Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Computer infected with virus "Gendarmerie nationale"

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Computer infected with virus "Gendarmerie nationale"

Unread postby jujucds » March 11th, 2012, 2:16 pm

Hello,
I recently bought a second hand computer with no antivirus installed. I was browsing on the Internet when a add popup infested my computer with a virus called « Gendarmerie nationale ». This virus blocked my computer and I succeeded in unlocking it looking at an Internet procedure. After that, I installed the Avast antivirus and I made a scan of my computer. There were viruses detected and some of which couldn’t be removed. I tried to come back to a previous System Restore Point and made another virus scan but viruses were still present. I made several scans and I tried to remove the infected files but the viruses at still present. Is there anyone to help me please?
Best regards.

Below the two files dds.txt and attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Édition Familiale Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 19/07/2008 01:52:53
System Uptime: 11/03/2012 17:46:05 (2 hours ago)
.
Motherboard: Quanta | | 30D2
Processor: Intel(R) Pentium(R) Dual CPU T2390 @ 1.86GHz | U2E1 | 1867/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 138 GiB total, 61,062 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 2,375 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Download Assistant
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 8.1.4 - Français
Adobe Shockwave Player
Adobe Shockwave Player 11
AOL Toolbar 5.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.3.13 (Unicode)
avast! Free Antivirus
Babylon toolbar on IE
Badoo Desktop
Bing Bar
Bonjour
Broadcom 802.11 Wireless LAN Adapter
BrowserCompanion
BufferChm
Code de la Route - Objectif Examen
Complément Messenger
Contextual Tool Lightspeedincome
Contrôle ActiveX Windows Live Mesh pour connexions à distance
Copy
CyberLink YouCam
D3DX10
DealPly
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destinations
DeviceDiscovery
DJ_AIO_06_F4500_SW_MIN
DVD Suite
EA SPORTS Game Face Browser Plugin 1.0.0.18
EoRezo 10.3
F4500
Facebook Video Calling 1.1.1.1
Favorit
FIFA 09
FoxTab Video Converter
Galerie de photos Windows Live
GeoGebra
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Customer Participation Program 13.0
HP Deskjet F4500 Printer Driver Software 13.0 Rel .6
HP Doc Viewer
HP Easy Setup - Frontend
HP Help and Support
HP Imaging Device Functions 13.0
HP Print Projects 1.0
HP Quick Launch Buttons 6.30 E1
HP QuickPlay 3.6
HP QuickTouch 1.00 C4
HP Smart Web Printing 4.5
HP Solution Center 13.0
HP Total Care Advisor
HP Update
HP User Guides 0087
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPNetworkAssistant
HPPhotoGadget
hpPrintProjects
HPProductAssistant
HPSSupply
hpWLPGInstaller
iCloud
Iminent
IMinent Toolbar
Intel® Matrix Storage Manager
iTunes
Java Auto Updater
Java(TM) 6 Update 2
Java(TM) 6 Update 22
Junk Mail filter update
K-Lite Codec Pack 4.4.2 (Full)
king.com (remove only)
LabelPrint
LAME v3.99.3 (for Windows)
LightScribe System Software 1.10.13.1
MarketResearch
McAfee Security Scan Plus
Mesh Runtime
Messenger Plus! Live
Microsoft .NET Framework 3.5 Language Pack SP1 - fra
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile FRA Language Pack
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (French) 2010
Microsoft Office Excel MUI (French) 2010
Microsoft Office Famille et Petite Entreprise 2010
Microsoft Office Groove MUI (French) 2010
Microsoft Office InfoPath MUI (French) 2010
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (French) 2010
Microsoft Office Outlook MUI (French) 2010
Microsoft Office PowerPoint MUI (French) 2010
Microsoft Office PowerPoint Viewer 2007 (French)
Microsoft Office Professional Plus 2010
Microsoft Office Professionnel Plus 2010
Microsoft Office Proof (Arabic) 2010
Microsoft Office Proof (Dutch) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (French) 2010
Microsoft Office Publisher MUI (French) 2010
Microsoft Office Shared MUI (French) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (French) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Works
MobileMe Control Panel
Module de compatibilité pour Microsoft Office System 2007
Module linguistique Microsoft .NET Framework 3.5 SP1- fra
Module linguistique Microsoft .NET Framework 4 Client Profile FRA
Motorola SM56 Data Fax Modem
Mozilla Firefox 10.0.2 (x86 fr)
MSN Polygamy 8.1
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.1
Network
Norton Security Scan
NVIDIA Drivers
OpenOffice.org 3.3
Orange - Logiciels Internet
PhotoFiltre
Power2Go
PowerDirector
PVSonyDll
QuickPlay SlingPlayer 0.4.6
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
RealUpgrade 1.1
Registry Mechanic 8.0
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
Safari
SAGEM Wi-Fi 11g USB adapter (pilote)
SAMSUNG Mobile Composite Device Software
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3
Samsung PC Studio 3 USB Driver Installer
Samsung Samples Installer
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
Security Update for Module linguistique Microsoft .NET Framework 4 Client Profile FRA (KB2478663)
Security Update for Module linguistique Microsoft .NET Framework 4 Client Profile FRA (KB2518870)
Segoe UI
Shop for HP Supplies
Skype web features
SmartWebPrinting
Software Informer 1.0 BETA
SoftwareUpdate 1.0
SolutionCenter
SpiderMessenger 1.0
Status
Synaptics Pointing Device Driver
Toolbox
TrayApp
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
Viewpoint Media Player
VirginMega.Fr Premium
VLC media player 1.1.11
WebReg
Windows Live
Windows Live Communications Platform
Windows Live Family Safety
Windows Live FolderShare
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Movie Maker 2.6
Zylom Games Player Plugin
.
==== End Of File ===========================



.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_22
Run by Mathieu at 19:02:44 on 2012-03-11
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.2046.887 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\System32\alg.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Iminent\Iminent.exe
C:\Program Files\Iminent\Iminent.Messengers.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\BrowserCompanion\BCHelper.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Registry Mechanic\RMTray.exe
C:\Program Files\Software Informer\softinfo.exe
C:\Program Files\SpiderMessenger\SpiderMessenger.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\OrangeHSS\systray\systrayapp.exe
C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\FirewallControlPanel.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.iminent.com/?appId=0a6827 ... f=homepage
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Search Class: {08c06d61-f1f3-4799-86f8-be1a89362c85} - c:\program files\orangehss\searchurlhook\SearchPageURL.dll
uURLSearchHooks: H - No File
BHO: Browser Companion Helper: {00cbb66b-1d3b-46d3-9577-323a336acb50} - c:\program files\browsercompanion\jsloader.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Aide pour le lien d'Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - c:\program files\babylontoolbar\babylontoolbar\1.5.3.17\bh\BabylonToolbar.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: TBSB01620 Class: {58124a0b-dc32-4180-9bff-e0e21ae34026} - c:\program files\iminent toolbar\tbcore3.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
BHO: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Browser Companion Helper Verifier: {963b125b-8b21-49a2-a3a8-e37092276531} - c:\program files\browsercompanion\updatebhoWin32.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: IMinent WebBooster (BHO): {a09ab6eb-31b5-454c-97ec-9b294d92ee2a} - c:\program files\iminent\Iminent.WebBooster.InternetExplorer.dll
BHO: DealPly: {a6174f27-1fff-e1d6-a93f-ba48ad5dd448} - c:\program files\dealply\DealPlyIE.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: SpiderMessenger_BHO Class: {ade49752-dbbc-43a3-9498-379a82f574bf} - c:\program files\spidermessenger\SpiderMessenger.BHO.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - c:\program files\babylontoolbar\babylontoolbar\1.5.3.17\BabylonToolbarTlbr.dll
TB: IMinent Toolbar: {977ae9cc-af83-45e8-9e03-e2798216e2d5} - c:\program files\iminent toolbar\tbcore3.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [RegistryMechanic] c:\program files\registry mechanic\RMTray.exe /H
uRun: [Software Informer] "c:\program files\software informer\softinfo.exe" -autorun
uRun: [fsm]
uRun: [RGSC] c:\program files\rockstar games\rockstar games social club\RGSCLauncher.exe /silent
uRun: [ares] "c:\program files\ares\Ares.exe" -h
uRun: [SpiderMessenger] "c:\program files\spidermessenger\SpiderMessenger.exe" -startrun
uRun: [Facebook Update] "c:\users\mathieu\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ejhmkp] "c:\users\mathieu\appdata\local\ejhmkp.exe" ejhmkp
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\1.0"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [WAWifiMessage] c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [ORAHSSSessionManager] "c:\program files\orangehss\sessionmanager\SessionManager.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Iminent] c:\program files\iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
mRun: [IminentMessenger] c:\program files\iminent\Iminent.Messengers.exe /startup
mRun: [Browser companion helper] c:\program files\browsercompanion\BCHelper.exe /T=3 /CHI=ibgfbdggapddbjjbopabhlhianklajie
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
StartupFolder: c:\users\mathieu\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Envoyer à OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 5.0\resources\fr-fr\local\search.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: mappy.com
Trusted Zone: orange.fr
Trusted Zone: voila.fr\rw.search.ke
Trusted Zone: weborama.fr\orange
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.2
TCP: Interfaces\{3208D13B-5BCF-4D1D-8FC5-55283BDB8971} : DhcpNameServer = 192.168.1.2
TCP: Interfaces\{4FAE890B-A261-409B-895A-C5D16C407E3E} : DhcpNameServer = 172.20.2.39 172.20.2.10
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\browsercompanion\tdataprotocol.dll
Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\browsercompanion\tdataprotocol.dll
Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\browsercompanion\tdataprotocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\mathieu\appdata\roaming\mozilla\firefox\profiles\t0np4bv7.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\programdata\zylom\zylomgamesplayer\npzylomgamesplayer.dll
FF - plugin: c:\users\mathieu\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\users\mathieu\appdata\roaming\electronic arts\game face\1.0.0.18\npGameFacePlugin.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.id - 400e65310000000000000021003c3e83
FF - user.js: extensions.BabylonToolbar_i.hardId - 400e65310000000000000021003c3e83
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15386
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1719:14:56
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - tt=090212_ctrl
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-3-3 610648]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-3-3 337112]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-3-3 20696]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-3-3 57688]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-3-3 44768]
R2 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1ca87f39cf38848;Service Google Update (gupdate1ca87f39cf38848);c:\program files\google\update\GoogleUpdate.exe [2009-12-28 133104]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-25 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]
S3 gupdatem;Service Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-28 133104]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-5-10 18432]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\system32\drivers\PCAMp50.sys [2009-12-19 28224]
S3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2012-03-11 17:10:41 607260 ------r- C:\dds.scr
2012-02-25 20:49:54 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 16:23:26 41184 ----a-w- c:\windows\avastSS.scr
2012-02-23 16:12:28 610648 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-02-23 16:10:34 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-02-23 08:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-11 22:33:34 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-12 19:52:56 2044416 ----a-w- c:\windows\system32\win32k.sys
2011-12-14 16:17:47 680448 ----a-w- c:\windows\system32\msvcrt.dll
.
============= FINISH: 19:05:15,04 ===============
jujucds
Regular Member
 
Posts: 20
Joined: March 11th, 2012, 9:34 am
Advertisement
Register to Remove

Re: Computer infected with virus "Gendarmerie nationale"

Unread postby askey127 » March 13th, 2012, 11:11 am

Looking at your log.
Be back soon.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Computer infected with virus "Gendarmerie nationale"

Unread postby askey127 » March 13th, 2012, 11:31 am

Hi jujucds,
Before We Start, Some Notes On This Process
During this repair, we may need to remove some obsolete programs, and some which interfere with our tools.
We will install replacements later.
Please do not install or uninstall any programs, or scan with anything, unless I ask, until we are through cleaning.

Also, please be aware that removing Malware is a potentially hazardous undertaking.
I will take care not to knowingly suggest courses of action that might damage your computer.
However, it is impossible for me to foresee all interactions that may happen between your computer software and the tools we'll use to clear you of infection, so I cannot guarantee the safety of your system.
It is not likely, but possible, that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate taking your computer to a repair shop.
Because of this, I advise you to backup any important personal files to some external media, like a USB flash or CD, before we start.

Since the machine was run without an Antivirus, it's possible that the Vista system is so corrupted that it may not be fixable.
We will do our best to help, but it is not known yet whether this machine can be fixed using online methods.
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Uninstall a program under the Programs heading.
Right click each Entry, as follows, one by one, if it exists, choose Uninstall/Change, and give permission to Continue:

SpiderMessenger 1.0
Registry Mechanic 8.0
Messenger Plus! Live
McAfee Security Scan Plus
Java(TM) 6 Update 2
Java(TM) 6 Update 22

Take extra care in answering questions posed by any Uninstaller.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
--------------------------------------------
TDSSKiller - Rootkit Removal Tool
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  1. Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    (Vista - W7 users: Right-click and select "Run As Administrator")
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
    If you don't see file extensions, please see: How to change the file extension.
    If you try to change the filename and extension, you may get a warning message from Windows because of the change of file extension. OK the change.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure Cure (default) is selected... then click Continue > Reboot now to finish the cleaning process.
    • If Cure is not offered as an option, choose Skip.
  5. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the main directory of C:
    (the dd.mm.yyyy_hh.mm.ss numbers in the filename represent the time/date stamp)
  6. Copy and paste the contents of that file in your next reply.
If, for some reason,you can't locate the text file to paste into your reply, just tell me, but DO NOT run the program a second time.
---------------------------------------------
Download the OTL Scanner
Please download OTL.exe by OldTimer and save it to your desktop.
---------------------------------------------
Run a Scan with OTL
  • Right click the OTL icon and choose "Run as administrator".
  • Check the boxes labeled :
    • Scan All Users
    • LOP check
    • Purity check
    • Extra Registry > Use SafeList
  • Make sure all other windows are closed to let it run uninterrupted.
  • Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so.
    When the scan starts, OTL may appear to be frozen while it runs. Please be patient.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. (desktop)
The Extras.txt file will only appear as a running Notepad document the very first time you run OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.

Please be aware that the Iminent toolbar can track your behavior and restrict your searches.

So we are looking for the contents of the TDSSKiller log, and the two logs from OTL, namely OTL.txt and Extras.txt
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Computer infected with virus "Gendarmerie nationale"

Unread postby jujucds » March 13th, 2012, 4:59 pm

Hello askey127,

I have followed your instructions and I send you the content of the 3 files.
Below the content of the file TDSSKiller.exe :

21:07:16.0376 0904 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
21:07:16.0596 0904 ============================================================
21:07:16.0596 0904 Current date / time: 2012/03/13 21:07:16.0596
21:07:16.0596 0904 SystemInfo:
21:07:16.0596 0904
21:07:16.0596 0904 OS Version: 6.0.6002 ServicePack: 2.0
21:07:16.0596 0904 Product type: Workstation
21:07:16.0597 0904 ComputerName: PC
21:07:16.0597 0904 UserName: Mathieu
21:07:16.0597 0904 Windows directory: C:\Windows
21:07:16.0597 0904 System windows directory: C:\Windows
21:07:16.0597 0904 Processor architecture: Intel x86
21:07:16.0597 0904 Number of processors: 2
21:07:16.0597 0904 Page size: 0x1000
21:07:16.0597 0904 Boot type: Normal boot
21:07:16.0597 0904 ============================================================
21:07:17.0365 0904 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:07:17.0368 0904 \Device\Harddisk0\DR0:
21:07:17.0368 0904 MBR used
21:07:17.0368 0904 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1133CDAE
21:07:17.0368 0904 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1133CDED, BlocksNum 0x16DBCD4
21:07:17.0459 0904 Initialize success
21:07:17.0459 0904 ============================================================
21:09:05.0655 2152 ============================================================
21:09:05.0655 2152 Scan started
21:09:05.0655 2152 Mode: Manual;
21:09:05.0655 2152 ============================================================
21:09:05.0961 2152 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
21:09:05.0966 2152 ACPI - ok
21:09:06.0328 2152 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
21:09:06.0336 2152 adp94xx - ok
21:09:06.0494 2152 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
21:09:06.0500 2152 adpahci - ok
21:09:06.0703 2152 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
21:09:06.0707 2152 adpu160m - ok
21:09:06.0900 2152 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
21:09:06.0906 2152 adpu320 - ok
21:09:07.0258 2152 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
21:09:07.0267 2152 AFD - ok
21:09:07.0560 2152 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
21:09:07.0565 2152 agp440 - ok
21:09:07.0774 2152 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
21:09:07.0778 2152 aic78xx - ok
21:09:07.0944 2152 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
21:09:07.0947 2152 aliide - ok
21:09:08.0099 2152 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
21:09:08.0238 2152 amdagp - ok
21:09:08.0464 2152 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
21:09:08.0466 2152 amdide - ok
21:09:08.0632 2152 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
21:09:08.0635 2152 AmdK7 - ok
21:09:08.0904 2152 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
21:09:08.0906 2152 AmdK8 - ok
21:09:09.0100 2152 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
21:09:09.0140 2152 arc - ok
21:09:09.0334 2152 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
21:09:09.0337 2152 arcsas - ok
21:09:09.0448 2152 aswFsBlk (581b82df5dbcc1dda6b775fac0d92472) C:\Windows\system32\drivers\aswFsBlk.sys
21:09:09.0450 2152 aswFsBlk - ok
21:09:09.0726 2152 aswMonFlt (0787b434e9098840966c23bb1c77df49) C:\Windows\system32\drivers\aswMonFlt.sys
21:09:09.0728 2152 aswMonFlt - ok
21:09:09.0930 2152 AswRdr (0b44ee90b3db93582b260a80b28b7ffd) C:\Windows\system32\drivers\AswRdr.sys
21:09:09.0931 2152 AswRdr - ok
21:09:10.0276 2152 aswSnx (ca9601cd277a1e510b80422a40240a95) C:\Windows\system32\drivers\aswSnx.sys
21:09:10.0286 2152 aswSnx - ok
21:09:10.0495 2152 aswSP (05ea22dde5ca7ee3a865046aff2f0229) C:\Windows\system32\drivers\aswSP.sys
21:09:10.0502 2152 aswSP - ok
21:09:10.0642 2152 aswTdi (3ac73a9e7378848d1bde174b4bb39212) C:\Windows\system32\drivers\aswTdi.sys
21:09:10.0644 2152 aswTdi - ok
21:09:10.0733 2152 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
21:09:10.0734 2152 AsyncMac - ok
21:09:10.0984 2152 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
21:09:10.0986 2152 atapi - ok
21:09:11.0329 2152 BCM43XV (58da4a879daedc2ef91c0694415417d9) C:\Windows\system32\DRIVERS\bcmwl6.sys
21:09:11.0352 2152 BCM43XV - ok
21:09:11.0550 2152 BCM43XX (58da4a879daedc2ef91c0694415417d9) C:\Windows\system32\DRIVERS\bcmwl6.sys
21:09:11.0566 2152 BCM43XX - ok
21:09:11.0707 2152 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
21:09:11.0709 2152 Beep - ok
21:09:11.0797 2152 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
21:09:11.0799 2152 blbdrive - ok
21:09:11.0991 2152 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
21:09:11.0994 2152 bowser - ok
21:09:12.0208 2152 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
21:09:12.0210 2152 BrFiltLo - ok
21:09:12.0300 2152 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
21:09:12.0302 2152 BrFiltUp - ok
21:09:12.0432 2152 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
21:09:12.0435 2152 Brserid - ok
21:09:12.0548 2152 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
21:09:12.0550 2152 BrSerWdm - ok
21:09:12.0766 2152 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
21:09:12.0768 2152 BrUsbMdm - ok
21:09:12.0849 2152 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
21:09:12.0851 2152 BrUsbSer - ok
21:09:12.0927 2152 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
21:09:12.0929 2152 BTHMODEM - ok
21:09:13.0055 2152 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
21:09:13.0060 2152 cdfs - ok
21:09:13.0123 2152 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
21:09:13.0126 2152 cdrom - ok
21:09:13.0326 2152 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
21:09:13.0329 2152 circlass - ok
21:09:13.0516 2152 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
21:09:13.0522 2152 CLFS - ok
21:09:13.0726 2152 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
21:09:13.0727 2152 CmBatt - ok
21:09:13.0755 2152 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
21:09:13.0756 2152 cmdide - ok
21:09:13.0884 2152 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
21:09:13.0886 2152 Compbatt - ok
21:09:13.0903 2152 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
21:09:13.0905 2152 crcdisk - ok
21:09:13.0950 2152 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
21:09:13.0952 2152 Crusoe - ok
21:09:14.0160 2152 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
21:09:14.0162 2152 DfsC - ok
21:09:14.0311 2152 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
21:09:14.0313 2152 disk - ok
21:09:14.0468 2152 dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
21:09:14.0472 2152 dot4 - ok
21:09:14.0584 2152 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
21:09:14.0586 2152 Dot4Print - ok
21:09:14.0671 2152 Dot4Scan (a84d8a9006b1ae515cc7b6b3586c295a) C:\Windows\system32\DRIVERS\Dot4Scan.sys
21:09:14.0675 2152 Dot4Scan - ok
21:09:14.0838 2152 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
21:09:14.0840 2152 dot4usb - ok
21:09:15.0092 2152 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
21:09:15.0095 2152 drmkaud - ok
21:09:15.0168 2152 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
21:09:15.0184 2152 DXGKrnl - ok
21:09:15.0362 2152 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
21:09:15.0366 2152 E1G60 - ok
21:09:15.0595 2152 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
21:09:15.0600 2152 Ecache - ok
21:09:15.0901 2152 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
21:09:15.0910 2152 elxstor - ok
21:09:16.0139 2152 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
21:09:16.0142 2152 ErrDev - ok
21:09:16.0366 2152 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
21:09:16.0370 2152 exfat - ok
21:09:16.0553 2152 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
21:09:16.0557 2152 fastfat - ok
21:09:16.0699 2152 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
21:09:16.0701 2152 fdc - ok
21:09:16.0767 2152 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
21:09:16.0769 2152 FileInfo - ok
21:09:17.0161 2152 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
21:09:17.0163 2152 Filetrace - ok
21:09:17.0454 2152 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
21:09:17.0456 2152 flpydisk - ok
21:09:17.0571 2152 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
21:09:17.0576 2152 FltMgr - ok
21:09:17.0703 2152 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
21:09:17.0706 2152 fssfltr - ok
21:09:17.0850 2152 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
21:09:17.0853 2152 Fs_Rec - ok
21:09:17.0935 2152 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
21:09:17.0939 2152 gagp30kx - ok
21:09:18.0056 2152 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:09:18.0059 2152 GEARAspiWDM - ok
21:09:18.0374 2152 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
21:09:18.0382 2152 HdAudAddService - ok
21:09:18.0533 2152 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:09:18.0546 2152 HDAudBus - ok
21:09:18.0604 2152 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
21:09:18.0607 2152 HidBth - ok
21:09:18.0720 2152 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
21:09:18.0723 2152 HidIr - ok
21:09:18.0880 2152 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
21:09:18.0883 2152 HidUsb - ok
21:09:19.0085 2152 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
21:09:19.0088 2152 HpCISSs - ok
21:09:19.0229 2152 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
21:09:19.0230 2152 HpqKbFiltr - ok
21:09:19.0307 2152 HpqRemHid (115c0933b3ed51dfbec4449348c8065b) C:\Windows\system32\DRIVERS\HpqRemHid.sys
21:09:19.0309 2152 HpqRemHid - ok
21:09:19.0540 2152 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
21:09:19.0546 2152 HSFHWAZL - ok
21:09:19.0775 2152 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
21:09:19.0794 2152 HSF_DPV - ok
21:09:20.0099 2152 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
21:09:20.0108 2152 HTTP - ok
21:09:20.0230 2152 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
21:09:20.0232 2152 i2omp - ok
21:09:20.0312 2152 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
21:09:20.0315 2152 i8042prt - ok
21:09:20.0620 2152 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\Windows\system32\DRIVERS\iaStor.sys
21:09:20.0626 2152 iaStor - ok
21:09:21.0005 2152 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
21:09:21.0013 2152 iaStorV - ok
21:09:21.0269 2152 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
21:09:21.0272 2152 iirsp - ok
21:09:21.0730 2152 IntcAzAudAddService (2967e9c168cb5e0108a8a243ae179bad) C:\Windows\system32\drivers\RTKVHDA.sys
21:09:21.0772 2152 IntcAzAudAddService - ok
21:09:22.0086 2152 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
21:09:22.0088 2152 intelide - ok
21:09:22.0160 2152 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
21:09:22.0162 2152 intelppm - ok
21:09:22.0248 2152 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:09:22.0254 2152 IpFilterDriver - ok
21:09:22.0568 2152 IpInIp - ok
21:09:22.0767 2152 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
21:09:22.0769 2152 IPMIDRV - ok
21:09:22.0847 2152 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
21:09:22.0850 2152 IPNAT - ok
21:09:23.0275 2152 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
21:09:23.0277 2152 IRENUM - ok
21:09:23.0530 2152 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
21:09:23.0533 2152 isapnp - ok
21:09:23.0689 2152 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
21:09:23.0695 2152 iScsiPrt - ok
21:09:24.0053 2152 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
21:09:24.0059 2152 iteatapi - ok
21:09:24.0268 2152 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
21:09:24.0271 2152 iteraid - ok
21:09:24.0699 2152 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:09:24.0702 2152 kbdclass - ok
21:09:24.0875 2152 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
21:09:24.0878 2152 kbdhid - ok
21:09:25.0336 2152 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
21:09:25.0348 2152 KSecDD - ok
21:09:25.0527 2152 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
21:09:25.0532 2152 lltdio - ok
21:09:25.0779 2152 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
21:09:25.0785 2152 LSI_FC - ok
21:09:26.0115 2152 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
21:09:26.0120 2152 LSI_SAS - ok
21:09:26.0480 2152 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
21:09:26.0484 2152 LSI_SCSI - ok
21:09:26.0627 2152 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
21:09:26.0630 2152 luafv - ok
21:09:26.0841 2152 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
21:09:26.0843 2152 megasas - ok
21:09:27.0075 2152 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
21:09:27.0208 2152 MegaSR - ok
21:09:27.0450 2152 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
21:09:27.0452 2152 Modem - ok
21:09:27.0604 2152 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
21:09:27.0607 2152 monitor - ok
21:09:27.0701 2152 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
21:09:27.0704 2152 mouclass - ok
21:09:28.0020 2152 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
21:09:28.0023 2152 mouhid - ok
21:09:28.0148 2152 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
21:09:28.0151 2152 MountMgr - ok
21:09:28.0264 2152 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
21:09:28.0269 2152 mpio - ok
21:09:28.0373 2152 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
21:09:28.0375 2152 mpsdrv - ok
21:09:28.0470 2152 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
21:09:28.0472 2152 Mraid35x - ok
21:09:28.0564 2152 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
21:09:28.0567 2152 MRxDAV - ok
21:09:28.0686 2152 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:09:28.0690 2152 mrxsmb - ok
21:09:28.0835 2152 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:09:28.0839 2152 mrxsmb10 - ok
21:09:28.0903 2152 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:09:28.0932 2152 mrxsmb20 - ok
21:09:29.0063 2152 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
21:09:29.0066 2152 msahci - ok
21:09:29.0200 2152 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
21:09:29.0203 2152 msdsm - ok
21:09:29.0312 2152 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
21:09:29.0314 2152 Msfs - ok
21:09:29.0444 2152 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
21:09:29.0446 2152 msisadrv - ok
21:09:29.0519 2152 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
21:09:29.0521 2152 MSKSSRV - ok
21:09:29.0682 2152 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
21:09:29.0685 2152 MSPCLOCK - ok
21:09:29.0804 2152 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
21:09:29.0808 2152 MSPQM - ok
21:09:29.0984 2152 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
21:09:29.0988 2152 MsRPC - ok
21:09:30.0273 2152 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
21:09:30.0275 2152 mssmbios - ok
21:09:30.0477 2152 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
21:09:30.0478 2152 MSTEE - ok
21:09:30.0632 2152 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
21:09:30.0634 2152 Mup - ok
21:09:30.0905 2152 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
21:09:30.0910 2152 NativeWifiP - ok
21:09:31.0075 2152 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
21:09:31.0087 2152 NDIS - ok
21:09:31.0214 2152 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
21:09:31.0216 2152 NdisTapi - ok
21:09:31.0315 2152 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
21:09:31.0317 2152 Ndisuio - ok
21:09:31.0439 2152 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
21:09:31.0444 2152 NdisWan - ok
21:09:31.0495 2152 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
21:09:31.0499 2152 NDProxy - ok
21:09:31.0729 2152 Netaapl (1352e1648213551923a0a822e441553c) C:\Windows\system32\DRIVERS\netaapl.sys
21:09:31.0733 2152 Netaapl - ok
21:09:31.0908 2152 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
21:09:31.0912 2152 NetBIOS - ok
21:09:32.0158 2152 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
21:09:32.0162 2152 netbt - ok
21:09:32.0264 2152 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
21:09:32.0267 2152 nfrd960 - ok
21:09:32.0463 2152 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
21:09:32.0465 2152 Npfs - ok
21:09:32.0596 2152 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
21:09:32.0598 2152 nsiproxy - ok
21:09:32.0718 2152 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
21:09:32.0737 2152 Ntfs - ok
21:09:32.0893 2152 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
21:09:32.0894 2152 ntrigdigi - ok
21:09:32.0920 2152 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
21:09:32.0922 2152 Null - ok
21:09:33.0128 2152 NVENETFD (1657f3fbd9061526c14ff37e79306f98) C:\Windows\system32\DRIVERS\nvm60x32.sys
21:09:33.0136 2152 NVENETFD - ok
21:09:33.0615 2152 nvlddmkm (24000b817cc84ac1555f41929879af5a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:09:34.0001 2152 nvlddmkm - ok
21:09:34.0301 2152 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
21:09:34.0306 2152 nvraid - ok
21:09:34.0547 2152 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
21:09:34.0550 2152 nvstor - ok
21:09:34.0717 2152 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
21:09:34.0722 2152 nv_agp - ok
21:09:34.0837 2152 NwlnkFlt - ok
21:09:34.0859 2152 NwlnkFwd - ok
21:09:35.0183 2152 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
21:09:35.0187 2152 ohci1394 - ok
21:09:35.0472 2152 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
21:09:35.0477 2152 Parport - ok
21:09:35.0630 2152 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
21:09:35.0780 2152 partmgr - ok
21:09:35.0927 2152 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
21:09:35.0928 2152 Parvdm - ok
21:09:36.0005 2152 PCAMp50 (1bf91f352d746ad7469fa71783b5fae8) C:\Windows\system32\Drivers\PCAMp50.sys
21:09:36.0007 2152 PCAMp50 - ok
21:09:36.0249 2152 PCASp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\Windows\system32\Drivers\PCASp50.sys
21:09:36.0251 2152 PCASp50 - ok
21:09:36.0476 2152 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
21:09:36.0481 2152 pci - ok
21:09:36.0621 2152 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
21:09:36.0625 2152 pciide - ok
21:09:36.0974 2152 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
21:09:36.0979 2152 pcmcia - ok
21:09:37.0139 2152 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
21:09:37.0159 2152 PEAUTH - ok
21:09:37.0397 2152 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
21:09:37.0400 2152 PptpMiniport - ok
21:09:37.0422 2152 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
21:09:37.0424 2152 Processor - ok
21:09:37.0539 2152 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
21:09:37.0542 2152 PSched - ok
21:09:37.0747 2152 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
21:09:37.0768 2152 ql2300 - ok
21:09:38.0017 2152 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
21:09:38.0022 2152 ql40xx - ok
21:09:38.0292 2152 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
21:09:38.0294 2152 QWAVEdrv - ok
21:09:38.0524 2152 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
21:09:38.0527 2152 RasAcd - ok
21:09:38.0590 2152 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:09:38.0595 2152 Rasl2tp - ok
21:09:38.0681 2152 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
21:09:38.0683 2152 RasPppoe - ok
21:09:38.0842 2152 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
21:09:38.0846 2152 RasSstp - ok
21:09:39.0044 2152 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
21:09:39.0060 2152 rdbss - ok
21:09:39.0222 2152 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:09:39.0224 2152 RDPCDD - ok
21:09:39.0264 2152 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
21:09:39.0270 2152 rdpdr - ok
21:09:39.0433 2152 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
21:09:39.0435 2152 RDPENCDD - ok
21:09:39.0500 2152 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
21:09:39.0506 2152 RDPWD - ok
21:09:39.0622 2152 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
21:09:39.0626 2152 rimmptsk - ok
21:09:39.0780 2152 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
21:09:39.0783 2152 rimsptsk - ok
21:09:39.0963 2152 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
21:09:39.0966 2152 rismxdp - ok
21:09:40.0024 2152 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
21:09:40.0030 2152 rspndr - ok
21:09:40.0220 2152 RTL8169 (9a929308a64183d3d9dccbb6df4badae) C:\Windows\system32\DRIVERS\Rtlh86.sys
21:09:40.0223 2152 RTL8169 - ok
21:09:40.0304 2152 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
21:09:40.0307 2152 sbp2port - ok
21:09:40.0517 2152 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
21:09:40.0522 2152 sdbus - ok
21:09:40.0623 2152 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:09:40.0627 2152 secdrv - ok
21:09:40.0947 2152 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
21:09:40.0951 2152 Serenum - ok
21:09:41.0338 2152 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
21:09:41.0343 2152 Serial - ok
21:09:41.0541 2152 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
21:09:41.0544 2152 sermouse - ok
21:09:41.0624 2152 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
21:09:41.0627 2152 sffdisk - ok
21:09:41.0821 2152 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
21:09:41.0824 2152 sffp_mmc - ok
21:09:41.0992 2152 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
21:09:41.0995 2152 sffp_sd - ok
21:09:42.0265 2152 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
21:09:42.0267 2152 sfloppy - ok
21:09:42.0395 2152 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
21:09:42.0398 2152 sisagp - ok
21:09:42.0561 2152 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
21:09:42.0564 2152 SiSRaid2 - ok
21:09:42.0653 2152 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
21:09:42.0657 2152 SiSRaid4 - ok
21:09:43.0002 2152 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
21:09:43.0006 2152 Smb - ok
21:09:43.0255 2152 smserial (63b3b77bdb67ee674771c0e6fb96da9e) C:\Windows\system32\DRIVERS\smserial.sys
21:09:43.0272 2152 smserial - ok
21:09:43.0436 2152 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
21:09:43.0440 2152 spldr - ok
21:09:43.0516 2152 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
21:09:43.0527 2152 srv - ok
21:09:43.0726 2152 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
21:09:43.0733 2152 srv2 - ok
21:09:43.0965 2152 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
21:09:43.0970 2152 srvnet - ok
21:09:44.0209 2152 sscdbus (d6870895fe46a464a19141440eb6cc1e) C:\Windows\system32\DRIVERS\sscdbus.sys
21:09:44.0265 2152 sscdbus - ok
21:09:44.0378 2152 sscdmdfl (0fe167362e4689b716cdc8d93adedda8) C:\Windows\system32\DRIVERS\sscdmdfl.sys
21:09:44.0380 2152 sscdmdfl - ok
21:09:44.0646 2152 sscdmdm (55a15707e32b6709242ad127e62ca55a) C:\Windows\system32\DRIVERS\sscdmdm.sys
21:09:44.0650 2152 sscdmdm - ok
21:09:44.0809 2152 StarOpen (306521935042fc0a6988d528643619b3) C:\Windows\system32\drivers\StarOpen.sys
21:09:44.0811 2152 StarOpen - ok
21:09:44.0859 2152 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
21:09:44.0864 2152 StillCam - ok
21:09:45.0274 2152 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
21:09:45.0277 2152 swenum - ok
21:09:45.0466 2152 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
21:09:45.0470 2152 Symc8xx - ok
21:09:45.0484 2152 SymIMMP - ok
21:09:45.0536 2152 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
21:09:45.0539 2152 Sym_hi - ok
21:09:45.0662 2152 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
21:09:45.0665 2152 Sym_u3 - ok
21:09:45.0858 2152 SynTP (bf7aa84d5af0faa0978c840e63b17dbf) C:\Windows\system32\DRIVERS\SynTP.sys
21:09:45.0864 2152 SynTP - ok
21:09:46.0071 2152 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
21:09:46.0090 2152 Tcpip - ok
21:09:46.0293 2152 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
21:09:46.0304 2152 Tcpip6 - ok
21:09:46.0532 2152 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
21:09:46.0537 2152 tcpipreg - ok
21:09:46.0660 2152 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
21:09:46.0662 2152 TDPIPE - ok
21:09:46.0810 2152 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
21:09:46.0812 2152 TDTCP - ok
21:09:46.0947 2152 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
21:09:46.0949 2152 tdx - ok
21:09:47.0106 2152 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
21:09:47.0108 2152 TermDD - ok
21:09:47.0227 2152 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:09:47.0229 2152 tssecsrv - ok
21:09:47.0367 2152 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
21:09:47.0369 2152 tunmp - ok
21:09:47.0543 2152 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
21:09:47.0545 2152 tunnel - ok
21:09:47.0629 2152 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
21:09:47.0633 2152 uagp35 - ok
21:09:47.0829 2152 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
21:09:47.0835 2152 udfs - ok
21:09:47.0933 2152 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
21:09:47.0936 2152 uliagpkx - ok
21:09:48.0123 2152 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
21:09:48.0129 2152 uliahci - ok
21:09:48.0286 2152 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
21:09:48.0289 2152 UlSata - ok
21:09:48.0444 2152 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
21:09:48.0448 2152 ulsata2 - ok
21:09:48.0590 2152 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
21:09:48.0593 2152 umbus - ok
21:09:48.0690 2152 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
21:09:48.0694 2152 USBAAPL - ok
21:09:49.0006 2152 usbbus - ok
21:09:49.0247 2152 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
21:09:49.0251 2152 usbccgp - ok
21:09:49.0456 2152 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
21:09:49.0461 2152 usbcir - ok
21:09:49.0824 2152 UsbDiag - ok
21:09:50.0081 2152 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
21:09:50.0085 2152 usbehci - ok
21:09:50.0345 2152 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
21:09:50.0352 2152 usbhub - ok
21:09:50.0449 2152 USBModem - ok
21:09:50.0616 2152 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys
21:09:50.0621 2152 usbohci - ok
21:09:50.0701 2152 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
21:09:50.0705 2152 usbprint - ok
21:09:50.0775 2152 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
21:09:50.0779 2152 usbscan - ok
21:09:50.0899 2152 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:09:50.0904 2152 USBSTOR - ok
21:09:50.0956 2152 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
21:09:50.0960 2152 usbuhci - ok
21:09:51.0184 2152 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
21:09:51.0191 2152 usbvideo - ok
21:09:51.0336 2152 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
21:09:51.0340 2152 vga - ok
21:09:51.0453 2152 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
21:09:51.0458 2152 VgaSave - ok
21:09:51.0517 2152 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
21:09:51.0521 2152 viaagp - ok
21:09:51.0595 2152 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
21:09:51.0629 2152 ViaC7 - ok
21:09:51.0739 2152 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
21:09:51.0745 2152 viaide - ok
21:09:51.0827 2152 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
21:09:51.0831 2152 volmgr - ok
21:09:51.0929 2152 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
21:09:51.0938 2152 volmgrx - ok
21:09:52.0069 2152 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
21:09:52.0076 2152 volsnap - ok
21:09:52.0174 2152 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
21:09:52.0178 2152 vsmraid - ok
21:09:52.0299 2152 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
21:09:52.0302 2152 WacomPen - ok
21:09:52.0370 2152 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:09:52.0372 2152 Wanarp - ok
21:09:52.0378 2152 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:09:52.0381 2152 Wanarpv6 - ok
21:09:52.0552 2152 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
21:09:52.0554 2152 Wd - ok
21:09:52.0635 2152 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
21:09:52.0645 2152 Wdf01000 - ok
21:09:52.0930 2152 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
21:09:52.0943 2152 winachsf - ok
21:09:53.0199 2152 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:09:53.0201 2152 WmiAcpi - ok
21:09:53.0349 2152 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
21:09:53.0352 2152 WpdUsb - ok
21:09:53.0628 2152 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
21:09:53.0632 2152 ws2ifsl - ok
21:09:53.0782 2152 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:09:53.0787 2152 WUDFRd - ok
21:09:53.0903 2152 MBR (0x1B8) (1a1a06f62e891045814007163c1c76c3) \Device\Harddisk0\DR0
21:09:53.0980 2152 \Device\Harddisk0\DR0 - ok
21:09:53.0987 2152 Boot (0x1200) (d538d6a148ba3fca88c06948a5263a3e) \Device\Harddisk0\DR0\Partition0
21:09:53.0990 2152 \Device\Harddisk0\DR0\Partition0 - ok
21:09:54.0032 2152 Boot (0x1200) (8bfa7a9e3fa4ad9801d558c9140df711) \Device\Harddisk0\DR0\Partition1
21:09:54.0034 2152 \Device\Harddisk0\DR0\Partition1 - ok
21:09:54.0043 2152 ============================================================
21:09:54.0044 2152 Scan finished
21:09:54.0044 2152 ============================================================
21:09:54.0091 4620 Detected object count: 0
21:09:54.0091 4620 Actual detected object count: 0
21:10:01.0397 6076 Deinitialize success
jujucds
Regular Member
 
Posts: 20
Joined: March 11th, 2012, 9:34 am

Re: Computer infected with virus "Gendarmerie nationale"

Unread postby jujucds » March 13th, 2012, 5:04 pm

Then the content of the file OTL.Txt :


OTL logfile created on: 13/03/2012 21:26:29 - Run 1
OTL by OldTimer - Version 3.2.36.3 Folder = C:\Users\Mathieu\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 0,87 Gb Available Physical Memory | 43,40% Memory free
4,23 Gb Paging File | 2,79 Gb Available in Paging File | 65,99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137,62 Gb Total Space | 60,98 Gb Free Space | 44,31% Space Free | Partition Type: NTFS
Drive D: | 11,43 Gb Total Space | 2,37 Gb Free Space | 20,78% Space Free | Partition Type: NTFS

Computer Name: PC | User Name: Mathieu | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/13 21:16:08 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\Mathieu\Desktop\OTL.exe
PRC - [2012/02/25 21:50:04 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/02/23 17:23:24 | 004,031,368 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/02/23 17:23:21 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/12/23 13:07:20 | 000,881,144 | ---- | M] (Iminent) -- C:\Program Files\Iminent\Iminent.Messengers.exe
PRC - [2011/12/23 13:07:20 | 000,445,416 | ---- | M] (Iminent) -- C:\Program Files\Iminent\Iminent.exe
PRC - [2011/11/29 16:50:40 | 000,182,576 | ---- | M] (Blabbers Communications LTD) -- C:\Program Files\BrowserCompanion\BCHelper.exe
PRC - [2011/06/26 14:31:51 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/01/17 19:09:00 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 19:09:00 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009/03/03 10:02:24 | 000,135,168 | ---- | M] (France Telecom SA) -- C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
PRC - [2009/03/03 10:02:06 | 000,602,864 | ---- | M] (France Telecom SA) -- C:\Program Files\OrangeHSS\Launcher\Launcher.exe
PRC - [2009/03/03 10:02:04 | 000,065,536 | ---- | M] (France Telecom SA) -- C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
PRC - [2009/03/03 10:02:04 | 000,065,536 | ---- | M] (France Telecom SA) -- C:\Program Files\Common Files\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
PRC - [2009/03/03 10:01:52 | 000,028,672 | ---- | M] (France Telecom SA) -- C:\Program Files\OrangeHSS\Connectivity\corecom\OraConfigRecover.exe
PRC - [2009/03/03 10:01:50 | 000,364,544 | ---- | M] (France Telecom SA) -- C:\Program Files\OrangeHSS\Connectivity\corecom\CoreCom.exe
PRC - [2009/03/03 10:01:48 | 000,712,704 | ---- | M] (France Telecom SA) -- C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe
PRC - [2009/03/03 10:01:42 | 000,090,112 | ---- | M] (France Telecom SA) -- C:\Program Files\Common Files\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
PRC - [2009/02/12 21:45:42 | 001,716,293 | ---- | M] (Informer Technologies, Inc.) -- C:\Program Files\Software Informer\softinfo.exe
PRC - [2008/01/21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/10/24 11:02:16 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/10/24 11:02:14 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/10/09 17:59:30 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/01/17 14:34:18 | 000,634,880 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/25 21:50:04 | 001,911,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/02/25 21:49:54 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2012/02/16 20:41:13 | 001,070,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c12259751030b8fb693006bb6e7dd55f\System.IdentityModel.ni.dll
MOD - [2012/02/16 20:41:11 | 002,346,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\a4b9d424cd4509b6b76fba81f347f561\System.Runtime.Serialization.ni.dll
MOD - [2012/02/16 20:41:08 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\696e2d9a6491947cd89ead8cc4cc658a\SMDiagnostics.ni.dll
MOD - [2012/02/16 20:41:07 | 017,404,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\effa6ad5369cea835146937a5635275b\System.ServiceModel.ni.dll
MOD - [2012/02/16 20:40:26 | 000,141,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\4eac2f7cb1c834955099131df846e157\System.Configuration.Install.ni.dll
MOD - [2012/02/16 20:40:23 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\1a5853155c4e5ab3f91cd37da331e89b\System.Web.Services.ni.dll
MOD - [2012/02/16 20:40:18 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\a333ad288c1a4bbbba8f61249202bc1a\System.EnterpriseServices.ni.dll
MOD - [2012/02/16 20:40:17 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\0ef893bbf33d38a1f7a63b9cee2dabfe\System.Transactions.ni.dll
MOD - [2012/02/16 20:40:16 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\2598077ccea480c6120d3a1ad4455be0\System.Web.ni.dll
MOD - [2012/02/16 20:39:30 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7fd6c62196829d1e2dce5a253145d51a\System.Configuration.ni.dll
MOD - [2012/02/16 20:37:56 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll
MOD - [2012/02/16 20:37:28 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\65450889f3742aada2a6c0cf8e6173e3\System.Windows.Forms.ni.dll
MOD - [2012/02/16 20:37:14 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\137696d0416b65dbc1561152971488b4\System.Drawing.ni.dll
MOD - [2012/02/16 20:36:51 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\029217106fa24787ff7a61b754f8ebf7\System.Data.ni.dll
MOD - [2012/02/16 20:36:43 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\bc01d91f95947c7f25f3ae4e16db2cb5\System.Core.ni.dll
MOD - [2012/02/16 20:36:36 | 014,328,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\56df3488472318c59d0a08ed10a065d3\PresentationFramework.ni.dll
MOD - [2012/02/16 20:36:13 | 012,216,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\3951e0a359c004cd6ba268ff78ac62aa\PresentationCore.ni.dll
MOD - [2012/02/16 20:35:56 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1e258a951222c818540b33880ca45f2e\WindowsBase.ni.dll
MOD - [2012/02/16 20:35:37 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll
MOD - [2012/02/11 23:37:43 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2011/12/23 13:07:28 | 000,910,840 | ---- | M] () -- C:\Program Files\Iminent\System.Data.SQLite.dll
MOD - [2011/12/23 13:07:26 | 000,204,280 | ---- | M] () -- C:\Program Files\Iminent\Iminent.Workflow.dll
MOD - [2011/12/23 13:07:26 | 000,067,576 | ---- | M] () -- C:\Program Files\Iminent\Iminent.Windows.dll
MOD - [2011/12/23 13:07:22 | 006,273,016 | ---- | M] () -- C:\Program Files\Iminent\Iminent.Mediator.ActivePlayers.dll
MOD - [2011/12/23 13:07:22 | 001,524,728 | ---- | M] () -- C:\Program Files\Iminent\Iminent.Services.dll
MOD - [2011/12/23 13:07:22 | 000,587,256 | ---- | M] () -- C:\Program Files\Iminent\Iminent.Booster.UI.dll
MOD - [2011/10/15 02:31:11 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011/08/07 12:54:44 | 000,362,029 | ---- | M] () -- C:\Program Files\BrowserCompanion\sqlite3.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009/12/09 07:54:53 | 000,507,904 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.ServiceModel.resources\3.0.0.0_fr_b77a5c561934e089\System.ServiceModel.resources.dll
MOD - [2009/03/30 05:42:26 | 000,311,296 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_fr_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009/03/30 05:42:26 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_fr_b77a5c561934e089\System.resources.dll
MOD - [2009/03/30 05:42:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009/03/30 05:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009/03/03 10:02:14 | 000,589,824 | ---- | M] () -- C:\Program Files\OrangeHSS\Launcher\Plugins\PluginLnhPromptManager2.dll
MOD - [2009/03/03 10:02:12 | 000,237,568 | ---- | M] () -- C:\Program Files\OrangeHSS\Launcher\Plugins\PluginLnhRecovery.dll
MOD - [2009/02/18 19:41:17 | 000,005,120 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\SMDiagnostics.resources\3.0.0.0_fr_b77a5c561934e089\SMDiagnostics.resources.dll
MOD - [2009/02/03 16:08:00 | 000,032,768 | ---- | M] () -- C:\Program Files\OrangeHSS\Launcher\WatchClient.dll
MOD - [2007/12/19 18:28:32 | 000,345,384 | ---- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\TV\CLTinyDB.dll
MOD - [2007/12/19 18:28:20 | 000,251,288 | ---- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\TV\CLCapEngine.dll
MOD - [2007/12/19 18:28:20 | 000,120,208 | ---- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\TV\CLSchMgr.dll
MOD - [2007/12/19 18:28:20 | 000,038,184 | ---- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\TV\CLCapSvcps.dll
MOD - [2007/12/19 18:27:04 | 000,066,856 | ---- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\common\MCEMediaStatus.dll
MOD - [2007/08/14 15:43:46 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2007/07/12 13:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007/07/12 13:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/02/23 17:23:21 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/02/28 17:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2009/03/03 10:02:04 | 000,065,536 | ---- | M] (France Telecom SA) [Auto | Running] -- C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe -- (FTRTSVC)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/10/24 11:02:16 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007/03/05 09:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (USBModem)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (UsbDiag)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (usbbus)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (IpInIp)
DRV - [2012/02/23 17:12:28 | 000,610,648 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/02/23 17:12:16 | 000,337,112 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/02/23 17:10:46 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/02/23 17:10:39 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/02/23 17:10:34 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/02/23 17:10:16 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/05/10 07:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2009/10/03 05:02:06 | 009,905,096 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/02/03 16:07:42 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2009/02/03 16:07:40 | 000,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCAMp50.sys -- (PCAMp50)
DRV - [2007/09/18 00:17:36 | 000,098,816 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/07/11 09:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007/07/03 16:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007/07/03 16:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007/07/03 16:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2007/06/18 16:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/03/21 21:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/02/24 13:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/01/23 15:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/01/17 14:38:52 | 000,983,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006/11/02 08:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)
DRV - [2006/07/24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{68096A91-52BF-47E2-99D5-E102F1A93F7A}: "URL" = http://fr.kelkoopartners.net/ctl/do/sea ... archQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913932
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{A66091A8-1C1F-43E6-AAB4-E81144499536}: "URL" = http://slirsredirect.search.aol.com/sli ... 156&query={searchTerms}&invocationType=tb50hpcnnbie7-fr-fr
IE - HKLM\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = http://search.iminent.com/?appId=&ref=toolbox&q={searchTerms}
IE - HKLM\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q={searchTerms}&crm=1


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2004331368-872200146-798892892-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
IE - HKU\S-1-5-21-2004331368-872200146-798892892-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.iminent.com/?appId=0a6827 ... f=homepage
IE - HKU\S-1-5-21-2004331368-872200146-798892892-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2004331368-872200146-798892892-1000\..\URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll ()
IE - HKU\S-1-5-21-2004331368-872200146-798892892-1000\..\URLSearchHook: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found
IE - HKU\S-1-5-21-2004331368-872200146-798892892-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-2004331368-872200146-798892892-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=101365&mntrId=400e65310000000000000021003c3e83&tt=090212_ctrl
IE - HKU\S-1-5-21-2004331368-872200146-798892892-1000\..\SearchScopes\{68096A91-52BF-47E2-99D5-E102F1A93F7A}: "URL" = http://fr.kelkoopartners.net/ctl/do/sea ... archQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913932
IE - HKU\S-1-5-21-2004331368-872200146-798892892-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_fr
IE - HKU\S-1-5-21-2004331368-872200146-798892892-1000\..\SearchScopes\{8978B5AF-2901-4B25-AF91-726C4CE68302}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-2004331368-872200146-798892892-1000\..\SearchScopes\{8A244612-A1F7-11E0-95C0-E71F4824019B}: "URL" = http://badoo.com/startpage/?source=bsb&q={searchTerms}
IE - HKU\S-1-5-21-2004331368-872200146-798892892-1000\..\SearchScopes\{A66091A8-1C1F-43E6-AAB4-E81144499536}: "URL" = http://slirsredirect.search.aol.com/sli ... 156&query={searchTerms}&invocationType=tb50hpcnnbie7-fr-fr
IE - HKU\S-1-5-21-2004331368-872200146-798892892-1000\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = http://search.iminent.com/?appId=&ref=toolbox&q={searchTerms}
IE - HKU\S-1-5-21-2004331368-872200146-798892892-1000\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q={searchTerms}&crm=1
IE - HKU\S-1-5-21-2004331368-872200146-798892892-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2004331368-872200146-798892892-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "SearchTheWeb"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.fr/"
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Mathieu\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Mathieu\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll File not found
FF - HKCU\Software\MozillaPlugins\electronicarts.com/GameFacePlugin: C:\Users\Mathieu\AppData\Roaming\Electronic Arts\Game Face\1.0.0.18\npGameFacePlugin.dll (Electronic Arts)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/12/05 23:46:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\SpiderMessengerHelper@spidermessenger.com:
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/03/03 21:50:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/03/03 22:05:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/25 21:50:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/11 23:33:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/12/05 23:46:57 | 000,000,000 | ---D | M]

[2012/02/11 20:56:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mathieu\AppData\Roaming\mozilla\Extensions
[2012/02/16 19:57:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mathieu\AppData\Roaming\mozilla\Firefox\Profiles\t0np4bv7.default\extensions
[2012/02/12 00:28:05 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Users\Mathieu\AppData\Roaming\mozilla\Firefox\Profiles\t0np4bv7.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
[2012/02/16 19:57:17 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\Mathieu\AppData\Roaming\mozilla\Firefox\Profiles\t0np4bv7.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
[2012/02/16 19:15:09 | 000,000,000 | ---D | M] (Browser Companion Helper) -- C:\Users\Mathieu\AppData\Roaming\mozilla\Firefox\Profiles\t0np4bv7.default\extensions\bbrs_002@blabbers.com
[2012/02/16 19:14:56 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Mathieu\AppData\Roaming\mozilla\Firefox\Profiles\t0np4bv7.default\extensions\ffxtlbr@babylon.com
[2012/03/09 17:52:48 | 000,002,270 | ---- | M] () -- C:\Users\Mathieu\AppData\Roaming\Mozilla\Firefox\Profiles\t0np4bv7.default\searchplugins\SearchTheWeb.xml
[2012/02/25 21:50:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/12 00:27:58 | 000,000,000 | ---D | M] (Iminent WebBooster) -- C:\Program Files\Mozilla Firefox\extensions\webbooster@iminent.com
() (No name found) -- C:\USERS\MATHIEU\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T0NP4BV7.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/02/25 21:50:05 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/11 23:33:34 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/08 18:58:02 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2012/02/16 19:14:50 | 000,002,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012/02/08 18:46:45 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/08 18:58:02 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2012/02/08 18:58:02 | 000,001,154 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2011/12/23 13:02:16 | 000,002,157 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchTheWeb.xml
[2012/02/08 18:58:02 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2012/02/08 18:58:02 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

========== Chrome ==========

CHR - default_search_provider: Iminent (Enabled)
CHR - default_search_provider: search_url = http://search.iminent.com/?appId=0A6827 ... toolbox&q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: (Enabled) = C:\Users\Mathieu\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibgfbdggapddbjjbopabhlhianklajie\1.0.5_0\chromeNPAPI.dll
CHR - plugin: Iminent (Enabled) = C:\Users\Mathieu\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\4.43.0_0\npIminent.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll
CHR - plugin: Zylom Plugin (Enabled) = C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Mathieu\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Game Face Plugin (Enabled) = C:\Users\Mathieu\AppData\Roaming\Electronic Arts\Game Face\1.0.0.18\npGameFacePlugin.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: DealPly = C:\Users\Mathieu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\
CHR - Extension: Browser Companion Helper = C:\Users\Mathieu\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibgfbdggapddbjjbopabhlhianklajie\1.0.5_0\
CHR - Extension: avast! WebRep = C:\Users\Mathieu\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1407_0\
CHR - Extension: Iminent = C:\Users\Mathieu\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\4.43.0_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Mathieu\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Browser Companion Helper) - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files\BrowserCompanion\jsloader.dll ( )
O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (TBSB01620 Class) - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Program Files\IMinent Toolbar\tbcore3.dll ()
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL)
O2 - BHO: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Browser Companion Helper Verifier) - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files\BrowserCompanion\updatebhoWin32.dll ( )
O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent)
O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files\DealPly\DealPlyIE.dll (DealPly Technologies Ltd)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files\IMinent Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL)
O3 - HKU\S-1-5-21-2004331368-872200146-798892892-1000\..\Toolbar\WebBrowser: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files\IMinent Toolbar\tbcore3.dll ()
O3 - HKU\S-1-5-21-2004331368-872200146-798892892-1000\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Browser companion helper] C:\Program Files\BrowserCompanion\BCHelper.exe (Blabbers Communications LTD)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Iminent] C:\Program Files\Iminent\Iminent.exe (Iminent)
O4 - HKLM..\Run: [IminentMessenger] C:\Program Files\Iminent\Iminent.Messengers.exe (Iminent)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe (France Telecom SA)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2004331368-872200146-798892892-1000..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h File not found
O4 - HKU\S-1-5-21-2004331368-872200146-798892892-1000..\Run: [ejhmkp] "c:\users\mathieu\appdata\local\ejhmkp.exe" ejhmkp File not found
O4 - HKU\S-1-5-21-2004331368-872200146-798892892-1000..\Run: [Facebook Update] C:\Users\Mathieu\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-2004331368-872200146-798892892-1000..\Run: [fsm] File not found
O4 - HKU\S-1-5-21-2004331368-872200146-798892892-1000..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent File not found
O4 - HKU\S-1-5-21-2004331368-872200146-798892892-1000..\Run: [Software Informer] C:\Program Files\Software Informer\softinfo.exe (Informer Technologies, Inc.)
O4 - HKU\S-1-5-21-2004331368-872200146-798892892-1000..\Run: [SpiderMessenger] File not found
O4 - Startup: C:\Users\Mathieu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O8 - Extra context menu item: &Envoyer à OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: &Recherche AOL Toolbar - c:\Program Files\AOL\AOL Toolbar 5.0\resources\fr-FR\local\search.html ()
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-2004331368-872200146-798892892-1000\..Trusted Domains: mappy.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2004331368-872200146-798892892-1000\..Trusted Domains: orange.fr ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2004331368-872200146-798892892-1000\..Trusted Domains: voila.fr ([rw.search.ke] http in Trusted sites)
O15 - HKU\S-1-5-21-2004331368-872200146-798892892-1000\..Trusted Domains: weborama.fr ([orange] http in Trusted sites)
O15 - HKU\S-1-5-21-2004331368-872200146-798892892-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3208D13B-5BCF-4D1D-8FC5-55283BDB8971}: DhcpNameServer = 192.168.1.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4FAE890B-A261-409B-895A-C5D16C407E3E}: DhcpNameServer = 172.20.2.39 172.20.2.10
O18 - Protocol\Handler\base64 {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
O18 - Protocol\Handler\chrome {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
O18 - Protocol\Handler\prox {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img7.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img7.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/08 03:32:36 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 16:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{1445ad43-e5a2-11dd-ac20-001e68b05da3}\Shell\Auto\command - "" = C:\Windows\System32\cmd.exe -- [2008/01/21 03:23:50 | 000,318,976 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{1445ad43-e5a2-11dd-ac20-001e68b05da3}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat
O33 - MountPoints2\{17acd115-bca8-11dd-b1c3-001e68b05da3}\Shell\AutoRun\command - "" = F:\setupSNK.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/13 21:15:56 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Users\Mathieu\Desktop\OTL.exe
[2012/03/13 19:41:27 | 002,063,920 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Mathieu\Desktop\tdsskiller.exe
[2012/03/11 18:58:07 | 000,607,260 | R--- | C] (Swearware) -- C:\dds.scr
[2012/03/11 18:10:29 | 000,607,260 | ---- | C] (Swearware) -- C:\Users\Mathieu\Desktop\dds.scr
[2012/03/03 22:06:09 | 000,020,696 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/03/03 22:06:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/03/03 22:06:08 | 000,337,112 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/03/03 22:06:04 | 000,053,848 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/03/03 22:06:04 | 000,035,672 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012/03/03 22:06:03 | 000,610,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/03/03 22:06:01 | 000,057,688 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/03/03 22:04:52 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/03/03 22:04:51 | 000,201,352 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/03/02 11:20:29 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/03/02 11:20:29 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/02/28 11:40:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Xerox
[2012/02/26 13:59:29 | 000,000,000 | ---D | C] -- C:\Users\Mathieu\Desktop\photos sélection diapo ski
[2012/02/26 13:01:00 | 000,000,000 | ---D | C] -- C:\Users\Mathieu\AppData\Local\{F1055CBE-64B0-4132-9CA6-68A3DBD8295D}
[2012/02/26 13:00:49 | 000,000,000 | ---D | C] -- C:\Users\Mathieu\AppData\Local\{17595CD3-2E6A-4844-8D80-A5DE4334DD76}
[2012/02/26 13:00:13 | 000,000,000 | ---D | C] -- C:\Users\Mathieu\AppData\Local\WMTools Downloaded Files
[2012/02/26 12:56:05 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker 2.6
[2012/02/25 21:49:54 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/02/25 18:08:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[2012/02/25 18:05:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2012/02/25 18:04:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2012/02/25 17:59:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2012/02/17 15:48:59 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012/02/17 15:48:59 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/02/17 15:48:58 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012/02/17 15:48:57 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/02/17 15:48:57 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012/02/17 15:48:57 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012/02/17 15:48:57 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012/02/17 15:48:57 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012/02/17 15:48:56 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012/02/17 15:48:56 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012/02/17 15:48:56 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/02/17 15:48:56 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012/02/17 15:48:56 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012/02/17 15:48:55 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/02/17 15:48:55 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/02/17 15:48:55 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/02/17 15:48:55 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/02/17 15:48:55 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/02/17 15:48:55 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/02/17 15:48:54 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012/02/17 15:48:54 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012/02/17 15:48:54 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012/02/17 15:48:54 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/02/17 15:48:53 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/02/17 15:48:51 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/02/17 15:48:51 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012/02/17 15:48:51 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012/02/17 15:48:51 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/02/17 15:48:51 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012/02/17 15:48:51 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012/02/17 15:48:50 | 001,798,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/02/17 15:48:50 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/02/17 15:48:50 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/02/17 15:48:50 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012/02/17 15:48:49 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012/02/17 15:48:49 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012/02/17 15:48:49 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012/02/16 20:09:32 | 000,000,000 | R--D | C] -- C:\Users\Mathieu\Photos
[2012/02/16 19:19:54 | 000,000,000 | ---D | C] -- C:\Program Files\Lame For Audacity
[2012/02/16 19:15:07 | 000,000,000 | ---D | C] -- C:\Program Files\BrowserCompanion
[2012/02/15 18:17:32 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

========== Files - Modified Within 30 Days ==========

[2012/03/13 21:35:54 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/13 21:35:54 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/13 21:28:04 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/13 21:28:04 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/13 21:16:08 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\Mathieu\Desktop\OTL.exe
[2012/03/13 20:57:06 | 000,202,208 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012/03/13 20:57:06 | 000,202,208 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/03/13 20:57:06 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2004331368-872200146-798892892-1000UA.job
[2012/03/13 20:57:03 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2004331368-872200146-798892892-1000Core.job
[2012/03/13 20:57:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/13 19:41:45 | 002,063,920 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Mathieu\Desktop\tdsskiller.exe
[2012/03/13 19:38:59 | 000,001,103 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2012/03/13 19:37:47 | 000,000,426 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2012/03/13 19:35:48 | 2145,837,056 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/11 18:10:41 | 000,607,260 | R--- | M] (Swearware) -- C:\dds.scr
[2012/03/11 18:10:41 | 000,607,260 | ---- | M] (Swearware) -- C:\Users\Mathieu\Desktop\dds.scr
[2012/03/11 18:08:33 | 000,000,562 | ---- | M] () -- C:\Windows\tasks\Norton Security Scan for Mathieu.job
[2012/03/03 22:06:09 | 000,001,789 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/03/03 22:06:01 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/03/01 18:26:19 | 000,000,680 | ---- | M] () -- C:\Users\Mathieu\AppData\Local\d3d9caps.dat
[2012/02/28 11:33:44 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForMathieu.job
[2012/02/27 12:08:02 | 000,679,042 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2012/02/27 12:08:02 | 000,595,464 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/27 12:08:02 | 000,126,626 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2012/02/27 12:08:02 | 000,103,538 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/26 14:56:36 | 000,219,136 | -H-- | M] () -- C:\Users\Mathieu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/26 11:48:01 | 000,420,992 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/02/25 21:49:54 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/02/25 16:18:19 | 000,000,903 | ---- | M] () -- C:\Users\Mathieu\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/02/23 17:23:26 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/02/23 17:23:21 | 000,201,352 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/02/23 17:12:28 | 000,610,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/02/23 17:12:16 | 000,337,112 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/02/23 17:10:46 | 000,035,672 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012/02/23 17:10:39 | 000,053,848 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/02/23 17:10:34 | 000,057,688 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/02/23 17:10:16 | 000,020,696 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/02/23 09:18:36 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012/02/17 15:49:23 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2012/02/17 15:49:22 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2012/02/17 15:48:59 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012/02/17 15:48:59 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/02/17 15:48:58 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012/02/17 15:48:57 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/02/17 15:48:57 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012/02/17 15:48:57 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012/02/17 15:48:57 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012/02/17 15:48:57 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012/02/17 15:48:56 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012/02/17 15:48:56 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012/02/17 15:48:56 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/02/17 15:48:56 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012/02/17 15:48:56 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012/02/17 15:48:55 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/02/17 15:48:55 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/02/17 15:48:55 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/02/17 15:48:55 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/02/17 15:48:55 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/02/17 15:48:55 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012/02/17 15:48:55 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/02/17 15:48:54 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012/02/17 15:48:54 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012/02/17 15:48:54 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012/02/17 15:48:54 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/02/17 15:48:53 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/02/17 15:48:51 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/02/17 15:48:51 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012/02/17 15:48:51 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012/02/17 15:48:51 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/02/17 15:48:51 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012/02/17 15:48:51 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012/02/17 15:48:50 | 001,798,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/02/17 15:48:50 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/02/17 15:48:50 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/02/17 15:48:50 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012/02/17 15:48:49 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012/02/17 15:48:49 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012/02/17 15:48:49 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012/02/16 20:13:07 | 000,000,399 | ---- | M] () -- C:\Users\Mathieu\Desktop\Justine.lnk
[2012/02/16 19:14:58 | 000,000,239 | ---- | M] () -- C:\user.js
[2012/02/13 19:16:30 | 222,894,679 | ---- | M] () -- C:\Windows\MEMORY.DMP

========== Files Created - No Company Name ==========

[2012/03/03 22:06:09 | 000,001,789 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/03/03 15:06:54 | 2145,837,056 | -HS- | C] () -- C:\hiberfil.sys
[2012/02/26 12:56:06 | 000,002,479 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker 2.6.lnk
[2012/02/25 16:18:19 | 000,000,903 | ---- | C] () -- C:\Users\Mathieu\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/02/17 15:48:55 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012/02/16 19:14:57 | 000,000,239 | ---- | C] () -- C:\user.js
[2012/02/03 20:56:18 | 000,000,091 | -H-- | C] () -- C:\Users\Mathieu\AppData\Local\ejhmkp.bat
[2011/12/12 19:26:27 | 000,321,225 | -H-- | C] () -- C:\Users\Mathieu\AppData\Local\ejhmkp_nav.dat
[2011/12/12 19:26:27 | 000,004,539 | -H-- | C] () -- C:\Users\Mathieu\AppData\Local\ejhmkp_navps.dat
[2011/12/12 19:26:27 | 000,003,519 | -H-- | C] () -- C:\Users\Mathieu\AppData\Local\ejhmkp.dat
[2011/04/09 20:05:08 | 000,000,091 | -H-- | C] () -- C:\Users\Mathieu\AppData\Local\dcutdd.bat
[2010/07/04 09:35:33 | 000,047,487 | ---- | C] () -- C:\Windows\System32\agsrzwducwqvqf.exe
[2010/06/25 23:09:35 | 000,000,606 | ---- | C] () -- C:\Windows\hpomdl46.dat.temp
[2010/05/22 23:10:04 | 000,000,091 | -H-- | C] () -- C:\Users\Mathieu\AppData\Local\eppbllc.bat
[2010/05/06 12:38:03 | 000,000,092 | -H-- | C] () -- C:\Users\Mathieu\AppData\Local\jmhlv.bat
[2010/05/04 22:37:56 | 000,332,502 | -H-- | C] () -- C:\Users\Mathieu\AppData\Local\etriawgd_nav.dat
[2010/05/04 22:37:56 | 000,003,625 | -H-- | C] () -- C:\Users\Mathieu\AppData\Local\etriawgd_navps.dat
[2010/05/04 22:37:56 | 000,003,233 | -H-- | C] () -- C:\Users\Mathieu\AppData\Local\etriawgd.dat
[2010/04/20 11:03:56 | 000,000,090 | -H-- | C] () -- C:\Users\Mathieu\AppData\Local\icdxsmh.bat
[2010/04/16 10:08:51 | 000,328,505 | -H-- | C] () -- C:\Users\Mathieu\AppData\Local\rnrnrnr_nav.dat
[2010/04/16 10:08:51 | 000,003,416 | -H-- | C] () -- C:\Users\Mathieu\AppData\Local\rnrnrnr_navps.dat
[2010/04/16 10:08:51 | 000,003,295 | -H-- | C] () -- C:\Users\Mathieu\AppData\Local\rnrnrnr.dat
[2010/04/04 12:05:21 | 000,123,512 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/03/30 13:27:27 | 000,000,092 | -H-- | C] () -- C:\Users\Mathieu\AppData\Local\ijldfac.bat
[2010/03/29 22:56:26 | 000,328,438 | -H-- | C] () -- C:\Users\Mathieu\AppData\Local\gaabnvh_nav.dat
[2010/03/29 22:56:26 | 000,005,023 | -H-- | C] () -- C:\Users\Mathieu\AppData\Local\gaabnvh_navps.dat
[2010/03/29 22:56:26 | 000,003,283 | -H-- | C] () -- C:\Users\Mathieu\AppData\Local\gaabnvh.dat

========== LOP Check ==========

[2012/03/03 21:50:59 | 000,000,000 | ---D | M] -- C:\Users\Mathieu\AppData\Roaming\Audacity
[2011/08/22 20:22:38 | 000,000,000 | ---D | M] -- C:\Users\Mathieu\AppData\Roaming\Babylon
[2011/12/18 22:38:11 | 000,000,000 | ---D | M] -- C:\Users\Mathieu\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2009/02/16 20:10:53 | 000,000,000 | ---D | M] -- C:\Users\Mathieu\AppData\Roaming\DMCache
[2010/10/04 17:39:40 | 000,000,000 | ---D | M] -- C:\Users\Mathieu\AppData\Roaming\Electronic Arts
[2010/03/26 15:52:54 | 000,000,000 | ---D | M] -- C:\Users\Mathieu\AppData\Roaming\eoRezo
[2009/02/15 15:50:23 | 000,000,000 | ---D | M] -- C:\Users\Mathieu\AppData\Roaming\GetGo Software
[2009/02/16 21:20:44 | 000,000,000 | ---D | M] -- C:\Users\Mathieu\AppData\Roaming\IDM
[2012/02/12 00:28:25 | 000,000,000 | ---D | M] -- C:\Users\Mathieu\AppData\Roaming\Iminent
[2009/02/16 10:01:08 | 000,000,000 | ---D | M] -- C:\Users\Mathieu\AppData\Roaming\Leadertech
[2008/11/18 13:59:01 | 000,000,000 | ---D | M] -- C:\Users\Mathieu\AppData\Roaming\LG Electronics
[2009/07/27 16:53:08 | 000,000,000 | ---D | M] -- C:\Users\Mathieu\AppData\Roaming\Micro Application
[2010/01/18 01:48:52 | 000,000,000 | ---D | M] -- C:\Users\Mathieu\AppData\Roaming\muvee Technologies
[2012/02/11 23:47:38 | 000,000,000 | ---D | M] -- C:\Users\Mathieu\AppData\Roaming\OpenOffice.org
[2008/10/30 20:14:46 | 000,000,000 | ---D | M] -- C:\Users\Mathieu\AppData\Roaming\PeerNetworking
[2009/03/12 20:30:30 | 000,000,000 | ---D | M] -- C:\Users\Mathieu\AppData\Roaming\Samsung
[2012/03/13 19:40:15 | 000,000,000 | ---D | M] -- C:\Users\Mathieu\AppData\Roaming\Software Informer
[2009/03/03 23:10:57 | 000,000,000 | ---D | M] -- C:\Users\Mathieu\AppData\Roaming\Template
[2012/03/13 20:57:03 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2004331368-872200146-798892892-1000Core.job
[2012/03/13 20:57:06 | 000,000,936 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2004331368-872200146-798892892-1000UA.job
[2012/03/13 19:34:39 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >
jujucds
Regular Member
 
Posts: 20
Joined: March 11th, 2012, 9:34 am

Re: Computer infected with virus "Gendarmerie nationale"

Unread postby jujucds » March 13th, 2012, 5:05 pm

And finally, the content of the file Extras.Txt :

OTL Extras logfile created on: 13/03/2012 21:26:29 - Run 1
OTL by OldTimer - Version 3.2.36.3 Folder = C:\Users\Mathieu\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 0,87 Gb Available Physical Memory | 43,40% Memory free
4,23 Gb Paging File | 2,79 Gb Available in Paging File | 65,99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137,62 Gb Total Space | 60,98 Gb Free Space | 44,31% Space Free | Partition Type: NTFS
Drive D: | 11,43 Gb Total Space | 2,37 Gb Free Space | 20,78% Space Free | Partition Type: NTFS

Computer Name: PC | User Name: Mathieu | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2004331368-872200146-798892892-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe" = C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS -- (France Telecom SA)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C3C5534-268E-4826-AE9C-5F6C24592CAD}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{22D2FB40-7A67-4E18-B303-7FFDDACE535F}" = rport=2869 | protocol=6 | dir=out | app=system |
"{35923F49-A09C-40D7-996F-3D420B554D65}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{38BD040E-8887-4CFB-AE2E-304D599B0B0B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3C18E9A0-4E0A-48AE-A6C4-1A1822321E57}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{43B8FA80-EE6B-431F-967D-2E6802919326}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{43D59E80-A9ED-4C3E-97B5-41AC253DE083}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{49B98653-3F91-45CB-AF25-194A694B5BCF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{49C7BFB2-3D1E-4BBC-B1DC-6A3D94C0C2C8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4BB1A2EB-7DC6-41D4-84CF-0E90ADD2A76B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{4EFDA615-7A61-4862-8B7A-2AB89E5BBD7B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{5A7344BB-00A3-4659-9683-1CD402EE77EF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{61618BCC-CC5A-48F2-934E-2AB50E936E37}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{662AE78D-7B0A-4D94-8ECE-DFA6D53A9BCB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{72C34112-CD80-4214-B571-3075AEDD056F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{73D3BF36-039D-45D9-BCB3-FE55248F57E0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{765FA003-D92B-4E4F-B078-99E84D6743D5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{818034FC-A20B-4C82-A8BB-417518EFD245}" = lport=10243 | protocol=6 | dir=in | app=system |
"{96866597-866C-4144-A34A-4A93C08960DE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A17958E5-1A42-403A-817A-79D8032F9B63}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AADA8C7D-67B0-405F-BE7D-62B4CA0EBA9B}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{B0668573-2977-40C6-AB5B-5FD7A1FF421F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{B973048A-2BFC-4C84-8B61-856731110FE4}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{BF97328B-41A3-42BE-B384-E6CD8FB72EC5}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C3DCD097-0E22-442D-8658-AA617A8C9B8E}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C5EA5CA5-9F59-4E3F-B714-0ECA03A05C7A}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C8BE1391-BD9C-41A3-94D0-100B28A268EA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D516E829-C155-412F-AEEC-D7F8A0DBE5EF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DCB22D63-3702-4D22-9F6B-20C64DE77BD7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EA20DA0C-AF4D-4254-BC0B-306D1D4F07B3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FEA74A66-9906-4795-9819-41C4E0896CB4}" = rport=10243 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{050D1A61-699F-4EA7-9786-F3DDB0825311}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{0ADB8040-348B-4A43-8A22-310472DDC21B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{1096B610-CEE1-4AAC-B519-22025AD96052}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{1864A7DE-30DE-490D-A9F0-6DCA18C52FF6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{1BDC4CEB-B846-46D7-B244-1DDE676F8C24}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{21284650-121D-4362-B4AD-80F994E443DF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{28A2E4E2-BB8A-4E1F-B406-DABB8F589EA4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2F1C6610-110C-4CF6-A984-C6B88F76300E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2FAE95BF-0F5D-412D-8BF8-48FA363A1340}" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{3325C432-096E-4E35-8A38-5D377AB88029}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3EF12714-E54F-4273-9ACF-C1A8E53627CB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3F1349FB-D5F9-45CF-8719-12F65F5E1D28}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{40FB13DD-8F50-4BD8-9C57-653B21C23D33}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{412F5348-560D-4208-B71C-8583F71A7122}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{4785E5D1-F63A-417C-BFF8-C29794EF02DF}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{5156FB41-93DB-413C-A361-BEBFA26412B1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{52872535-0722-45AB-9BB5-7783489204CD}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{577F382E-6126-4CC4-BAAC-F4B2783980D5}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-203 |
"{596D874E-05AB-4B40-B7EE-54ED303A7230}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{5C53D4B8-6BBD-45C7-A00C-CD71AA774F37}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{6798A5A4-37AC-4054-A41B-FAE5717FDC34}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6EDB4917-D42F-4890-8C39-6246262ACD22}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6F840158-3159-475B-B404-874A991B4725}" = dir=in | app=c:\users\mathieu\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{72F1FEC3-80F2-403F-8E18-33E929B32574}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{79081752-A423-4F0A-8F5C-06B0F3366989}" = dir=in | app=e:\setup\hpznui01.exe |
"{7C6A501C-95E0-41C5-A5C6-8D29D667EDAC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7D750F7A-D3B0-49F6-A26D-8B6DD42F442C}" = protocol=6 | dir=out | app=system |
"{80569BA4-F57E-4BD6-9015-91ED6FE29C8B}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{8072C25D-28AD-41C0-A857-FDF2443862AB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{82E4F81E-4DFE-41FE-B551-0FC3DEC5E050}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{875B1FB5-62D9-4C81-8542-C5E73A6C43DF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8A5B5AA7-89EA-46FF-81A4-7A8F10A367DC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{8BD4ADBE-A4B5-4A32-8628-A4CEB1A995AC}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{9ABD4BBC-76D4-433D-88B8-3A888D0461AA}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{9B15AC6F-99E2-40AA-A5C2-8EB9B28F440C}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{9DEDBCC2-770C-41F6-99EE-2CB23BD7F7A1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9F25CFB2-B753-4420-8733-1997F2965884}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{A1FC38ED-8BC7-4A9D-92C8-400D4A4E10CD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B2C38177-A972-423E-A67F-386E4E5964AD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{B46CB9CA-B356-4391-BA21-B5E2EBAB0318}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{B4759EFA-7A4D-4B9C-84E6-BB6292218569}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{B4BAE9B3-0C71-4CA1-8691-30C525654284}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{BF55B0A7-D6A3-4660-912C-45FD45A6772D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{BFFCCD4E-E5F9-4968-8651-BCCAFF6DF017}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{C2BF4A44-0E62-4854-8EC1-139641C51973}" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{C65CC062-F944-4D85-A1BE-90D8CDD3FB9A}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{D245E28B-1768-464D-9CE8-F88163F377A3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{D3AD474E-BA4A-40FA-8C7E-F6F9285D6AFA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{DAEA6853-4527-4995-BFE8-D5A998166B1F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DB8A91F0-D224-4FFD-AAAB-B530E664AD7A}" = dir=in | app=c:\program files\iminent\iminent.messengers.exe |
"{DF25D6AA-F0FD-4F7F-8EA9-86107EBE259C}" = dir=in | app=c:\program files\iminent\iminent.exe |
"{E0C65306-F828-45C1-A7E8-9BBC8FEB9D61}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{E63F5E5A-9C4B-4F88-ADDA-931E413843D0}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{E761550D-B728-406C-ACFF-59A1624DF92C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EBD3CF65-5FD3-40E7-95D5-FC66E6EA4194}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{EC9CAB91-9BD4-4837-9713-2E3E89205156}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EF1A33F5-0FC1-41A2-BDAF-4858861BCB16}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{F33C70C9-FDA0-4BAB-9E59-0E2218CF8B0C}" = protocol=58 | dir=in | app=system |
"{F4729CBA-3410-4CFF-9318-221ECD833CB9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F543A268-F717-4AC8-B17F-FC2599AAF796}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{F9B233F6-63C1-4D16-AB97-1210245B39E8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FC781B13-C784-4A73-913B-3D628B0054D6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"TCP Query User{665CA208-76DE-4EB9-BFF1-9FF7C52458EF}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{685D0BA9-4605-41E1-8F2C-F7AB11D248B6}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |
"TCP Query User{77E392CF-B6E4-4EC9-9F43-CE96E139CF0D}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{90279823-9B35-4171-8118-ED0085C796D4}C:\program files\live-player\live-player.exe" = protocol=6 | dir=in | app=c:\program files\live-player\live-player.exe |
"TCP Query User{93C1AEEE-7D67-4D4C-9595-4BB4947EC956}C:\program files\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files\ares\ares.exe |
"TCP Query User{C82B5513-EF21-488A-B95A-68BBF48605AD}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{CDB2DF6C-8A0B-45F5-9258-7918297E44AE}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{D15989DE-A5BC-4B56-9B4D-4907FABAC6AA}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |
"TCP Query User{D47BF627-D8C7-4B40-BFF6-5BFF53348EA4}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{0CC2E295-DC19-46A3-8C71-C664A074410F}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{3E70ADBE-31D8-4505-95EB-03D5F86AD20F}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{9169DB86-ECE8-4AD3-AA7D-2BB94B24BD1E}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{B80A294E-88AC-45AA-BB7D-2B9E0DE8CA32}C:\program files\live-player\live-player.exe" = protocol=17 | dir=in | app=c:\program files\live-player\live-player.exe |
"UDP Query User{BAFDBE47-ACA0-4B77-AC99-808C444B4BB0}C:\program files\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files\ares\ares.exe |
"UDP Query User{BC141682-C89C-4421-A441-DAE6E83F743A}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{DA8E8E62-D27F-477D-9DB4-1093BAB9DB0E}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |
"UDP Query User{E1CAAA6B-B875-448E-AC69-AB895DF50155}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |
"UDP Query User{EE21B8A6-088A-4E79-BFB8-D4EC92C76ADA}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{040FF9BD-17BE-427B-85DD-67694FB8F786}" = Badoo Desktop
"{05653DE1-6567-40C6-B930-39D399B64369}" = OpenOffice.org 3.3
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{06A940CD-4924-485E-8500-476C9E08A820}" = Samsung PC Studio 3
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}" = Microsoft .NET Framework 4 Client Profile FRA Language Pack
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2075CB0A-D26F-4DAA-B424-5079296B43BA}" = Windows Live FolderShare
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{2315B23D-3E21-4920-837D-AE6460934ECB}" = FIFA 09
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{250E9609-E830-43EB-B379-DAB7546A2422}" = muvee autoProducer 6.1
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 E1
"{39853B6B-FA3D-4040-805D-957CE51C4D0D}" = Code de la Route - Objectif Examen
"{3B160861-7250-451E-B5EE-8B92BF30A710}" = Microsoft Works
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.6
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{497072FE-0A75-4E5C-A5B7-EB1FA67F66F1}" = DJ_AIO_06_F4500_SW_MIN
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4BD8E034-E0F4-4509-A753-467A8E854CD8}" = Iminent
"{4D49757C-367A-4333-BDB3-68966162B14E}" = HP User Guides 0087
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{55A7B938-3D1E-4819-A87B-F83E736EF52E}" = F4500
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{624E54D0-E4F4-434F-9EF6-D4D066EE4348}" = Facebook Video Calling 1.1.1.1
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E5324C1-84FC-4F76-9A3A-C65E07F80EE6}" = Complément Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7421E270-0140-4F62-AE39-ECB9F1C81B35}" = SAGEM Wi-Fi 11g USB adapter (pilote)
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7AC15160-A49B-4A89-B181-D4619C025FFF}" = Samsung Samples Installer
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7DC4A410-9986-4329-9E5D-687B2C42CA39}" = HP QuickTouch 1.00 C4
"{7F08A772-2816-4F46-84F1-49578502AD28}" = HP Deskjet F4500 Printer Driver Software 13.0 Rel .6
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2010
"{90140000-0015-040C-0000-0000000FF1CE}_Office14.SingleImage_{C3AE9E57-4CD3-44FB-802F-9B461B26E3EB}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2010
"{90140000-0016-040C-0000-0000000FF1CE}_Office14.SingleImage_{C3AE9E57-4CD3-44FB-802F-9B461B26E3EB}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2010
"{90140000-0018-040C-0000-0000000FF1CE}_Office14.SingleImage_{C3AE9E57-4CD3-44FB-802F-9B461B26E3EB}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2010
"{90140000-0019-040C-0000-0000000FF1CE}_Office14.SingleImage_{C3AE9E57-4CD3-44FB-802F-9B461B26E3EB}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2010
"{90140000-001A-040C-0000-0000000FF1CE}_Office14.SingleImage_{C3AE9E57-4CD3-44FB-802F-9B461B26E3EB}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2010
"{90140000-001B-040C-0000-0000000FF1CE}_Office14.SingleImage_{C3AE9E57-4CD3-44FB-802F-9B461B26E3EB}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2010
"{90140000-001F-0401-0000-0000000FF1CE}_Office14.SingleImage_{1A43C155-3DDA-43C9-92C5-0E7D0B2B156D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2010
"{90140000-001F-0413-0000-0000000FF1CE}_Office14.SingleImage_{5072FEA2-862C-4BF0-9654-CB0DCBE2BE28}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2010
"{90140000-002C-040C-0000-0000000FF1CE}_Office14.SingleImage_{C8E4AA87-3E5A-4C70-8CB7-43FE25C99B74}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2010
"{90140000-0044-040C-0000-0000000FF1CE}_Office14.PROPLUS_{C3AE9E57-4CD3-44FB-802F-9B461B26E3EB}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2010
"{90140000-006E-040C-0000-0000000FF1CE}_Office14.SingleImage_{7C5C7E8C-F6D2-43AC-93A4-89E4FF7367E6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2010
"{90140000-00A1-040C-0000-0000000FF1CE}_Office14.SingleImage_{C3AE9E57-4CD3-44FB-802F-9B461B26E3EB}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-040C-0000-0000000FF1CE}" = Microsoft Office Groove MUI (French) 2010
"{90140000-00BA-040C-0000-0000000FF1CE}_Office14.PROPLUS_{C3AE9E57-4CD3-44FB-802F-9B461B26E3EB}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (French)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{952DEE45-7C0B-4CDF-80B3-D14BE6B02678}" = MSN Polygamy 8.1
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}" = IMinent Toolbar
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AB93C51F-71F9-4A28-8134-FE1B5B9373E9}" = Windows Live Remote Service Resources
"{AC76BA86-7AD7-1036-7B44-A81300000003}" = Adobe Reader 8.1.4 - Français
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{b02df929-29a7-4fd2-9a70-81a644b635f7}" = HP Total Care Advisor
"{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety
"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{C861504E-2F57-4F95-AB0A-C7C7D8E46A4E}" = Windows Live Family Safety
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software 1.10.13.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D416E000-D999-470A-BCAC-98E717CC1AFC}" = VirginMega.Fr Premium
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DFDBE1F9-04CE-4645-BB6C-4590EABC7A9C}" = Windows Live Remote Client Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1845F1C-068C-F8F4-D31D-D3540D47C453}" = Adobe Download Assistant
"{E2AA331E-E10E-438C-B1C0-24B2FFD3D9C4}" = SAGEM Wi-Fi 11g USB adapter (pilote)
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy
"{FDB5E0F3-86EA-4379-8A2F-1BC2436543E9}" = iCloud
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{ORAHSS}.UninstallSuite" = Orange - Logiciels Internet
"74b95b8f" = Contextual Tool Lightspeedincome
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AOL Toolbar" = AOL Toolbar 5.0
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"avast" = avast! Free Antivirus
"BabylonToolbar" = Babylon toolbar on IE
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"BrowserCompanion" = BrowserCompanion
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"DealPly" = DealPly
"EoRezo_is1" = EoRezo 10.3
"GeoGebra" = GeoGebra
"Google Chrome" = Google Chrome
"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"IMBoosterARP" = Iminent
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"king.com" = king.com (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.4.2 (Full)
"LAME_is1" = LAME v3.99.3 (for Windows)
"ljvtyv" = Favorit
"Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile FRA Language Pack" = Module linguistique Microsoft .NET Framework 4 Client Profile FRA
"Mozilla Firefox 10.0.2 (x86 fr)" = Mozilla Firefox 10.0.2 (x86 fr)
"NSS" = Norton Security Scan
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUS" = Microsoft Office Professionnel Plus 2010
"Office14.SingleImage" = Microsoft Office Famille et Petite Entreprise 2010
"PhotoFiltre" = PhotoFiltre
"RealPlayer 12.0" = RealPlayer
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Shop for HP Supplies" = Shop for HP Supplies
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"SMSERIAL" = Motorola SM56 Data Fax Modem
"Software Informer_is1" = Software Informer 1.0 BETA
"SoftwareUpdate_is1" = SoftwareUpdate 1.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live
"Zylom Games Player Plugin" = Zylom Games Player Plugin

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2004331368-872200146-798892892-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"EA SPORTS Game Face Browser Plugin" = EA SPORTS Game Face Browser Plugin 1.0.0.18
"FoxTab Video Converter" = FoxTab Video Converter
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 13/03/2012 14:54:21 | Computer Name = PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2449

Error - 13/03/2012 14:54:23 | Computer Name = PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 13/03/2012 14:54:23 | Computer Name = PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3604

Error - 13/03/2012 14:54:23 | Computer Name = PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3604

Error - 13/03/2012 15:56:55 | Computer Name = PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 13/03/2012 15:56:55 | Computer Name = PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3756114

Error - 13/03/2012 15:56:55 | Computer Name = PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3756114

Error - 13/03/2012 15:56:56 | Computer Name = PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 13/03/2012 15:56:56 | Computer Name = PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3757300

Error - 13/03/2012 15:56:56 | Computer Name = PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3757300

[ System Events ]
Error - 12/03/2012 18:51:34 | Computer Name = PC | Source = iaStor | ID = 262153
Description = Le périphérique \Device\Ide\iaStor0 n'a pas répondu dans le délai
imparti.

Error - 13/03/2012 12:23:19 | Computer Name = PC | Source = Service Control Manager | ID = 7000
Description =

Error - 13/03/2012 12:26:10 | Computer Name = PC | Source = ipnathlp | ID = 31004
Description = L'agent proxy DNS n'a pas pu allouer 0 octets de mémoire. Ceci peut
indiquer que le système n'a plus beaucoup de mémoire virtuelle, ou que le gestionnaire
de mémoire a rencontré une erreur interne.

Error - 13/03/2012 12:26:33 | Computer Name = PC | Source = ipnathlp | ID = 31004
Description = L'agent proxy DNS n'a pas pu allouer 0 octets de mémoire. Ceci peut
indiquer que le système n'a plus beaucoup de mémoire virtuelle, ou que le gestionnaire
de mémoire a rencontré une erreur interne.

Error - 13/03/2012 12:30:24 | Computer Name = PC | Source = ipnathlp | ID = 31004
Description = L'agent proxy DNS n'a pas pu allouer 0 octets de mémoire. Ceci peut
indiquer que le système n'a plus beaucoup de mémoire virtuelle, ou que le gestionnaire
de mémoire a rencontré une erreur interne.

Error - 13/03/2012 14:37:30 | Computer Name = PC | Source = Service Control Manager | ID = 7000
Description =

Error - 13/03/2012 14:37:44 | Computer Name = PC | Source = Service Control Manager | ID = 7022
Description =

Error - 13/03/2012 14:37:44 | Computer Name = PC | Source = Service Control Manager | ID = 7001
Description =

Error - 13/03/2012 14:52:54 | Computer Name = PC | Source = ipnathlp | ID = 31004
Description = L'agent proxy DNS n'a pas pu allouer 0 octets de mémoire. Ceci peut
indiquer que le système n'a plus beaucoup de mémoire virtuelle, ou que le gestionnaire
de mémoire a rencontré une erreur interne.

Error - 13/03/2012 15:59:01 | Computer Name = PC | Source = BROWSER | ID = 8032
Description =


< End of report >


Thanks for your help,
Best regards.
jujucds
jujucds
Regular Member
 
Posts: 20
Joined: March 11th, 2012, 9:34 am

Re: Computer infected with virus "Gendarmerie nationale"

Unread postby askey127 » March 13th, 2012, 6:48 pm

jujucds,
You do not seem to have a rootkit infection. That's good!
It appears that at one time you had Ares on here.
That will get your machine infected...fast.
It also appears you may have had some pieces of iLivid or Searchqu toolbars as well. We will see.
Do not allow the iLivid toolbar to download onto your machine. There are other downloaders for YouTube.

Is it important for you to keep Iminent, even if it restricts your searches and tracks your behavior?

Don't allow anything except Microsoft and your Internet provider into the Trusted Range of Internet Explorer.
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
  • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
    Code: Select all
    :OTL
    O4 - HKU\S-1-5-21-2004331368-872200146-798892892-1000..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h File not found
    O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files\DealPly\DealPlyIE.dll (DealPly Technologies Ltd)
    IE - HKLM\..\SearchScopes\{68096A91-52BF-47E2-99D5-E102F1A93F7A}: "URL" = http://fr.kelkoopartners.net/ctl/do/sea ... archQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partner
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\..\SearchScopes\{A66091A8-1C1F-43E6-AAB4-E81144499536}: "URL" = http://slirsredirect.search.aol.com/sli ... 156&query={searchTerms}&invocationType=tb50hpcnnbie7-fr-fr
    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
    O15 - HKU\S-1-5-21-2004331368-872200146-798892892-1000\..Trusted Domains: mappy.com ([]http in Trusted sites)
    O15 - HKU\S-1-5-21-2004331368-872200146-798892892-1000\..Trusted Domains: voila.fr ([rw.search.ke] http in Trusted sites)
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [emptyjava]
    [emptyflash] 
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
---------------------------------------------
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    
    :folderfind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    
    :Regfind
    Fun4IM
    Bandoo
    Searchqu
    iLivid
    whitesmoke
    datamngr
    kelkoopartners
    trolltech
    
    
  • Click the Look button to start the scan.
    Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Computer infected with virus "Gendarmerie nationale"

Unread postby jujucds » March 17th, 2012, 5:48 pm

Hello,
It's not important for me to keep Iminent.
I have followed your instructions but when running OTL to correct the problems, the program OTL executed most instructions lines but the last 2 lines. The computer got frozen at this time and it was necessary to reboot it. I didn't execute the next instructions.
What should I do?
Thanhs for you help,
Jujucds.
jujucds
Regular Member
 
Posts: 20
Joined: March 11th, 2012, 9:34 am

Re: Computer infected with virus "Gendarmerie nationale"

Unread postby askey127 » March 17th, 2012, 6:58 pm

You should run the SystemLook set of instructions and post the results, anyway.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Computer infected with virus "Gendarmerie nationale"

Unread postby jujucds » March 18th, 2012, 2:46 pm

Hello,

As OTL gets frozen each time it try to run it, I have no log of the Quick Scan that I could send you.
I have runed the SystemLook program and I send you below the content of the file SystemLook.txt :

SystemLook 30.07.11 by jpshortstuff
Log created at 19:02 on 18/03/2012 by Mathieu
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Searchqu*"
No files found.

Searching for "*iLivid*"
No files found.

Searching for "*whitesmoke*"
No files found.

Searching for "*datamngr*"
No files found.

Searching for "*trolltech*"
No files found.

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*iLivid*"
No folders found.

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
No folders found.

Searching for "*trolltech*"
No folders found.

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Searchqu"
[HKEY_CURRENT_USER\Software\HP Guide\Menu]
"2"="DESKBAND|Comparatif d'achats|http://fr.kelkoopartners.net/ctl/do/search?fromform=true&x=true&y=true&partner=hp&partnerId=96914496&siteSearchQuery=||null|6|0|0"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{68096A91-52BF-47E2-99D5-E102F1A93F7A}]
"URL"="http://fr.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913932"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_USERS\S-1-5-21-2004331368-872200146-798892892-1000\Software\HP Guide\Menu]
"2"="DESKBAND|Comparatif d'achats|http://fr.kelkoopartners.net/ctl/do/search?fromform=true&x=true&y=true&partner=hp&partnerId=96914496&siteSearchQuery=||null|6|0|0"
[HKEY_USERS\S-1-5-21-2004331368-872200146-798892892-1000\Software\Microsoft\Internet Explorer\SearchScopes\{68096A91-52BF-47E2-99D5-E102F1A93F7A}]
"URL"="http://fr.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913932"

Searching for "iLivid"
No data found.

Searching for "whitesmoke"
No data found.

Searching for "datamngr"
No data found.

Searching for "kelkoopartners"
[HKEY_CURRENT_USER\Software\HP Guide\Menu]
"2"="DESKBAND|Comparatif d'achats|http://fr.kelkoopartners.net/ctl/do/search?fromform=true&x=true&y=true&partner=hp&partnerId=96914496&siteSearchQuery=||null|6|0|0"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{68096A91-52BF-47E2-99D5-E102F1A93F7A}]
"URL"="http://fr.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913932"
[HKEY_USERS\S-1-5-21-2004331368-872200146-798892892-1000\Software\HP Guide\Menu]
"2"="DESKBAND|Comparatif d'achats|http://fr.kelkoopartners.net/ctl/do/search?fromform=true&x=true&y=true&partner=hp&partnerId=96914496&siteSearchQuery=||null|6|0|0"
[HKEY_USERS\S-1-5-21-2004331368-872200146-798892892-1000\Software\Microsoft\Internet Explorer\SearchScopes\{68096A91-52BF-47E2-99D5-E102F1A93F7A}]
"URL"="http://fr.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913932"

Searching for "trolltech"
[HKEY_CURRENT_USER\Software\Trolltech]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.3\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.4\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-2004331368-872200146-798892892-1000\Software\Trolltech]
[HKEY_USERS\S-1-5-21-2004331368-872200146-798892892-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.3\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-2004331368-872200146-798892892-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.4\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]

-= EOF =-

Best regards,
jujucds.
jujucds
Regular Member
 
Posts: 20
Joined: March 11th, 2012, 9:34 am

Re: Computer infected with virus "Gendarmerie nationale"

Unread postby askey127 » March 18th, 2012, 4:13 pm

jujucds,


----------------------------------------------
Perform a Custom Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
  • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
    Code: Select all
    :Reg
    [=HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{68096A91-52BF-47E2-99D5-E102F1A93F7A}]
    [-HKEY_USERS\S-1-5-21-2004331368-872200146-798892892-1000\Software\Microsoft\Internet Explorer\SearchScopes\{68096A91-52BF-47E2-99D5-E102F1A93F7A}]
    [-HKEY_CURRENT_USER\Software\Trolltech]
    [-HKEY_USERS\S-1-5-21-2004331368-872200146-798892892-1000\Software\Trolltech]
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button.
    See if it will run.
    If so, Post the log it produces in your next reply.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Computer infected with virus "Gendarmerie nationale"

Unread postby askey127 » March 22nd, 2012, 6:00 am

Due to Lack of Response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 42 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware