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 90,76 Gb Total Space | 53,33 Gb Free Space | 58,77% Space Free | Partition Type: NTFS
Computer Name: CLIEN | User Name: client | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - C:\Documents and Settings\client\Bureau\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\MozyHome\mozystat.exe (Mozy, Inc.)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Fichiers communs\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - c:\D\S\zi\stacsv.exe (IDT, Inc.)
========== Modules (No Company Name) ========== MOD - C:\Program Files\AVAST Software\Avast\defs\11102700\algo.dll ()
MOD - C:\Program Files\AVAST Software\Avast\defs\11102700\aswRep.dll ()
MOD - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA ()
MOD - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
MOD - C:\WINDOWS\system32\pdfcmnnt.dll ()
========== Win32 Services (SafeList) ========== SRV - (AppMgmt) -- File not found
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Fabs) -- C:\Program Files\Fichiers communs\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\Fichiers communs\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (STacSV) -- c:\D\S\zi\stacsv.exe (IDT, Inc.)
========== Driver Services (SafeList) ========== DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (iaStor8) -- C:\WINDOWS\system32\drivers\iastor8.sys (Intel Corporation)
DRV - (ahcix86) -- C:\WINDOWS\system32\drivers\ahcix86.sys (AMD Technologies Inc.)
DRV - (nvgts) -- C:\WINDOWS\system32\DRIVERS\nvgts.sys (NVIDIA Corporation)
DRV - (nvrd32) -- C:\WINDOWS\system32\DRIVERS\nvrd32.sys (NVIDIA Corporation)
DRV - (JRAID) -- C:\WINDOWS\system32\DRIVERS\jraid.sys (JMicron Technology Corp.)
DRV - (BANTExt) -- C:\WINDOWS\System32\Drivers\BANTExt.sys ()
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (IDT, Inc.)
DRV - (nvatabus) -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys (NVIDIA Corporation)
DRV - (vmscsi) -- C:\WINDOWS\system32\DRIVERS\vmscsi.sys (VMware, Inc.)
DRV - (iaStor7) -- C:\WINDOWS\system32\drivers\iastor7.sys (Intel Corporation)
DRV - (SI3112r) -- C:\WINDOWS\system32\DRIVERS\SI3112r.sys (Silicon Image, Inc)
DRV - (SiFilter) -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys (Silicon Image, Inc.)
DRV - (m5288) -- C:\WINDOWS\system32\DRIVERS\m5288.sys (ULi Electronics Inc.)
DRV - (iaStor5) -- C:\WINDOWS\system32\drivers\iastor5.sys (Intel Corporation)
DRV - (m5287) -- C:\WINDOWS\system32\DRIVERS\m5287.sys (ULi Electronics Inc.)
DRV - (m5289) -- C:\WINDOWS\system32\DRIVERS\m5289.sys (ULi Electronics Inc.)
DRV - (SiSRaid) -- C:\WINDOWS\system32\DRIVERS\SiSRaid.sys (Silicon Integrated Systems)
DRV - (m5281) -- C:\WINDOWS\system32\DRIVERS\m5281.sys (ALi Corporation)
DRV - (m5228) -- C:\WINDOWS\system32\DRIVERS\m5228.sys (ALi Corporation.)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3897032687-2156569484-1011630684-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.weatheroffice.gc.ca/city/pag ... ric_f.htmlIE - HKU\S-1-5-21-3897032687-2156569484-1011630684-1004\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKU\S-1-5-21-3897032687-2156569484-1011630684-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
O1 HOSTS File: ([2004-08-05 08:00:00 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\MozyHome Etat.lnk = C:\Program Files\MozyHome\mozystat.exe (Mozy, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3897032687-2156569484-1011630684-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}
http://www.update.microsoft.com/windows ... 9787720946 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
http://www.update.microsoft.com/microso ... 2466217578 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.201.245.77 24.200.241.37 24.200.243.189
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F5F9F19-96CC-429F-861B-B0BB971BE460}: DhcpNameServer = 24.201.245.77 24.200.241.37 24.200.243.189
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\client\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\client\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-09-15 12:14:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{aeb58df9-bebe-11e0-bb5b-001676a14cbe}\Shell - "" = AutoRun
O33 - MountPoints2\{aeb58df9-bebe-11e0-bb5b-001676a14cbe}\Shell\AutoRun\command - "" = E:\laucher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ========== [2011-10-27 12:38:16 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\client\Bureau\OTL.exe
[2011-10-25 08:31:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Google Chrome
[2011-10-24 12:16:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\client\Menu Démarrer\Programmes\Outils d'administration
[2011-10-24 12:16:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\client\Mes documents\Mes vidéos
[2011-10-24 12:16:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\client\Mes documents\Mes images
[2011-10-24 12:16:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\client\Mes documents\Ma musique
[2011-10-24 12:11:18 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\client\Bureau\dds.scr
[2011-10-24 11:42:12 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\client\Recent
[2011-10-24 11:19:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\client\Menu Démarrer\Programmes\HiJackThis
[2011-10-24 11:19:58 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011-10-22 14:15:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\client\DoctorWeb
[2011-10-22 10:53:15 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Java
[2011-10-22 10:52:48 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011-10-22 10:52:48 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011-10-22 10:52:48 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011-10-22 09:59:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\client\Application Data\Malwarebytes
[2011-10-22 09:59:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malwarebytes' Anti-Malware
[2011-10-22 09:59:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011-10-22 09:59:16 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011-10-22 09:59:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011-10-22 02:41:13 | 000,020,568 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011-10-22 02:41:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\avast! Free Antivirus
[2011-10-22 02:41:12 | 000,320,856 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011-10-22 02:41:10 | 000,034,392 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011-10-22 02:41:09 | 000,442,200 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011-10-22 02:41:09 | 000,052,568 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011-10-22 02:41:08 | 000,110,552 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011-10-22 02:41:08 | 000,104,536 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011-10-22 02:41:08 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011-10-22 02:40:49 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011-10-22 02:40:48 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011-10-22 02:07:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011-10-22 02:03:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2011-10-27 12:47:00 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{1DA70E43-7BEC-4BBD-A96C-EC98C3A02EAC}.job
[2011-10-27 12:38:51 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\client\Bureau\ztlw0wzh.exe
[2011-10-27 12:38:24 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\client\Bureau\OTL.exe
[2011-10-27 12:34:47 | 000,002,577 | ---- | M] () -- C:\Documents and Settings\client\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word (2).lnk
[2011-10-27 12:06:01 | 000,001,056 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011-10-27 11:35:53 | 000,001,052 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011-10-27 11:35:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011-10-27 06:17:59 | 000,069,638 | ---- | M] () -- C:\Documents and Settings\client\Mes documents\Another Description of the Geodemocracy.mht
[2011-10-26 09:09:50 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011-10-25 20:24:04 | 000,122,089 | ---- | M] () -- C:\Documents and Settings\client\Mes documents\Unpleasantness.pdf
[2011-10-25 08:31:24 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Google Chrome.lnk
[2011-10-24 14:39:59 | 000,009,390 | ---- | M] () -- C:\WINDOWS\mozy.flt
[2011-10-24 14:39:59 | 000,004,632 | ---- | M] () -- C:\WINDOWS\mozy.blk
[2011-10-24 12:37:12 | 000,002,449 | ---- | M] () -- C:\Documents and Settings\client\Bureau\HiJackThis.lnk
[2011-10-24 12:11:25 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\client\Bureau\dds.scr
[2011-10-23 18:13:22 | 000,452,813 | ---- | M] () -- C:\Documents and Settings\client\Mes documents\Journal of Consciousness Studies -Pain 111023.mht
[2011-10-22 14:05:58 | 079,451,872 | ---- | M] () -- C:\Documents and Settings\client\Bureau\cureit-201110222232.exe
[2011-10-22 11:10:28 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\client\Application Data\Microsoft\Internet Explorer\Quick Launch\Démarrer Internet Explorer.lnk
[2011-10-22 11:09:55 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\client\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook (2).lnk
[2011-10-22 11:09:45 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\client\Bureau\Microsoft Outlook (2).lnk
[2011-10-22 09:59:21 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2011-10-22 02:41:13 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\avast! Free Antivirus.lnk
[2011-10-22 02:41:09 | 000,003,120 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011-10-22 02:12:18 | 000,649,312 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011-10-21 23:05:15 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\CCleaner.lnk
[2011-10-18 09:59:39 | 001,213,710 | ---- | M] () -- C:\Documents and Settings\client\Mes documents\Why did Wikipedia succeed while other encyclopedias failed111020.mht
[2011-10-17 17:31:48 | 000,214,016 | ---- | M] () -- C:\Documents and Settings\client\Application Data\SharedSettings.ccs
[2011-10-17 17:31:23 | 000,002,377 | ---- | M] () -- C:\Documents and Settings\client\Bureau\CoffeeCup Free FTP.lnk
[2011-10-17 17:28:45 | 000,002,553 | ---- | M] () -- C:\Documents and Settings\client\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft FrontPage.lnk
[2011-10-12 09:37:06 | 000,566,214 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2011-10-12 09:37:06 | 000,493,950 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011-10-12 09:37:06 | 000,100,670 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2011-10-12 09:37:06 | 000,084,494 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011-10-11 18:30:48 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\MozyHome Etat.lnk
[2011-10-11 17:07:08 | 000,160,344 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011-10-05 09:36:48 | 000,000,402 | ---- | M] () -- C:\Documents and Settings\client\Application Data\Microsoft\Internet Explorer\Quick Launch\Raccourci (2) vers Connexion au réseau local.lnk
[2011-10-03 05:06:16 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011-10-03 05:06:15 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011-10-03 05:06:14 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011-10-03 05:06:03 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011-10-03 04:34:10 | 005,971,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2011-10-03 02:37:52 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011-09-28 19:57:13 | 000,000,030 | ---- | M] () -- C:\WINDOWS\rcwin.ini
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ========== [2011-10-27 12:38:50 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\client\Bureau\ztlw0wzh.exe
[2011-10-27 06:17:58 | 000,069,638 | ---- | C] () -- C:\Documents and Settings\client\Mes documents\Another Description of the Geodemocracy.mht
[2011-10-25 20:24:04 | 000,122,089 | ---- | C] () -- C:\Documents and Settings\client\Mes documents\Unpleasantness.pdf
[2011-10-25 08:31:24 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Google Chrome.lnk
[2011-10-24 11:19:59 | 000,002,449 | ---- | C] () -- C:\Documents and Settings\client\Bureau\HiJackThis.lnk
[2011-10-23 18:13:21 | 000,452,813 | ---- | C] () -- C:\Documents and Settings\client\Mes documents\Journal of Consciousness Studies -Pain 111023.mht
[2011-10-22 14:05:51 | 079,451,872 | ---- | C] () -- C:\Documents and Settings\client\Bureau\cureit-201110222232.exe
[2011-10-22 11:10:28 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\client\Application Data\Microsoft\Internet Explorer\Quick Launch\Démarrer Internet Explorer.lnk
[2011-10-22 11:09:55 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\client\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook (2).lnk
[2011-10-22 11:09:45 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\client\Bureau\Microsoft Outlook (2).lnk
[2011-10-22 09:59:21 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2011-10-22 02:41:13 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\avast! Free Antivirus.lnk
[2011-10-22 02:12:11 | 000,649,312 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011-10-18 09:59:36 | 001,213,710 | ---- | C] () -- C:\Documents and Settings\client\Mes documents\Why did Wikipedia succeed while other encyclopedias failed111020.mht
[2011-10-05 09:36:48 | 000,000,402 | ---- | C] () -- C:\Documents and Settings\client\Application Data\Microsoft\Internet Explorer\Quick Launch\Raccourci (2) vers Connexion au réseau local.lnk
[2011-10-02 13:55:18 | 000,002,553 | ---- | C] () -- C:\Documents and Settings\client\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft FrontPage.lnk
[2011-09-21 18:05:57 | 000,005,729 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2011-09-18 18:09:58 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2011-09-13 21:10:47 | 000,214,016 | ---- | C] () -- C:\Documents and Settings\client\Application Data\SharedSettings.ccs
[2011-08-09 22:36:55 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2011-08-03 22:01:56 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011-08-03 18:16:13 | 000,000,030 | ---- | C] () -- C:\WINDOWS\rcwin.ini
[2010-11-02 14:21:08 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009-12-21 10:50:15 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4764.dll
[2009-09-15 15:22:56 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009-09-15 14:22:30 | 000,000,555 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009-09-15 12:16:08 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009-09-15 12:13:03 | 000,021,892 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009-09-15 08:08:51 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009-09-15 08:08:23 | 000,160,344 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007-04-27 10:43:58 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2004-08-05 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004-08-05 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004-08-05 08:00:00 | 000,566,214 | ---- | C] () -- C:\WINDOWS\System32\perfh00C.dat
[2004-08-05 08:00:00 | 000,493,950 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004-08-05 08:00:00 | 000,322,810 | ---- | C] () -- C:\WINDOWS\System32\perfi00C.dat
[2004-08-05 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004-08-05 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004-08-05 08:00:00 | 000,100,670 | ---- | C] () -- C:\WINDOWS\System32\perfc00C.dat
[2004-08-05 08:00:00 | 000,084,494 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004-08-05 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004-08-05 08:00:00 | 000,034,108 | ---- | C] () -- C:\WINDOWS\System32\perfd00C.dat
[2004-08-05 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004-08-05 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004-08-05 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004-08-05 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004-08-05 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
========== Alternate Data Streams ========== @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
OTL Extras logfile created on: 2011-10-27 12:44:26 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\client\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd
1014,08 Mb Total Physical Memory | 529,94 Mb Available Physical Memory | 52,26% Memory free
1,65 Gb Paging File | 1,28 Gb Available in Paging File | 77,51% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 90,76 Gb Total Space | 53,33 Gb Free Space | 58,77% Space Free | Partition Type: NTFS
Computer Name: CLIEN | User Name: client | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5985:TCP" = 5985:TCP:*:Disabled:Gestion à distance de Windows
"80:TCP" = 80:TCP:*:Disabled:Gestion à distance de Windows - Mode de compatibilité (HTTP-Entrée)
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\DeviceSetup.exe" = C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\DeviceSetup.exe:LocalSubNet:Enabled:Configuration du périphérique HP -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe" = C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe:LocalSubNet:Enabled:Communicateur réseau HP -- (Hewlett-Packard Co.)
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{043F86B7-EE12-3399-B2CA-D0B603D87963}" = Microsoft .NET Framework 4 Extended FRA Language Pack
"{05653DE1-6567-40C6-B930-39D399B64369}" = OpenOffice.org 3.3
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0BD83598-C2EF-3343-847B-7D2E84599128}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA
"{0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}" = Microsoft .NET Framework 4 Client Profile FRA Language Pack
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 29
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{66F43DBE-6D46-4BCE-831D-0D4C13639BE8}" = CoffeeCup Free FTP
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72AD53CC-CCC0-3757-8480-9EE176866A7C}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007
"{9028040C-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional avec FrontPage
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1036-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Français
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{BD88845C-00DF-43F2-97D1-E71C408FB5CC}" = Logiciel de base du périphérique HP Deskjet 3050 J610 series
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}" = Sauvegarde des Dossiers personnels Microsoft Outlook
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D5F02102-C0FD-D252-FA0F-45936D3B66B4}" = MozyHome
"{EA2D9BC0-75E9-4975-9A0A-DD82198DDC53}" = MSXML 6.0 Parser
"{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}" = HP Deskjet 3050 J610 series Aide
"avast" = avast! Free Antivirus
"Belarc Advisor" = Belarc Advisor 8.2
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"DScaler 5 Mpeg Decoders_is1" = DScaler 5 Mpeg Decoders
"EPSON Printer and Utilities" = EPSON Logiciel imprimante
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Photo Creations" = HP Photo Creations
"ie8" = Windows Internet Explorer 8
"MAGIX Photo Clinic 4.5 US" = MAGIX Photo Clinic 4.5 (US)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile FRA Language Pack" = Module linguistique Microsoft .NET Framework 4 Client Profile FRA
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended FRA Language Pack" = Module linguistique Microsoft .NET Framework 4 Extended FRA
"PROSet" = Intel(R) Network Connections Drivers
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media 11
"Windows XP Service" = Windows XP Service Pack 3
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 2011-08-31 10:17:37 | Computer Name = CLIEN | Source = Application Error | ID = 1000
Description = Application défaillante iexplore.exe, version 8.0.6001.18702, module
défaillant shlwapi.dll, version 6.0.2900.5912, adresse de défaillance 0x00006fc4.
Error - 2011-09-06 19:53:26 | Computer Name = CLIEN | Source = Application Hang | ID = 1002
Description = Application bloquée AcroRd32.exe, version 10.1.0.534, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.
Error - 2011-09-18 18:33:37 | Computer Name = CLIEN | Source = Application Error | ID = 1000
Description = Application défaillante iexplore.exe, version 8.0.6001.18702, module
défaillant mshtml.dll, version 8.0.6001.19120, adresse de défaillance 0x000de3dd.
Error - 2011-09-21 17:49:07 | Computer Name = CLIEN | Source = MsiInstaller | ID = 11931
Description = Produkt: MSXML 6.0 Parser -- Fehler 1931. Der Windows Installer-Dienst
kann die Systemdatei C:\WINDOWS\system32\msxml6r.dll nicht aktualisieren, weil
die Datei von Windows geschützt wird. Sie müssen möglicherweise das Betriebssystem
aktualisieren, damit dieses Programm korrekt funktionieren kann. Paketversion:
6.0.3883.0, vom System geschützte Version: 6.0.3883.0
Error - 2011-09-22 10:27:07 | Computer Name = CLIEN | Source = VSS | ID = 12289
Description = Erreur du service de cliché instantané des volumes : erreur inattendue
CreateFileW(\\?\Volume{e61350db-be08-11e0-bb52-806d6172696f},0xc0000000,0x00000003,...).
hr = 0x80070005.
Error - 2011-09-23 10:07:47 | Computer Name = CLIEN | Source = VSS | ID = 12289
Description = Erreur du service de cliché instantané des volumes : erreur inattendue
CreateFileW(\\?\Volume{e61350db-be08-11e0-bb52-806d6172696f},0xc0000000,0x00000003,...).
hr = 0x80070005.
Error - 2011-09-25 09:12:56 | Computer Name = CLIEN | Source = VSS | ID = 12289
Description = Erreur du service de cliché instantané des volumes : erreur inattendue
CreateFileW(\\?\Volume{e61350db-be08-11e0-bb52-806d6172696f},0xc0000000,0x00000003,...).
hr = 0x80070005.
Error - 2011-09-26 12:20:26 | Computer Name = CLIEN | Source = VSS | ID = 12289
Description = Erreur du service de cliché instantané des volumes : erreur inattendue
CreateFileW(\\?\Volume{e61350db-be08-11e0-bb52-806d6172696f},0xc0000000,0x00000003,...).
hr = 0x80070005.
Error - 2011-09-27 06:50:32 | Computer Name = CLIEN | Source = VSS | ID = 12289
Description = Erreur du service de cliché instantané des volumes : erreur inattendue
CreateFileW(\\?\Volume{e61350db-be08-11e0-bb52-806d6172696f},0xc0000000,0x00000003,...).
hr = 0x80070005.
Error - 2011-09-27 22:17:58 | Computer Name = CLIEN | Source = VSS | ID = 12289
Description = Erreur du service de cliché instantané des volumes : erreur inattendue
CreateFileW(\\?\Volume{e61350db-be08-11e0-bb52-806d6172696f},0xc0000000,0x00000003,...).
hr = 0x80070005.
[ System Events ]
Error - 2011-10-22 14:11:55 | Computer Name = CLIEN | Source = Service Control Manager | ID = 7001
Description = Le service Client DHCP dépend du service NetBIOS sur TCP/IP qui n'a
pas pu démarrer en raison de l'erreur : %%31
Error - 2011-10-22 14:11:55 | Computer Name = CLIEN | Source = Service Control Manager | ID = 7001
Description = Le service Client DNS dépend du service Pilote du protocole TCP/IP
qui n'a pas pu démarrer en raison de l'erreur : %%31
Error - 2011-10-22 14:11:55 | Computer Name = CLIEN | Source = Service Control Manager | ID = 7001
Description = Le service Assistance TCP/IP NetBIOS dépend du service AFD qui n'a
pas pu démarrer en raison de l'erreur : %%31
Error - 2011-10-22 14:11:55 | Computer Name = CLIEN | Source = Service Control Manager | ID = 7001
Description = Le service Services IPSEC dépend du service Pilote IPSEC qui n'a pas
pu démarrer en raison de l'erreur : %%31
Error - 2011-10-22 14:11:55 | Computer Name = CLIEN | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se
charger : Aavmker4 AFD aswRdr aswSnx aswSP aswTdi BANTExt Fips intelppm IPSec mozyFilter MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
Tcpip
Error - 2011-10-22 14:12:04 | Computer Name = CLIEN | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1084" lors de la mise en route du service StiSvc
avec les arguments "" pour démarrer le serveur : {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 2011-10-22 14:13:09 | Computer Name = CLIEN | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1084" lors de la mise en route du service EventSystem
avec les arguments "" pour démarrer le serveur : {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 2011-10-22 14:13:22 | Computer Name = CLIEN | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1084" lors de la mise en route du service netman
avec les arguments "" pour démarrer le serveur : {BA126AE5-2166-11D1-B1D0-00805FC1270E}
Error - 2011-10-22 14:13:37 | Computer Name = CLIEN | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1084" lors de la mise en route du service EventSystem
avec les arguments "" pour démarrer le serveur : {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 2011-10-22 15:17:07 | Computer Name = CLIEN | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1084" lors de la mise en route du service EventSystem
avec les arguments "" pour démarrer le serveur : {1BE1F766-5536-11D1-B726-00C04FB926AF}
< End of report >
GMER 1.0.15.15641 -
http://www.gmer.netRootkit scan 2011-10-27 14:06:38
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e WDC_WD1600JS-75NCB3 rev.10.02E04
Running: ztlw0wzh.exe; Driver: C:\DOCUME~1\client\LOCALS~1\Temp\axtdqpow.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xAA357374]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xAA3BE2B8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xAA37B829]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xAA359996]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xAA3599EE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xAA359B04]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xAA37B1DD]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xAA3598EC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xAA359A3E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xAA359940]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xAA359AB2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xAA357398]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xAA37BEEF]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xAA37C1A5]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xAA359D88]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xAA37BD5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xAA37BBC5]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xAA3BE368]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xAA357162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xAA3573BC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xAA359EFC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xAA357E54]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xAA3599C6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xAA359A16]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xAA359B2E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xAA37B539]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xAA359918]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xAA359BC0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xAA359A7E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xAA35996E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xAA359CA4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xAA359ADC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xAA3BE400]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xAA37BA40]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xAA357D1A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xAA37B892]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xAA3C66E2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xAA37A850]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xAA3573E0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xAA357404]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xAA3571BC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xAA3572F8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xAA37BFF6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xAA3572D4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xAA35731C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xAA357428]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xAA3D39A6]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \FileSystem\Ntfs \Ntfs mozy.sys (Mozy Change Monitor Filter Driver/Mozy, Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device \Driver\ACPI_HAL \Device\00000051 halaacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
---- EOF - GMER 1.0.15 ----