Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Infected with Spyware Protection

Started by Kashink , Mar 31 2011 09:45 AM

  • Please log in to reply

#1
Kashink
Posted 31 March 2011 - 09:45 AM

Kashink

    Member

  • Member
  • PipPip
  • 56 posts
Hi,

Got infected with Spyware yesterday, impossible to boot in safe mode and run mbam or any other program. After reading other posts, I figured these reports were needed. I am attaching the first report, then will enter second and third post with Rogue 2 and OTL.

RogueKiller V4.3.5 par Tigzy
contact sur http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Remontees: http://www.sur-la-to...-Remontees.html

Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Demarrage : Mode normal
Utilisateur: Geneviève [Droits d'admin]
Mode: Recherche -- Date : 31/03/2011 11:15:00

Processus malicieux: 1
[APPDT/TMP/DESKTOP] defender.exe -- c:\documents and settings\geneviève\application data\defender.exe -> KILLED

Entrees de registre: 6
[APPDT/TMP/DESKTOP] HKCU\[...]\Run : Spyware Protection (C:\Documents and Settings\Geneviève\Application Data\defender.exe) -> FOUND
[APPDT/TMP/DESKTOP] HKUS\S-1-5-21-329068152-764733703-1417001333-1004[...]\Run : Spyware Protection (C:\Documents and Settings\Geneviève\Application Data\defender.exe) -> FOUND
[FILEASSO] HKCU\[...]Software\Classes\.exe\shell\open\command : ("C:\Documents and Settings\Geneviève\Local Settings\Application Data\jaa.exe" -a "%1" %*) -> FOUND
[FILEASSO] HKCU\[...]Software\Classes\exefile\shell\open\command : ("C:\Documents and Settings\Geneviève\Local Settings\Application Data\jaa.exe" -a "%1" %*) -> FOUND
[FILEASSO] HKCR\[...]exefile\shell\open\command : ("C:\Documents and Settings\Geneviève\Local Settings\Application Data\jaa.exe" -a "%1" %*) -> FOUND
[FILEASSO] HKCR\[...].exe\shell\open\command : ("C:\Documents and Settings\Geneviève\Local Settings\Application Data\jaa.exe" -a "%1" %*) -> FOUND

Fichier HOSTS:
127.0.0.1 localhost
10.1.2.3 config.messenger.msn.com


Termine : << RKreport[1].txt >>
RKreport[1].txt
  • 0

Advertisements

#2
Kashink
Posted 31 March 2011 - 09:46 AM

Kashink

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Here is Rogue 2:

RogueKiller V4.3.5 par Tigzy
contact sur http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Remontees: http://www.sur-la-to...-Remontees.html

Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Demarrage : Mode normal
Utilisateur: Geneviève [Droits d'admin]
Mode: Suppression -- Date : 31/03/2011 11:21:37

Processus malicieux: 1
[APPDT/TMP/DESKTOP] jaa.exe -- c:\documents and settings\geneviève\local settings\application data\jaa.exe -> KILLED

Entrees de registre: 3
[APPDT/TMP/DESKTOP] HKCU\[...]\Run : Spyware Protection (C:\Documents and Settings\Geneviève\Application Data\defender.exe) -> DELETED
[FILE ASSO] HKCU\[...]Software\Classes\.exe\shell\open\command : ("C:\Documents and Settings\Geneviève\Local Settings\Application Data\jaa.exe" -a "%1" %*) -> REPLACED : ("%1" %*)
[FILE ASSO] HKCU\[...]Software\Classes\exefile\shell\open\command : ("C:\Documents and Settings\Geneviève\Local Settings\Application Data\jaa.exe" -a "%1" %*) -> REPLACED : ("%1" %*)

Fichier HOSTS:
127.0.0.1 localhost
10.1.2.3 config.messenger.msn.com


Termine : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
  • 0

#3
Kashink
Posted 31 March 2011 - 09:47 AM

Kashink

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
And now OTL (OTL Extras will follow):

OTL logfile created on: 31-03-11 11:26:33 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Geneviève\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: dd-MM-yy

1 023,00 Mb Total Physical Memory | 607,00 Mb Available Physical Memory | 59,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 88,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465,76 Gb Total Space | 392,63 Gb Free Space | 84,30% Space Free | Partition Type: NTFS
Drive E: | 1,07 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: GR | User Name: Geneviève | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011-03-31 11:03:17 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Geneviève\Bureau\OTL.exe
PRC - [2011-02-18 17:37:16 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010-11-04 18:15:50 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2010-11-04 18:15:32 | 002,219,184 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2008-04-13 22:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007-02-06 17:45:26 | 000,109,344 | ---- | M] (Logitech Inc.) -- c:\Program Files\Fichiers communs\Logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2005-12-12 16:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe


========== Modules (SafeList) ==========

MOD - [2011-03-31 11:03:17 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Geneviève\Bureau\OTL.exe
MOD - [2010-08-23 12:12:39 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2007-02-06 17:45:14 | 000,092,960 | ---- | M] (Logitech Inc.) -- C:\Program Files\Fichiers communs\Logishrd\LVMVFM\LVPrcInj.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011-02-18 17:37:16 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010-11-04 18:18:10 | 000,033,584 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2010-11-04 18:15:50 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2009-02-19 00:30:20 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008-11-04 02:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2007-02-06 17:47:12 | 000,105,248 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Fichiers communs\Logishrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2007-02-06 17:45:26 | 000,109,344 | ---- | M] (Logitech Inc.) [Auto | Running] -- c:\Program Files\Fichiers communs\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2006-10-26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005-12-12 16:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)
SRV - [2004-10-22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2010-08-04 11:50:36 | 000,140,752 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2010-08-03 13:28:36 | 000,095,896 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2010-07-29 13:31:26 | 000,115,008 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009-11-03 17:04:50 | 000,025,984 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2009-02-25 18:58:57 | 003,565,568 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008-12-18 23:43:48 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008-12-18 23:43:40 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008-12-18 23:43:06 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2007-08-06 20:15:07 | 000,033,052 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2007-02-06 17:45:04 | 000,025,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2007-02-06 17:44:36 | 001,964,064 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2007-02-06 17:42:40 | 001,691,808 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2007-02-03 10:32:36 | 000,041,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007-02-03 10:25:56 | 001,075,360 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Camdrl.sys -- (CamDrL) Logitech QuickCam Pro 3000(CamDrl)
DRV - [2007-01-23 16:45:00 | 000,078,864 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2007-01-23 16:44:00 | 000,062,992 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2007-01-19 18:54:56 | 000,271,360 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2006-07-06 22:35:59 | 000,012,032 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lilsgt.sys -- (lilsgt)
DRV - [2006-06-30 21:16:58 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2006-06-30 21:06:29 | 000,223,128 | ---- | M] (DT Soft Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi)
DRV - [2006-06-30 21:04:45 | 000,642,560 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2006-01-12 19:46:28 | 000,252,928 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2005-10-22 01:25:49 | 000,137,344 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\litsgt.sys -- (litsgt)
DRV - [2005-10-22 01:25:48 | 000,012,032 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tansgt.sys -- (tansgt)
DRV - [2004-11-29 14:14:30 | 000,019,648 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2004-02-14 12:09:20 | 000,244,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CamDrL21.sys -- (PhilCam8116) Logitech QuickCam Pro 3000(PID_08B0)
DRV - [2003-10-27 11:52:47 | 000,005,248 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\giveio.sys -- (giveio)
DRV - [2003-03-04 05:50:00 | 000,073,134 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)
DRV - [2003-03-04 05:50:00 | 000,053,870 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042pr2.Sys -- (L8042pr2)
DRV - [2003-03-04 05:50:00 | 000,037,804 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHIDUSB.SYS -- (LHidUsb)
DRV - [2003-03-04 05:50:00 | 000,025,214 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHIDFLT2.SYS -- (LHidFlt2)
DRV - [2002-09-20 16:19:58 | 000,163,328 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVVIMULB.SYS -- (PID_0960_V) Logitech ClickSmart 420(PID_0960_V)
DRV - [2002-09-20 16:15:44 | 000,010,382 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVBULK.sys -- (LVBulk)
DRV - [2002-03-29 02:48:46 | 000,024,555 | ---- | M] (NETGEAR) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FA101ND5.SYS -- (FA101)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.webshots.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sympatico.ca/defaultf.aspx
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.sympatico....webshots.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-03-26 08:55:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-03-26 08:55:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010-12-29 17:22:34 | 000,000,000 | ---D | M]

[2009-12-17 09:21:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Geneviève\Application Data\Mozilla\Extensions
[2011-03-27 11:23:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Geneviève\Application Data\Mozilla\Firefox\Profiles\mpx7rjhb.default\extensions
[2011-03-06 15:01:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Geneviève\Application Data\Mozilla\Firefox\Profiles\mpx7rjhb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011-03-26 08:54:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010-12-31 10:02:46 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
File not found (No name found) --
[2008-12-19 09:32:26 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011-03-26 08:54:53 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011-03-26 08:54:58 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2011-03-26 08:54:58 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2011-03-26 08:54:58 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2011-03-26 08:54:58 | 000,001,154 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2011-03-26 08:54:58 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2011-03-26 08:54:58 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2006-05-23 08:54:35 | 000,000,828 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 10.1.2.3 config.messenger.msn.com
O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Copernic Desktop Search 2) - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Program Files\Copernic Desktop Search\DesktopSearchBand201013011.dll (Copernic Technologies Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Copernic Desktop Search 2) - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Program Files\Copernic Desktop Search\DesktopSearchBand201013011.dll (Copernic Technologies Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Copernic Agent) - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [agentantidote.exe] C:\Program Files\Druide\Antidote 7\Programmes32\agentantidote.exe (Druide informatique inc.)
O4 - HKLM..\Run: [Cmaudio] File not found
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam10\QuickCam10.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Copernic Desktop Search 2] C:\Program Files\Copernic Desktop Search\DesktopSearchService.exe (Copernic Technologies Inc.)
O4 - HKCU..\Run: [GRC V2 Hyperappel] C:\Program Files\Le Robert\Le Grand Robert & Collins\GRCHA.exe (Dictionnaire Le Robert)
O4 - HKCU..\Run: [Le Petit Robert V3 Hyperappel] C:\Program Files\Le Robert\Le Petit Robert 2010\RobertHA.exe (Dictionnaire Le Robert)
O4 - HKCU..\Run: [rcwinHyper] File not found
O4 - HKCU..\Run: [WebCamRT.exe] File not found
O4 - HKCU..\Run: [ZapNotes] C:\Program Files\ZapNotes\zapNotesfr.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
O9 - Extra 'Tools' menuitem : Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\Program Files\Copernic Agent\CopernicAgent.exe (Copernic Technologies Inc.)
O9 - Extra Button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\Program Files\Copernic Agent\CopernicAgent.exe (Copernic Technologies Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: bank-banque-canada.ca ([Applications4.bocad] https in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} http://www.digitalwe...er/dbplugin.cab (dnlplayer Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125B84} http://www.arcadetow...s/r64loader.cab (CR64Loader Object)
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} http://messenger.zon...MineSweeper.cab (Minesweeper Flags Class)
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} http://www.arcadetow...nx.1.0.0.55.cab (CPlayFirstTriJinxControl Object)
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} http://www.pestscan....r/axscanner.cab (PPSDKActiveXScanner.MainScreen)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} http://download.yaho...s/yinst0309.cab (YInstStarter Class)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ontent/opuc.cab (Office Update Installation Engine)
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} http://www.reflexive...bGameLoader.cab (WebGameLoader Class)
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} http://www.webshots....SDownloader.ocx (WSDownloader Control)
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} http://a1540.g.akama...meInstaller.exe (Reg Error: Key error.)
O16 - DPF: {638AF6A2-81A1-4655-9FFA-9FC09CDE22CF} http://www.pestscan....er/ppctlcab.cab (CScanner Object)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://www.arcadetow...mjolauncher.cab (MJLauncherCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zon...StatsClient.cab (MessengerStatsClient Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupd...7918.6696296296 (Reg Error: Key error.)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://game16.zylomg...gamesplayer.cab (Zylom Games Player)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} http://game19.zylomg...zylomloader.cab (Zylom Loader Object)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O16 - DPF: RaptisoftGameLoader http://www.miniclip....tgameloader.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - File not found
O18 - Protocol\Handler\copernicagent {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O18 - Protocol\Handler\copernicagentcache {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll - c:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Geneviève\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Geneviève\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003-10-24 18:45:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{f9569194-fe8a-11dd-847f-000c763f0a18}\Shell - "" = AutoRun
O33 - MountPoints2\{f9569194-fe8a-11dd-847f-000c763f0a18}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: Ip6FwHlp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56027131116781568)

========== Files/Folders - Created Within 30 Days ==========

[2011-03-31 11:15:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Geneviève\Bureau\RK_Quarantine
[2011-03-31 11:13:51 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Geneviève\Bureau\OTL.exe
[2011-03-31 02:22:04 | 001,008,128 | ---- | C] (Defender Software) -- C:\Documents and Settings\Geneviève\Application Data\defender.exe
[2011-03-26 22:18:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\iTunes
[2011-03-26 22:17:02 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011-03-26 22:16:59 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011-03-26 19:23:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2011-03-16 09:00:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Geneviève\Menu Démarrer\Programmes\Microsoft Office
[2011-03-13 17:21:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2011-03-07 08:51:05 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Geneviève\Mes documents\Téléchargements
[2011-03-06 11:14:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Microsoft Office
[2011-03-06 11:14:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011-03-06 11:11:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Geneviève\Local Settings\Application Data\Microsoft Help
[2011-03-06 11:11:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office 2007
[2011-03-06 11:11:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2011-03-06 11:10:36 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011-03-04 16:37:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Geneviève\Application Data\AVS4YOU
[2011-03-04 13:17:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
[2011-03-04 13:10:19 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\AVSMedia
[2011-03-04 13:09:10 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
[2011-03-03 17:55:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Geneviève\Application Data\Apple Computer
[2011-03-03 17:52:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011-03-03 17:51:14 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011-03-03 17:50:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Geneviève\Local Settings\Application Data\Apple
[2011-03-03 17:50:37 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011-03-03 17:49:51 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011-03-03 17:49:36 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Apple
[2011-03-03 17:49:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2011-03-03 17:49:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Geneviève\Local Settings\Application Data\Apple Computer
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011-03-31 11:25:26 | 000,000,440 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E9C2CDC8-43ED-4FB9-BE7A-C4DBE5C55888}.job
[2011-03-31 11:17:54 | 000,013,056 | -HS- | M] () -- C:\Documents and Settings\Geneviève\Local Settings\Application Data\q8d0koh7sty104n886j5381r151ce1n85cl3o47
[2011-03-31 11:17:54 | 000,013,056 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\q8d0koh7sty104n886j5381r151ce1n85cl3o47
[2011-03-31 11:10:28 | 001,042,944 | ---- | M] () -- C:\Documents and Settings\Geneviève\Bureau\RogueKiller.exe
[2011-03-31 11:07:11 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011-03-31 11:06:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011-03-31 11:06:39 | 1073,270,784 | -HS- | M] () -- C:\hiberfil.sys
[2011-03-31 11:03:17 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Geneviève\Bureau\OTL.exe
[2011-03-31 02:22:04 | 001,008,128 | ---- | M] (Defender Software) -- C:\Documents and Settings\Geneviève\Application Data\defender.exe
[2011-03-30 19:05:25 | 000,331,776 | -HS- | M] () -- C:\Documents and Settings\Geneviève\Local Settings\Application Data\tsj.exe
[2011-03-30 19:05:25 | 000,331,776 | -HS- | M] () -- C:\Documents and Settings\Geneviève\Local Settings\Application Data\jaa.exe
[2011-03-29 22:33:28 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Geneviève\Application Data\4.ini
[2011-03-26 19:23:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011-03-20 15:32:13 | 000,163,328 | ---- | M] () -- C:\Documents and Settings\Geneviève\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-03-17 08:04:58 | 000,270,984 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011-03-13 08:42:53 | 000,513,178 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2011-03-13 08:42:53 | 000,444,126 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011-03-13 08:42:53 | 000,364,414 | ---- | M] () -- C:\WINDOWS\System32\perfh040.dat
[2011-03-13 08:42:53 | 000,085,502 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2011-03-13 08:42:53 | 000,072,002 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011-03-13 08:42:52 | 000,046,772 | ---- | M] () -- C:\WINDOWS\System32\perfc040.dat
[2011-03-09 15:01:54 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011-03-07 10:44:14 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\Geneviève\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2011-03-04 16:58:07 | 000,000,578 | ---- | M] () -- C:\WINDOWS\M3JPEG.INI
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011-03-31 11:13:46 | 001,042,944 | ---- | C] () -- C:\Documents and Settings\Geneviève\Bureau\RogueKiller.exe
[2011-03-30 19:05:27 | 000,013,056 | -HS- | C] () -- C:\Documents and Settings\Geneviève\Local Settings\Application Data\q8d0koh7sty104n886j5381r151ce1n85cl3o47
[2011-03-30 19:05:27 | 000,013,056 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\q8d0koh7sty104n886j5381r151ce1n85cl3o47
[2011-03-30 19:05:25 | 000,331,776 | -HS- | C] () -- C:\Documents and Settings\Geneviève\Local Settings\Application Data\jaa.exe
[2011-03-30 19:05:24 | 000,331,776 | -HS- | C] () -- C:\Documents and Settings\Geneviève\Local Settings\Application Data\tsj.exe
[2011-03-29 22:33:28 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Geneviève\Application Data\4.ini
[2011-03-26 08:55:10 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Mozilla Firefox.lnk
[2011-03-06 12:17:05 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\Geneviève\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2011-03-03 17:50:40 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010-12-31 10:05:36 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010-02-02 18:58:32 | 000,000,038 | ---- | C] () -- C:\WINDOWS\webica.ini
[2009-12-25 13:00:32 | 000,000,106 | ---- | C] () -- C:\WINDOWS\Antidote7.ini
[2009-10-27 16:47:24 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2009-10-08 08:29:49 | 000,000,341 | ---- | C] () -- C:\WINDOWS\svupd.exe
[2009-09-12 17:42:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ResortingToDanger.INI
[2009-08-14 11:26:47 | 000,311,296 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2009-08-14 11:26:47 | 000,290,918 | ---- | C] () -- C:\WINDOWS\System32\Install7x.dll
[2009-08-14 11:26:45 | 000,002,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\rt73.bin
[2009-06-14 15:49:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2009-05-17 17:22:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Curses.INI
[2009-04-01 14:52:56 | 001,019,872 | ---- | C] () -- C:\WINDOWS\dbplugin.exe
[2009-03-25 16:07:30 | 000,233,552 | ---- | C] () -- C:\WINDOWS\System32\DMLEng.dll
[2009-03-20 11:11:06 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009-03-20 11:10:56 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009-03-20 11:10:44 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009-03-12 14:50:11 | 000,000,148 | -H-- | C] () -- C:\WINDOWS\System32\WN125047.bin
[2009-01-21 02:20:21 | 000,000,148 | -H-- | C] () -- C:\WINDOWS\AC841540.bin
[2008-02-04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2008-01-14 18:42:36 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\imon1.dat
[2007-12-31 10:53:16 | 000,182,995 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2007-11-25 19:43:57 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2007-11-01 23:39:00 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2007-11-01 23:39:00 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2007-11-01 23:39:00 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2007-07-21 17:18:31 | 000,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007-07-21 17:18:31 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007-02-06 17:45:04 | 000,025,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2007-02-06 17:42:40 | 001,691,808 | ---- | C] () -- C:\WINDOWS\System32\drivers\Lvckap.sys
[2007-01-28 16:53:01 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007-01-24 19:22:46 | 000,000,042 | ---- | C] () -- C:\WINDOWS\AlchemyMindworksUpdateList.INI
[2007-01-24 19:21:51 | 000,212,992 | ---- | C] () -- C:\WINDOWS\ALCHUNIN.EXE
[2006-12-01 19:34:16 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\PhysXLoader.dll
[2006-11-23 13:27:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Game.INI
[2006-11-22 12:37:08 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2006-11-22 12:37:08 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2006-11-22 12:37:08 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2006-11-22 12:37:08 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2006-11-22 12:37:08 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2006-11-22 12:37:08 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2006-11-22 12:37:08 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2006-11-22 12:37:08 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2006-11-22 12:37:08 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2006-09-02 01:03:12 | 000,000,391 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2006-07-06 22:35:59 | 000,012,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\lilsgt.sys
[2006-06-30 21:16:58 | 000,271,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2006-06-30 21:16:58 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2006-06-30 21:04:45 | 000,096,384 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd2621.sys
[2006-06-03 16:55:36 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005-10-22 01:25:49 | 000,137,344 | ---- | C] () -- C:\WINDOWS\System32\drivers\litsgt.sys
[2005-10-22 01:25:48 | 000,012,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\tansgt.sys
[2005-10-14 19:43:32 | 000,030,464 | ---- | C] () -- C:\WINDOWS\macromix.dll
[2005-09-01 12:44:03 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2005-09-01 12:43:47 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\BJAXSecurityManager.dll
[2005-09-01 12:43:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\BJInstaller.dll
[2005-01-25 20:59:24 | 000,000,010 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2004-09-22 09:30:56 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004-08-06 16:04:02 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2004-08-06 16:04:02 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2004-04-22 19:04:02 | 000,000,234 | ---- | C] () -- C:\WINDOWS\pcdform_icc.ini
[2004-04-16 11:31:28 | 000,000,173 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2004-04-16 11:31:16 | 000,040,129 | ---- | C] () -- C:\WINDOWS\iccsigs.dat
[2004-04-16 11:31:11 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2004-03-27 11:52:43 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\InstMed.exe
[2004-03-27 11:52:38 | 000,050,127 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2004-03-27 05:51:07 | 000,000,578 | ---- | C] () -- C:\WINDOWS\M3JPEG.INI
[2004-03-27 00:01:48 | 000,000,033 | ---- | C] () -- C:\WINDOWS\LVMMail.INI
[2004-03-26 23:13:29 | 000,000,241 | ---- | C] () -- C:\WINDOWS\QSync.INI
[2004-03-26 23:12:42 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\liplW7.dll
[2004-03-26 23:12:42 | 000,290,816 | ---- | C] () -- C:\WINDOWS\System32\liplA6.dll
[2004-03-26 23:12:42 | 000,278,528 | ---- | C] () -- C:\WINDOWS\System32\liplPX.dll
[2004-03-26 23:12:42 | 000,278,528 | ---- | C] () -- C:\WINDOWS\System32\liplP6.dll
[2004-03-26 23:12:42 | 000,278,528 | ---- | C] () -- C:\WINDOWS\System32\liplM6.dll
[2004-03-26 23:12:42 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\lipl.dll
[2004-03-21 14:07:59 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004-03-20 16:08:10 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2004-03-20 16:08:09 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2004-03-20 16:08:06 | 001,900,544 | ---- | C] () -- C:\WINDOWS\System32\cmiwcnfg.dll
[2004-03-20 16:08:06 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.exe
[2004-03-20 16:08:06 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2004-03-20 16:08:05 | 000,258,048 | ---- | C] () -- C:\WINDOWS\CMIUninstall.exe
[2004-03-20 16:08:05 | 000,212,992 | ---- | C] () -- C:\WINDOWS\CmiRmRedundDir.exe
[2004-03-20 16:08:05 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll
[2004-03-15 20:05:18 | 000,003,580 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2004-02-29 13:28:00 | 000,163,328 | ---- | C] () -- C:\Documents and Settings\Geneviève\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004-02-17 12:26:33 | 000,000,400 | ---- | C] () -- C:\WINDOWS\Belt.ini
[2004-02-05 15:04:05 | 000,364,414 | ---- | C] () -- C:\WINDOWS\System32\perfh040.dat
[2004-02-05 15:04:05 | 000,046,772 | ---- | C] () -- C:\WINDOWS\System32\perfc040.dat
[2004-02-03 14:52:27 | 000,000,030 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2003-12-11 15:36:14 | 000,000,218 | ---- | C] () -- C:\WINDOWS\Antidote.ini
[2003-12-04 13:44:33 | 000,000,009 | ---- | C] () -- C:\WINDOWS\winhlp32.ini
[2003-12-04 13:44:33 | 000,000,009 | ---- | C] () -- C:\WINDOWS\winhelp.ini
[2003-12-04 13:43:00 | 000,017,552 | ---- | C] () -- C:\WINDOWS\System32\TTYTWIN.DRV
[2003-12-04 13:33:16 | 000,000,010 | ---- | C] () -- C:\WINDOWS\evypaths.bin
[2003-11-20 12:08:38 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Geneviève\Local Settings\Application Data\fusioncache.dat
[2003-11-10 12:29:17 | 000,000,702 | ---- | C] () -- C:\WINDOWS\WTAPI.INI
[2003-11-10 12:29:17 | 000,000,242 | ---- | C] () -- C:\WINDOWS\XREF.INI
[2003-11-10 12:29:17 | 000,000,153 | ---- | C] () -- C:\WINDOWS\crfewin.ini
[2003-11-10 12:29:17 | 000,000,128 | ---- | C] () -- C:\WINDOWS\crefwin.ini
[2003-11-10 11:20:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2003-11-08 12:13:21 | 000,109,967 | ---- | C] () -- C:\WINDOWS\CopernicAgentUninstall.exe
[2003-11-07 19:21:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\netscape.INI
[2003-11-07 19:19:09 | 000,706,459 | ---- | C] () -- C:\WINDOWS\cd32.exe
[2003-11-07 14:23:31 | 000,035,188 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2003-11-07 14:22:50 | 000,009,553 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2003-11-07 12:21:25 | 000,106,047 | ---- | C] () -- C:\WINDOWS\System32\NWNETAPI.DLL
[2003-11-07 12:21:25 | 000,035,308 | ---- | C] () -- C:\WINDOWS\System32\NWIPXSPX.DLL
[2003-11-07 12:07:50 | 000,000,278 | ---- | C] () -- C:\WINDOWS\PR1V2.INI
[2003-11-07 11:38:49 | 000,002,376 | ---- | C] () -- C:\WINDOWS\Dtla.ini
[2003-11-07 11:38:48 | 000,001,027 | ---- | C] () -- C:\WINDOWS\Dtgr.ini
[2003-11-07 11:38:47 | 000,001,792 | ---- | C] () -- C:\WINDOWS\Dtcsg.ini
[2003-11-07 11:38:47 | 000,000,319 | ---- | C] () -- C:\WINDOWS\Dtsearch.ini
[2003-11-07 10:08:18 | 000,000,861 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003-10-27 11:52:47 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
[2003-10-24 19:02:38 | 000,012,288 | R--- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2003-10-24 18:47:02 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2003-10-24 18:42:57 | 000,021,892 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003-10-24 13:36:43 | 000,004,394 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003-10-24 13:35:15 | 000,270,984 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003-04-24 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003-04-24 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003-04-24 08:00:00 | 000,513,178 | ---- | C] () -- C:\WINDOWS\System32\perfh00C.dat
[2003-04-24 08:00:00 | 000,444,126 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003-04-24 08:00:00 | 000,322,810 | ---- | C] () -- C:\WINDOWS\System32\perfi00C.dat
[2003-04-24 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003-04-24 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003-04-24 08:00:00 | 000,085,502 | ---- | C] () -- C:\WINDOWS\System32\perfc00C.dat
[2003-04-24 08:00:00 | 000,072,002 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003-04-24 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003-04-24 08:00:00 | 000,034,108 | ---- | C] () -- C:\WINDOWS\System32\perfd00C.dat
[2003-04-24 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003-04-24 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003-04-24 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003-04-24 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003-01-21 02:20:21 | 000,000,140 | -H-- | C] () -- C:\WINDOWS\AJ820503.bin
[2003-01-21 02:20:21 | 000,000,084 | -H-- | C] () -- C:\WINDOWS\AK001435.bin
[1999-01-27 14:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997-09-18 01:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1997-09-18 01:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997-09-18 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1997-06-13 08:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2009-08-30 15:43:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2010-05-28 14:01:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bell
[2010-01-25 10:13:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\blg
[2011-02-06 18:27:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elephant Games
[2010-12-29 17:22:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2011-01-22 17:23:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2011-01-13 18:05:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2011-02-06 15:30:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\gogii
[2010-08-29 10:25:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Le Robert
[2010-02-11 17:55:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2010-08-11 17:02:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Particles
[2010-10-03 16:32:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2010-03-14 12:51:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PoBros
[2005-02-17 18:59:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2010-05-21 11:47:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Radialpoint
[2011-02-12 16:46:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScreenSeven
[2007-08-11 15:57:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games
[2010-08-20 11:10:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SulusGames
[2011-02-06 12:51:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2004-03-02 17:46:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007-12-22 13:51:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2007-07-18 15:15:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2011-03-03 17:54:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010-10-03 16:30:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Geneviève\Application Data\A Gypsy's Tale - La Tour des Secrets
[2010-10-31 15:56:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Geneviève\Application Data\Aerohills
[2010-06-05 10:40:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Geneviève\Application Data\Alawar Entertainment
[2011-01-24 14:56:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Geneviève\Application Data\Artifex Mundi
[2011-03-30 19:05:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Geneviève\Application Data\Azureus
[2010-05-28 14:01:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Geneviève\Application Data\Bell
[2010-09-15 16:46:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Geneviève\Application Data\Big Fish Games
[2011-02-01 18:06:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Geneviève\Application Data\Boolat Games
[2010-08-19 15:02:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Geneviève\Application Data\Boomzap
[2003-11-08 12:13:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Geneviève\Application Data\Copernic
[2010-12-26 17:50:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Geneviève\Application Data\Coyotes Tale
[2006-04-29 22:16:49 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Geneviève\Application Data\CrystalSpace
[2010-06-08 16:37:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Geneviève\Application Data\DarkParablesBriarRose_BFG
[2006-12-11 18:27:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Geneviève\Application Data\Druide
[2011-02-06 18:27:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Geneviève\Application Data\Elephant Games
[2009-10-10 09:07:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Geneviève\Application Data\Enki Games
[2010-10-16 15:33:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Geneviève\Application Data\Enlightenus2SE_BFG
[2010-08-28 14:35:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Geneviève\Application Data\ERS G-Studio
[2011-01-15 18:34:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Geneviève\Application Data\ERS Game Studios
[2010-11-18 18:28:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Geneviève\Application Data\Flood Light Games
[2010-12-19 16:56:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Geneviève\Application Data\Floodlight Games
[2010-12-24 11:25:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Geneviève\Application Data\Freeze Tag
[2010-12-25 14:48:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Geneviève\Application Data\Frogwares
[2010-06-21 15:54:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Geneviève\Application Data\Fugazo
[2011-01-10 18:34:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Geneviève\Application Data\GameHouse
[2010-11-09 16:52:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Geneviève\Application Data\Games
[2011-01-30 12:51:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Geneviève\Application Data\Ghost Ship Studios
[2011-02-06 15:30:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Geneviève\Application Data\gogii
[2010-06-06 13:23:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Geneviève\Application Data\Green Clover Games
[2010-10-27 14:55:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Geneviève\Application Data\HdO Adventure
[2010-02-03 10:43:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Geneviève\Application Data\ICAClient
[2010-08-06 12:55:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Geneviève\Application Data\Immortal Lovers
[2009-09-25 10:28:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Geneviève\Application Data\IronCode
[2010-11-16 18:13:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Geneviève\Application Data\KranX Productions
[2010-01-31 08:59:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Geneviève\Application Data\LegacyInteractive
[2011-01-14 17:40:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Geneviève\Application Data\MA2
[2010-03-26 19:02:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Geneviève\Application Data\Magic Academy 2
[2010-03-28 12:33:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Geneviève\Application Data\MastersOfMystery2
[2010-03-14 18:05:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Geneviève\Application Data\Merscom
[2011-01-16 15:20:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Geneviève\Application Data\Mystery of Mortlake Mansion
[2011-01-04 18:30:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Geneviève\Application Data\Odian Games
[2008-09-29 10:37:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Geneviève\Application Data\OfficeUpdate12
[2010-09-20 10:42:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Geneviève\Application Data\Orneon
[2009-10-11 12:31:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Geneviève\Application Data\Ph03nixNewMedia
[2010-10-03 16:32:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Geneviève\Application Data\PlayFirst
[2010-12-15 11:48:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Geneviève\Application Data\PlayPond
[2010-03-14 12:51:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Geneviève\Application Data\PoBros
[2010-06-01 16:20:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Geneviève\Application Data\QB9
[2010-12-18 15:36:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Geneviève\Application Data\quickclick
[2006-04-20 09:17:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Geneviève\Application Data\Raptisoft
[2005-10-31 17:37:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Geneviève\Application Data\Retro64 Computer Games
[2011-02-12 16:46:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Geneviève\Application Data\ScreenSeven
[2010-09-07 14:07:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Geneviève\Application Data\SevenSails
[2004-12-16 10:36:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Geneviève\Application Data\Shockwave Player
[2010-11-02 16:37:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Geneviève\Application Data\Specialbit
[2009-10-30 16:59:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Geneviève\Application Data\SpinTop Games
[2010-08-20 11:10:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Geneviève\Application Data\SulusGames
[2010-10-29 15:53:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Geneviève\Application Data\ThreeDays2
[2010-10-13 17:38:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Geneviève\Application Data\TikisLab
[2010-10-23 16:22:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Geneviève\Application Data\TOMI2.THE GATES OF FATE
[2010-08-22 13:31:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Geneviève\Application Data\Top Evidence
[2011-02-16 17:47:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Geneviève\Application Data\Total Eclipse
[2009-10-27 16:47:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Geneviève\Application Data\Twintale Entertainment
[2009-11-09 15:26:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Geneviève\Application Data\V-Games
[2010-01-01 14:23:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Geneviève\Application Data\Valusoft
[2009-10-08 11:05:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Geneviève\Application Data\VampireSaga
[2010-09-05 13:58:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Geneviève\Application Data\Vast Studios
[2010-10-10 12:33:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Geneviève\Application Data\Vogat Interactive
[2005-08-16 11:15:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Geneviève\Application Data\Webshots
[2011-02-12 10:35:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Geneviève\Application Data\World-LooM
[2006-05-06 15:52:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Geneviève\Application Data\Zylom
[2010-06-25 09:52:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Geneviève\Application Data\Zylomv1001
[2011-03-31 11:25:26 | 000,000,440 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{E9C2CDC8-43ED-4FB9-BE7A-C4DBE5C55888}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2004-08-19 19:09:53 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=2A7BD330924252A2FD80344FC949BB72 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2007-06-13 09:10:53 | 001,037,312 | ---- | M] (Microsoft Corporation) MD5=B795475444D6D57A572C14B9E1A29839 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007-06-13 09:22:28 | 001,037,312 | ---- | M] (Microsoft Corporation) MD5=D0288319660EDCFED07C7E74C4EA38A5 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008-04-13 22:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\explorer.exe
[2008-04-13 22:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008-04-13 22:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\explorer.exe

< MD5 for: SVCHOST.EXE >
[2004-08-19 19:10:03 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=2979B03D5382A602623C0535B16AB9C0 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
[2008-04-13 22:34:23 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=E4BDF223CD75478BF44567B4D5C2634D -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008-04-13 22:34:23 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=E4BDF223CD75478BF44567B4D5C2634D -- C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\svchost.exe
[2008-04-13 22:34:23 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=E4BDF223CD75478BF44567B4D5C2634D -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2004-08-19 19:10:03 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=84717891F0734C611721F56C60B5FBC3 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008-04-13 22:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008-04-13 22:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\userinit.exe
[2008-04-13 22:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004-08-19 19:10:04 | 000,506,368 | ---- | M] (Microsoft Corporation) MD5=123EEA158F74D0F67A51DCDF065D1091 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008-04-13 22:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008-04-13 22:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\winlogon.exe
[2008-04-13 22:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC0A74A1
@Alternate Data Stream - 165 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E684AC9
@Alternate Data Stream - 156 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0AC32449
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:861A898F
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2E0A3B1D
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:700B9342
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C30487EE
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A819A132
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B9195993
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AA6C7C38
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E0F0F1BE
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B1EA607
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8924043A
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BB8B6B1E
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:609CAC7C
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F8F070C2
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:109734F6
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B4980368
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8DF68137
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:57B2B96C
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:774A0E14
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AABCC5A7
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A3B8F70C
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E3CEEC4C

< End of report >
  • 0

#4
Kashink
Posted 31 March 2011 - 09:48 AM

Kashink

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
OTL Extras:

OTL Extras logfile created on: 31-03-11 11:26:33 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Geneviève\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: dd-MM-yy

1 023,00 Mb Total Physical Memory | 607,00 Mb Available Physical Memory | 59,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 88,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465,76 Gb Total Space | 392,63 Gb Free Space | 84,30% Space Free | Partition Type: NTFS
Drive E: | 1,07 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: GR | User Name: Geneviève | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
"C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe:*:Enabled:mbamservice.exe -- (Malwarebytes Corporation)
"C:\Program Files\Nortel Networks\Extranet.exe" = C:\Program Files\Nortel Networks\Extranet.exe:*:Enabled:Contivity VPN Client
"C:\Documents and Settings\Geneviève\Local Settings\Temp\7zSE3E.tmp\SymNRT.exe" = C:\Documents and Settings\Geneviève\Local Settings\Temp\7zSE3E.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool
"C:\Program Files\OpenVPN\bin\openvpn.exe" = C:\Program Files\OpenVPN\bin\openvpn.exe:*:Enabled:openvpn
"C:\Program Files\Le Robert\Le Petit Robert 2010\RobertHA.exe" = C:\Program Files\Le Robert\Le Petit Robert 2010\RobertHA.exe:*:Enabled:Le Petit Robert Hyperappel -- (Dictionnaire Le Robert)
"C:\Program Files\Le Robert\Le Grand Robert & Collins\GRCHA.exe" = C:\Program Files\Le Robert\Le Grand Robert & Collins\GRCHA.exe:*:Enabled:Le Grand Robert & Collins Hyperappel -- (Dictionnaire Le Robert)
"C:\Program Files\Le Robert\Le Grand Robert & Collins\GRC2009.exe" = C:\Program Files\Le Robert\Le Grand Robert & Collins\GRC2009.exe:*:Enabled:Le Grand Robert & Collins -- (Le Robert)
"C:\Program Files\Le Robert\Le Petit Robert 2010\prnet.exe" = C:\Program Files\Le Robert\Le Petit Robert 2010\prnet.exe:*:Enabled:Le Petit Robert 2010 -- (Dictionnaire Le Robert)
"C:\Program Files\Azureus\Azureus.exe" = C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.)
"C:\Program Files\Microsoft Office 2007\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office 2007\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 17
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{30A01D71-86B1-4C24-8B1B-F9CCBDE094CC}" = TreeComp
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{4324BC93-C82F-ED16-BA86-5E34B9E05303}" = ccc-core-static
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Visionneuse Journal Windows Microsoft
"{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live
"{49D70E70-23CB-4BE5-8A67-8770F6B1BB2F}" = Microsoft Carioca
"{4ED118EE-785C-CC18-5D2E-D5CA4BAA03F0}" = Catalyst Control Center Graphics Full New
"{539475B7-44B7-8B0A-134C-F01B9C8B7569}" = ccc-core-preinstall
"{56CDB4FE-895F-4E0D-8BB4-9A8D4310898D}" = Antidote HD
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.76
"{58CA56FB-F33E-4CE2-B2EA-EA0BFC96AF0A}" = RPS CRT
"{5A0C892E-FD1C-4203-941E-0956AED20A6A}" = APC PowerChute Personal Edition
"{5AC7AE54-55DF-1126-076C-623F008D40B6}" = Catalyst Control Center Graphics Full Existing
"{5DD76286-9BE7-4894-A990-E905E91AC818}" = Windows Live Mail
"{6351D217-3EE3-1967-29BE-6A77635FE485}" = Skins
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69BA7792-853B-45A3-A29F-539C0D7A2A62}" = Myst Uru - The Path of the Shell
"{6AB9CD3A-F91F-233B-923B-6C59BA63524D}" = Catalyst Control Center HydraVision Full
"{7032E73F-68A0-48F9-8100-E70E79169BAE}" = AGEIA PhysX v6.12.02
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger
"{7D2370AC-D8E6-4996-986A-19824F8A167C}" = Logitech QuickCam
"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85A91C22-C369-FCFB-5F1F-D59EB21AD0E1}" = CCC Help English
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-040C-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (French) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_PROPLUS_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_PROPLUS_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_PROPLUS_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9112040C-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard
"{91B323B5-A79C-4D23-BD6D-046C565F9BCF}" = MadOnion.com/3DMark2001 SE
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6D0140F-E62F-9D1E-2408-9CFF91FF6FC8}" = ccc-utility
"{AC76BA86-7AD7-1036-7B44-A82000000003}" = Adobe Reader 8.2.6 - Français
"{B468AE7B-C667-4073-BED8-EAD17D5EE08C}" = TL-WN321G Wireless Utility
"{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C44A7422-E380-44BE-79FE-1C032D8A03A7}" = Catalyst Control Center Core Implementation
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D6A48C7F-A0F8-46A5-A1ED-F45A62FE93BF}" = Visuel intégré
"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E5D24929-91A4-B0A1-DE00-AFC453921EF7}" = Catalyst Control Center Graphics Light
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E6C09BFB-BA75-15C7-5B18-A2CE31C4F42B}" = Catalyst Control Center Graphics Previews Common
"{E8B7AF9A-6DB8-471D-ACEA-E2310FA190FE}" = ESET NOD32 Antivirus
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = Extension HighMAT pour l'Assistant Graver un CD de Microsoft Windows XP
"8461-7759-5462-8226" = Vuze
"Ad-aware 6 Personal" = Ad-aware 6 Personal
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 5.5" = Adobe Photoshop 5.5
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Recorder_is1" = AVS Video Recorder 2.4
"AVS Video ReMaker_is1" = AVS Video ReMaker 3.1.2.102
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 7
"Azureus" = Azureus
"C-Media Audio" = C-Media 3D Audio
"Copernic Agent Basic" = Copernic Agent Basic
"CopernicDesktopSearch2" = Copernic Desktop Search 2
"FileMaker Pro 4.0" = FileMaker Pro 4.0
"GRCDVD" = Le Grand Robert & Collins
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.7.0 (Full)
"Le Corps humain" = Le Corps humain
"Luxor Amun Rising with Luxor" = Luxor Amun Rising with Luxor
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 4.0 (x86 fr)" = Mozilla Firefox 4.0 (x86 fr)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Multidictionnaire" = Multidictionnaire
"Nancy Drew Dossier - Resorting to Danger_is1" = Nancy Drew Dossier - Resorting to Danger
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OpenAL" = OpenAL
"PowerISO" = PowerISO
"PR1CD2010" = Le Petit Robert 2010
"PROPLUS" = Microsoft Office Professional Plus 2007
"PROSet" = Intel® PRO Network Adapters and Drivers
"PuppetShow Mystery of Joyville 1.00" = PuppetShow Mystery of Joyville 1.00
"QcDrv" = Programme de gestion Camera de Logitech®
"Shockwave" = Shockwave
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.2
"The Lost Cases of Sherlock Holmes 2 1.00" = The Lost Cases of Sherlock Holmes 2 1.00
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Webshots Desktop" = Webshots Desktop
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media 11
"Windows XP Service" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Installation Windows Live
"WinRAR archiver" = Archiveur WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 18-03-11 12:38:27 | Computer Name = GR | Source = Microsoft Office 10 | ID = 1000
Description = Faulting application winword.exe, version 10.0.6866.0, faulting module
ntdll.dll, version 5.1.2600.6055, fault address 0x0004487f.

Error - 18-03-11 12:38:38 | Computer Name = GR | Source = Microsoft Office 10 | ID = 1001
Description = Fault bucket -1982885259.

Error - 20-03-11 12:57:12 | Computer Name = GR | Source = Application Hang | ID = 1002
Description = Application bloquée firefox.exe, version 1.9.2.4079, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 20-03-11 12:57:19 | Computer Name = GR | Source = Application Hang | ID = 1001
Description = Détecteur d'erreurs -1956079433.

Error - 20-03-11 13:22:39 | Computer Name = GR | Source = Application Hang | ID = 1002
Description = Application bloquée firefox.exe, version 1.9.2.4079, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 20-03-11 13:22:40 | Computer Name = GR | Source = Application Error | ID = 1000
Description = Application défaillante plugin-container.exe, version 1.9.2.4079,
module défaillant ntdll.dll, version 5.1.2600.6055, adresse de défaillance 0x0000100b.

Error - 28-03-11 15:48:44 | Computer Name = GR | Source = Application Error | ID = 1000
Description = Application défaillante antido32.exe, version 7.5.7006.0, module défaillant
antido32.exe, version 7.5.7006.0, adresse de défaillance 0x00472d59.

Error - 28-03-11 15:48:48 | Computer Name = GR | Source = Application Error | ID = 1000
Description = Application défaillante antido32.exe, version 7.5.7006.0, module défaillant
antido32.exe, version 7.5.7006.0, adresse de défaillance 0x00472d59.

Error - 28-03-11 15:48:54 | Computer Name = GR | Source = Application Error | ID = 1001
Description = Détecteur d'erreurs -1978931401.

Error - 28-03-11 15:51:56 | Computer Name = GR | Source = Application Hang | ID = 1002
Description = Application bloquée WINWORD.EXE, version 10.0.6866.0, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

[ System Events ]
Error - 31-03-11 08:13:58 | Computer Name = GR | Source = Service Control Manager | ID = 7000
Description = Le service ithsgt n'a pas pu démarrer en raison de l'erreur : %%2

Error - 31-03-11 08:16:29 | Computer Name = GR | Source = Service Control Manager | ID = 7000
Description = Le service ithsgt n'a pas pu démarrer en raison de l'erreur : %%2

Error - 31-03-11 08:26:27 | Computer Name = GR | Source = Service Control Manager | ID = 7000
Description = Le service ithsgt n'a pas pu démarrer en raison de l'erreur : %%2

Error - 31-03-11 08:31:06 | Computer Name = GR | Source = Service Control Manager | ID = 7000
Description = Le service ithsgt n'a pas pu démarrer en raison de l'erreur : %%2

Error - 31-03-11 10:10:45 | Computer Name = GR | Source = Service Control Manager | ID = 7000
Description = Le service ithsgt n'a pas pu démarrer en raison de l'erreur : %%2

Error - 31-03-11 10:15:47 | Computer Name = GR | Source = Service Control Manager | ID = 7000
Description = Le service ithsgt n'a pas pu démarrer en raison de l'erreur : %%2

Error - 31-03-11 10:23:47 | Computer Name = GR | Source = Service Control Manager | ID = 7000
Description = Le service ithsgt n'a pas pu démarrer en raison de l'erreur : %%2

Error - 31-03-11 10:37:46 | Computer Name = GR | Source = Service Control Manager | ID = 7000
Description = Le service ithsgt n'a pas pu démarrer en raison de l'erreur : %%2

Error - 31-03-11 11:00:43 | Computer Name = GR | Source = Service Control Manager | ID = 7000
Description = Le service ithsgt n'a pas pu démarrer en raison de l'erreur : %%2

Error - 31-03-11 11:07:04 | Computer Name = GR | Source = Service Control Manager | ID = 7000
Description = Le service ithsgt n'a pas pu démarrer en raison de l'erreur : %%2


< End of report >
  • 0

#5
Kashink
Posted 31 March 2011 - 12:37 PM

Kashink

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Hi,

After doing the above, I went ahead, updated Malware and ran it, then I deleted the files Malware considered to be the source of the infection. Here is the Malware log report, but I also do have two questions.

1. Can I consider my pc to be clean at this point?

2. I had a lot of trouble because not only could I not start any program at all, but I couldn't boot winxp in safe mode. Pressing F8 did not work, whether I pressed it once and kept it down or pressed it repeatedly. I also tried restarting with the hard reset button and did get to the Safe Mode "menu", but then the arrow keys on the keyboard did not respond. On my laptop, it's different, because I always get the Safe Mode "menu" every time winxp boots. My question is, what can I do to get that Safe Mode menu at every startup on my pc?

Thanks.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Version de la base de données: 6228

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

31-03-11 14:26:04
mbam-log-2011-03-31 (14-25-57).txt

Type d'examen: Examen complet (C:\|)
Elément(s) analysé(s): 286840
Temps écoulé: 54 minute(s), 26 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 5
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 8

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Geneviève\Local Settings\Application Data\jaa.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CLASSES_ROOT\exefile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: () Good: ("%1" %*) -> No action taken.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\documents and settings\geneviève\mes documents\réception\programmes\iPhone\RINGER\CORE10k.EXE (Dont.Steal.Our.Software) -> No action taken.
c:\documents and settings\geneviève\application data\defender.exe (Rogue.Installer.Gen) -> No action taken.
c:\documents and settings\geneviève\application data\Sun\Java\deployment\cache\6.0\26\1e758e5a-2f2f9577 (Trojan.Agent) -> No action taken.
c:\documents and settings\geneviève\Bureau\rk_quarantine\defender.exe.vir (Rogue.Installer.Gen) -> No action taken.
c:\documents and settings\geneviève\Bureau\rk_quarantine\jaa.exe.vir (Trojan.Agent) -> No action taken.
c:\documents and settings\geneviève\local settings\application data\tsj.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\geneviève\local settings\Temp\0.16435057487863391.exe (Rogue.Installer) -> No action taken.
c:\system volume information\_restore{3a3379ff-ad62-42fd-933e-305f5b2335cc}\RP2349\A0366329.exe (Trojan.Agent) -> No action taken.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP