Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

computer infected with "virus gendarmerie" bis

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

computer infected with "virus gendarmerie" bis

Unread postby jujucds » March 31st, 2012, 9:40 am

Hello,
I have already created a topic to solve my problem with a virus but it was interupted because I took too long to answer.
Below are the details of my problem.
I recently bought a second hand computer with no antivirus installed. I was browsing on the Internet when an add popup infested my computer with a virus called « Gendarmerie nationale ». This virus blocked my computer and I succeeded in unlocking it looking at an Internet procedure. After that, I installed the Avast antivirus and I made a scan of my computer. There were viruses detected, some of which couldn’t be removed. I tried to come back to a previous System Restore Point and made another virus scan but viruses were still present. I made several scans and I tried to remove the infected files but the viruses are still present. Can you, please, help me?
Best regards.


Belox the contents of file DDS.txt :

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Mathieu at 15:33:20 on 2012-03-31
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.2046.874 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\BrowserCompanion\BCHelper.exe
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Software Informer\softinfo.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\OrangeHSS\systray\systrayapp.exe
C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.fr/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
mStart Page =
mDefault_Page_URL =
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Search Class: {08c06d61-f1f3-4799-86f8-be1a89362c85} - c:\program files\orangehss\searchurlhook\SearchPageURL.dll
BHO: Browser Companion Helper: {00cbb66b-1d3b-46d3-9577-323a336acb50} - c:\program files\browsercompanion\jsloader.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Aide pour le lien d'Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - c:\program files\babylontoolbar\babylontoolbar\1.5.3.17\bh\BabylonToolbar.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Browser Companion Helper Verifier: {963b125b-8b21-49a2-a3a8-e37092276531} - c:\program files\browsercompanion\updatebhoWin32.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - c:\program files\babylontoolbar\babylontoolbar\1.5.3.17\BabylonToolbarTlbr.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Software Informer] "c:\program files\software informer\softinfo.exe" -autorun
uRun: [fsm]
uRun: [RGSC] c:\program files\rockstar games\rockstar games social club\RGSCLauncher.exe /silent
uRun: [SpiderMessenger]
uRun: [Facebook Update] "c:\users\mathieu\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ejhmkp] "c:\users\mathieu\appdata\local\ejhmkp.exe" ejhmkp
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\1.0"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [WAWifiMessage] c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [ORAHSSSessionManager] "c:\program files\orangehss\sessionmanager\SessionManager.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Browser companion helper] c:\program files\browsercompanion\BCHelper.exe /T=3 /CHI=ibgfbdggapddbjjbopabhlhianklajie
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
StartupFolder: c:\users\mathieu\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Envoyer à OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 5.0\resources\fr-fr\local\search.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: mappy.com
Trusted Zone: orange.fr
Trusted Zone: voila.fr\rw.search.ke
Trusted Zone: weborama.fr\orange
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.2
TCP: Interfaces\{3208D13B-5BCF-4D1D-8FC5-55283BDB8971} : DhcpNameServer = 192.168.1.2
TCP: Interfaces\{4FAE890B-A261-409B-895A-C5D16C407E3E} : DhcpNameServer = 172.20.2.39 172.20.2.10
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\browsercompanion\tdataprotocol.dll
Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\browsercompanion\tdataprotocol.dll
Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\browsercompanion\tdataprotocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\mathieu\appdata\roaming\mozilla\firefox\profiles\t0np4bv7.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\programdata\zylom\zylomgamesplayer\npzylomgamesplayer.dll
FF - plugin: c:\users\mathieu\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\users\mathieu\appdata\roaming\electronic arts\game face\1.0.0.18\npGameFacePlugin.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.id - 400e65310000000000000021003c3e83
FF - user.js: extensions.BabylonToolbar_i.hardId - 400e65310000000000000021003c3e83
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15386
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1719:14:56
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - tt=090212_ctrl
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-3-3 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-3-3 337880]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-3-3 20696]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-3-3 57688]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-3-3 44768]
R2 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1ca87f39cf38848;Service Google Update (gupdate1ca87f39cf38848);c:\program files\google\update\GoogleUpdate.exe [2009-12-28 133104]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-25 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]
S3 gupdatem;Service Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-28 133104]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-5-10 18432]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\system32\drivers\PCAMp50.sys [2009-12-19 28224]
S3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2012-03-11 17:10:41 607260 ------r- C:\dds.scr
2012-03-06 23:15:19 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:03:51 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:01:48 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-02-25 20:49:54 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 08:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-14 15:45:30 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-14 15:45:30 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-13 14:12:08 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-13 13:47:57 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-02-13 13:44:40 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-02-11 22:33:34 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-02 15:16:25 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-01-09 15:54:08 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-01-09 13:58:29 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 15:34:22,45 ===============


and then the contents of file Attach.txt :

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Édition Familiale Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 19/07/2008 01:52:53
System Uptime: 31/03/2012 14:25:51 (1 hours ago)
.
Motherboard: Quanta | | 30D2
Processor: Intel(R) Pentium(R) Dual CPU T2390 @ 1.86GHz | U2E1 | 1867/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 138 GiB total, 63,384 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 2,375 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Download Assistant
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 8.1.4 - Français
Adobe Shockwave Player
Adobe Shockwave Player 11
AOL Toolbar 5.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.3.13 (Unicode)
avast! Free Antivirus
Babylon toolbar on IE
Badoo Desktop
Bing Bar
Bonjour
Broadcom 802.11 Wireless LAN Adapter
BrowserCompanion
BufferChm
Code de la Route - Objectif Examen
Complément Messenger
Contextual Tool Lightspeedincome
Contrôle ActiveX Windows Live Mesh pour connexions à distance
Copy
CyberLink YouCam
D3DX10
DealPly
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destinations
DeviceDiscovery
DJ_AIO_06_F4500_SW_MIN
DVD Suite
EA SPORTS Game Face Browser Plugin 1.0.0.18
EoRezo 10.3
F4500
Facebook Video Calling 1.2.0.159
Favorit
FIFA 09
FoxTab Video Converter
Galerie de photos Windows Live
GeoGebra
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Customer Participation Program 13.0
HP Deskjet F4500 Printer Driver Software 13.0 Rel .6
HP Doc Viewer
HP Easy Setup - Frontend
HP Help and Support
HP Imaging Device Functions 13.0
HP Print Projects 1.0
HP Quick Launch Buttons 6.30 E1
HP QuickPlay 3.6
HP QuickTouch 1.00 C4
HP Smart Web Printing 4.5
HP Solution Center 13.0
HP Total Care Advisor
HP Update
HP User Guides 0087
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPNetworkAssistant
HPPhotoGadget
hpPrintProjects
HPProductAssistant
HPSSupply
hpWLPGInstaller
iCloud
Intel® Matrix Storage Manager
iTunes
Junk Mail filter update
K-Lite Codec Pack 4.4.2 (Full)
king.com (remove only)
LabelPrint
LAME v3.99.3 (for Windows)
LightScribe System Software 1.10.13.1
MarketResearch
Mesh Runtime
Microsoft .NET Framework 3.5 Language Pack SP1 - fra
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile FRA Language Pack
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (French) 2010
Microsoft Office Excel MUI (French) 2010
Microsoft Office Famille et Petite Entreprise 2010
Microsoft Office Groove MUI (French) 2010
Microsoft Office InfoPath MUI (French) 2010
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (French) 2010
Microsoft Office Outlook MUI (French) 2010
Microsoft Office PowerPoint MUI (French) 2010
Microsoft Office PowerPoint Viewer 2007 (French)
Microsoft Office Professional Plus 2010
Microsoft Office Professionnel Plus 2010
Microsoft Office Proof (Arabic) 2010
Microsoft Office Proof (Dutch) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (French) 2010
Microsoft Office Publisher MUI (French) 2010
Microsoft Office Shared MUI (French) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (French) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Works
MobileMe Control Panel
Module de compatibilité pour Microsoft Office System 2007
Module linguistique Microsoft .NET Framework 3.5 SP1- fra
Module linguistique Microsoft .NET Framework 4 Client Profile FRA
Motorola SM56 Data Fax Modem
Mozilla Firefox 11.0 (x86 fr)
MSN Polygamy 8.1
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.1
Network
Norton Security Scan
NVIDIA Drivers
OpenOffice.org 3.3
Orange - Logiciels Internet
PhotoFiltre
Power2Go
PowerDirector
PVSonyDll
QuickPlay SlingPlayer 0.4.6
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
RealUpgrade 1.1
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
Safari
SAGEM Wi-Fi 11g USB adapter (pilote)
SAMSUNG Mobile Composite Device Software
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3
Samsung PC Studio 3 USB Driver Installer
Samsung Samples Installer
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
Security Update for Module linguistique Microsoft .NET Framework 4 Client Profile FRA (KB2478663)
Security Update for Module linguistique Microsoft .NET Framework 4 Client Profile FRA (KB2518870)
Segoe UI
Shop for HP Supplies
Skype web features
SmartWebPrinting
Software Informer 1.0 BETA
SoftwareUpdate 1.0
SolutionCenter
Status
Synaptics Pointing Device Driver
Toolbox
TrayApp
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
Viewpoint Media Player
VirginMega.Fr Premium
VLC media player 1.1.11
WebReg
Windows Live
Windows Live Communications Platform
Windows Live Family Safety
Windows Live FolderShare
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Movie Maker 2.6
Zylom Games Player Plugin
.
==== End Of File ===========================


Thanks you for you help,
jujucds
jujucds
Regular Member
 
Posts: 20
Joined: March 11th, 2012, 9:34 am
Advertisement
Register to Remove

Re: computer infected with "virus gendarmerie" bis

Unread postby Gary R » April 3rd, 2012, 7:01 am

Looking over your logs, back soon.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: computer infected with "virus gendarmerie" bis

Unread postby Gary R » April 3rd, 2012, 7:11 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the "Help with spyware removal" forum and wait for help.


Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed. As you have previously failed to respond to a previous topic, if I have to close this one for the same reason, you will not be allowed to open another help topic here.


Hi jujucds

I'm Gary R,

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Please observe these rules while we work:
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.
  • If you're using Vista or Windows7, it will be necessary to right click all tools we use and select ----> Run as Administrator
It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


Download ComboFix from one of these locations and save it to your Desktop: (if you already have a copy of Combofix, delete it and use this version)

Link 1
Link 2

IMPORTANT !!! ComboFix.exe must be run from your Desktop

  • Disable your AntiVirus and AntiSpyware applications, they may otherwise interfere with Combofix. There are details for disabling many programmes here.
  • Double click on ComboFix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install Microsoft Windows Recovery Console.

**Please note: If Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Image

Once Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Image

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you.

Please include this log in your next reply. ......... (it can also be found at C:\ComboFix.txt)

IMPORTANT
  • Do not use your computer while Combofix is running.
  • Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  • If you've lost your Internet connection when Combofix has completely finished, re-start your computer to restore it.
If you have any problems with these instructions, a detailed Tutorial for how to use Combofix is available here.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: computer infected with "virus gendarmerie" bis

Unread postby jujucds » April 3rd, 2012, 4:38 pm

Hello,
Below is the result of the scan by combofix :

ComboFix 12-04-03.02 - Mathieu 03/04/2012 22:03:10.1.2 - x86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.2046.910 [GMT 2:00]
Lancé depuis: C:\Users\Mathieu\Desktop\Combofix\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Eorezo
C:\Program Files\Eorezo\confmedia.cyp
C:\Program Files\Eorezo\unins000.dat
C:\Program Files\Eorezo\unins000.exe
C:\Users\Mathieu\AppData\Local\cbrpx.dat
C:\Users\Mathieu\AppData\Local\cbrpx_nav.dat
C:\Users\Mathieu\AppData\Local\cbrpx_navps.dat
C:\Users\Mathieu\AppData\Local\ejhmkp.dat
C:\Users\Mathieu\AppData\Local\ejhmkp_nav.dat
C:\Users\Mathieu\AppData\Local\ejhmkp_navps.dat
C:\Users\Mathieu\AppData\Local\etriawgd.dat
C:\Users\Mathieu\AppData\Local\etriawgd_nav.dat
C:\Users\Mathieu\AppData\Local\etriawgd_navps.dat
C:\Users\Mathieu\AppData\Local\gaabnvh.dat
C:\Users\Mathieu\AppData\Local\gaabnvh_nav.dat
C:\Users\Mathieu\AppData\Local\gaabnvh_navps.dat
C:\Users\Mathieu\AppData\Local\rnrnrnr.dat
C:\Users\Mathieu\AppData\Local\rnrnrnr_nav.dat
C:\Users\Mathieu\AppData\Local\rnrnrnr_navps.dat
C:\Users\Mathieu\AppData\Roaming\eoRezo
C:\Users\Mathieu\AppData\Roaming\eoRezo\install.exe
C:\Users\Mathieu\AppData\Roaming\eoRezo\SoftwareUpdate\help_config.cyp
C:\Users\Mathieu\AppData\Roaming\eoRezo\SoftwareUpdate\SoftwareUpdate.exe
C:\Users\Mathieu\AppData\Roaming\eoRezo\SoftwareUpdate\unins000.dat
C:\Users\Mathieu\AppData\Roaming\eoRezo\SoftwareUpdate\unins000.exe
C:\Users\Mathieu\AppData\Roaming\eoRezo\SoftwareUpdate\user_config.cyp
C:\Users\Mathieu\AppData\Roaming\eoRezo\SoftwareUpdate\user_profil.cyp
C:\Windows\system32\KBL.LOG


((((((((((((((((((((((((((((( Fichiers créés du 2012-03-03 au 2012-04-03 ))))))))))))))))))))))))))))))))))))


2012-04-03 20:18:07 . 2012-04-03 20:18:07 -------- d-----w- C:\Users\Invité\AppData\Local\temp
2012-04-03 20:18:07 . 2012-04-03 20:18:07 -------- d-----w- C:\Users\Default\AppData\Local\temp
2012-04-03 16:10:58 . 2012-04-03 16:10:58 56200 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{63ADCB21-4805-4EF9-9FA1-636EE34CA16C}\offreg.dll
2012-04-03 16:00:20 . 2012-03-14 02:15:38 6582328 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{63ADCB21-4805-4EF9-9FA1-636EE34CA16C}\mpengine.dll
2012-03-19 16:00:27 . 2012-03-19 16:00:28 592824 ----a-w- C:\Program Files\Mozilla Firefox\gkmedias.dll
2012-03-19 16:00:27 . 2012-03-19 16:00:27 44472 ----a-w- C:\Program Files\Mozilla Firefox\mozglue.dll
2012-03-15 20:36:53 . 2012-03-15 20:36:53 -------- d-----w- C:\_OTL
2012-03-14 18:11:53 . 2012-02-02 15:16:25 2044416 ----a-w- C:\Windows\system32\win32k.sys
2012-03-14 18:11:52 . 2012-02-14 15:45:30 219648 ----a-w- C:\Windows\system32\d3d10_1core.dll
2012-03-14 18:11:52 . 2012-02-13 13:44:40 1068544 ----a-w- C:\Windows\system32\DWrite.dll
2012-03-14 18:11:51 . 2012-02-14 15:45:30 160768 ----a-w- C:\Windows\system32\d3d10_1.dll
2012-03-14 18:11:51 . 2012-02-13 14:12:08 1172480 ----a-w- C:\Windows\system32\d3d10warp.dll
2012-03-14 18:11:51 . 2012-02-13 13:47:57 683008 ----a-w- C:\Windows\system32\d2d1.dll
2012-03-14 18:11:49 . 2012-01-31 10:59:56 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2012-03-14 18:11:28 . 2012-01-09 15:54:08 613376 ----a-w- C:\Windows\system32\rdpencom.dll
2012-03-14 18:11:27 . 2012-01-09 13:58:29 180736 ----a-w- C:\Windows\system32\drivers\rdpwd.sys
2012-03-11 17:58:07 . 2012-03-11 17:10:41 607260 ------r- C:\dds.scr
.


(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

2012-03-06 23:15:19 . 2012-03-03 21:04:52 41184 ----a-w- C:\Windows\avastSS.scr
2012-03-06 23:15:14 . 2012-03-03 21:04:51 201352 ----a-w- C:\Windows\system32\aswBoot.exe
2012-03-06 23:03:51 . 2012-03-03 21:06:03 612184 ----a-w- C:\Windows\system32\drivers\aswSnx.sys
2012-03-06 23:03:38 . 2012-03-03 21:06:08 337880 ----a-w- C:\Windows\system32\drivers\aswSP.sys
2012-03-06 23:02:00 . 2012-03-03 21:06:04 35672 ----a-w- C:\Windows\system32\drivers\aswRdr.sys
2012-03-06 23:01:53 . 2012-03-03 21:06:04 53848 ----a-w- C:\Windows\system32\drivers\aswTdi.sys
2012-03-06 23:01:48 . 2012-03-03 21:06:01 57688 ----a-w- C:\Windows\system32\drivers\aswMonFlt.sys
2012-03-06 23:01:30 . 2012-03-03 21:06:09 20696 ----a-w- C:\Windows\system32\drivers\aswFsBlk.sys
2012-02-25 20:49:54 . 2012-02-25 20:49:54 414368 ----a-w- C:\Windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 08:18:36 . 2009-11-08 12:18:19 237072 ------w- C:\Windows\system32\MpSigStub.exe
2012-02-17 14:48:59 . 2012-02-17 14:48:59 161792 ----a-w- C:\Windows\system32\msls31.dll
2012-02-17 14:48:59 . 2012-02-17 14:48:59 1127424 ----a-w- C:\Windows\system32\wininet.dll
2012-02-17 14:48:57 . 2012-02-17 14:48:57 86528 ----a-w- C:\Windows\system32\iesysprep.dll
2012-02-17 14:48:57 . 2012-02-17 14:48:57 76800 ----a-w- C:\Windows\system32\SetIEInstalledDate.exe
2012-02-17 14:48:57 . 2012-02-17 14:48:57 74752 ----a-w- C:\Windows\system32\RegisterIEPKEYs.exe
2012-02-17 14:48:57 . 2012-02-17 14:48:57 63488 ----a-w- C:\Windows\system32\tdc.ocx
2012-02-17 14:48:57 . 2012-02-17 14:48:57 48640 ----a-w- C:\Windows\system32\mshtmler.dll
2012-02-17 14:48:56 . 2012-02-17 14:48:56 367104 ----a-w- C:\Windows\system32\html.iec
2012-02-17 14:48:55 . 2012-02-17 14:48:55 74752 ----a-w- C:\Windows\system32\iesetup.dll
2012-02-17 14:48:55 . 2012-02-17 14:48:55 1427456 ----a-w- C:\Windows\system32\inetcpl.cpl
2012-02-17 14:48:54 . 2012-02-17 14:48:54 23552 ----a-w- C:\Windows\system32\licmgr10.dll
2012-02-17 14:48:54 . 2012-02-17 14:48:54 152064 ----a-w- C:\Windows\system32\wextract.exe
2012-02-17 14:48:54 . 2012-02-17 14:48:54 150528 ----a-w- C:\Windows\system32\iexpress.exe
2012-02-17 14:48:52 . 2012-02-17 14:48:52 420864 ----a-w- C:\Windows\system32\vbscript.dll
2012-02-17 14:48:51 . 2012-02-17 14:48:51 2382848 ----a-w- C:\Windows\system32\mshtml.tlb
2012-02-17 14:48:51 . 2012-02-17 14:48:51 142848 ----a-w- C:\Windows\system32\ieUnatt.exe
2012-02-17 14:48:51 . 2012-02-17 14:48:51 11776 ----a-w- C:\Windows\system32\mshta.exe
2012-02-17 14:48:51 . 2012-02-17 14:48:51 101888 ----a-w- C:\Windows\system32\admparse.dll
2012-02-17 14:48:50 . 2012-02-17 14:48:50 35840 ----a-w- C:\Windows\system32\imgutil.dll
2012-02-17 14:48:50 . 2012-02-17 14:48:50 1798656 ----a-w- C:\Windows\system32\jscript9.dll
2012-02-17 14:48:49 . 2012-02-17 14:48:49 110592 ----a-w- C:\Windows\system32\IEAdvpack.dll
2012-02-11 22:33:34 . 2010-08-26 20:39:10 472808 ----a-w- C:\Windows\system32\deployJava1.dll
2012-02-10 19:17:15 . 2012-02-03 19:56:18 91 ---ha-w- C:\Users\Mathieu\AppData\Local\ejhmkp.bat
2012-02-03 19:19:29 . 2011-04-09 19:05:08 91 ---ha-w- C:\Users\Mathieu\AppData\Local\dcutdd.bat
2012-03-19 16:00:27 . 2012-02-11 19:56:29 97208 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll


((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00cbb66b-1d3b-46d3-9577-323a336acb50}]
2011-10-27 09:24:48 225584 ----a-w- C:\Program Files\BrowserCompanion\jsloader.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15:06 123536 ----a-w- C:\Program Files\AVAST Software\Avast\ashShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2009-04-11 06:28:03 1233920]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 16:36:30 455968]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-21 02:25:11 125952]
"Software Informer"="C:\Program Files\Software Informer\softinfo.exe" [2009-02-12 20:45:42 1716293]
"Facebook Update"="C:\Users\Mathieu\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-11-06 19:11:53 137536]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-28 22:48:22 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 11:31:22 1033512]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 13:34:18 634880]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-09 16:59:30 4702208]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-10-24 10:02:14 178712]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-12-19 17:27:50 468264]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 12:31:34 202032]
"OnScreenDisplay"="C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 11:54:20 554320]
"UCam_Menu"="C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-16 21:13:28 218408]
"HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 07:03:20 75008]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 07:47:52 480560]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 14:53:06 311296]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 15:24:20 54840]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 23:04:34 39792]
"ORAHSSSessionManager"="C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe" [2009-03-03 09:02:22 107248]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-05 23:52:06 59240]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2009-10-03 09:40:00 13826664]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2011-06-26 13:31:51 273544]
"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 22:25:58 59240]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2011-10-24 13:28:52 421888]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2012-01-16 16:22:12 421736]
"Browser companion helper"="C:\Program Files\BrowserCompanion\BCHelper.exe" [2011-11-29 15:50:40 182576]
"BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 13:54:26 91520]
"avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe" [2012-03-06 23:15:17 4241512]

C:\Users\Mathieu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 16:34:48 451872 ----a-w- C:\Program Files\Common Files\LightScribe\LSRunOnce.exe

Contenu du dossier 'Tâches planifiées'

2012-04-03 C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2004331368-872200146-798892892-1000Core.job
- C:\Users\Mathieu\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-06 19:12:00 . 2011-11-06 19:11:53]

2012-04-03 C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2004331368-872200146-798892892-1000UA.job
- C:\Users\Mathieu\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-06 19:12:00 . 2011-11-06 19:11:53]

2012-04-03 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2009-12-28 19:26:08 . 2009-12-28 19:26:00]

2012-04-03 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2009-12-28 19:26:08 . 2009-12-28 19:26:00]

2012-04-03 C:\Windows\Tasks\HPCeeScheduleForMathieu.job
- C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-03-08 01:51:02 . 2007-09-28 10:58:42]

2012-04-01 C:\Windows\Tasks\Norton Security Scan for Mathieu.job
- C:\Program Files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\Nss.exe [2009-11-27 17:23:04 . 2011-01-19 17:02:55]


------- Examen supplémentaire -------

uStart Page = hxxp://www.google.fr/
mStart Page =
uInternet Settings,ProxyOverride = *.local
IE: &Envoyer à OneNote - C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 5.0\resources\fr-fr\local\search.html
IE: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
Trusted Zone: mappy.com
Trusted Zone: orange.fr
Trusted Zone: voila.fr\rw.search.ke
Trusted Zone: weborama.fr\orange
TCP: DhcpNameServer = 192.168.1.2
Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll
Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll
Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll
FF - ProfilePath - C:\Users\Mathieu\AppData\Roaming\Mozilla\Firefox\Profiles\t0np4bv7.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.BabylonToolbar_i.id - 400e65310000000000000021003c3e83
FF - user.js: extensions.BabylonToolbar_i.hardId - 400e65310000000000000021003c3e83
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15386
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1719:14:56
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - tt=090212_ctrl
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

- - - - ORPHELINS SUPPRIMES - - - -

WebBrowser-{977AE9CC-AF83-45E8-9E03-E2798216E2D5} - (no file)
HKCU-Run-fsm - (no file)
HKCU-Run-RGSC - C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
HKCU-Run-SpiderMessenger - (no file)
HKCU-Run-ejhmkp - c:\users\mathieu\appdata\local\ejhmkp.exe
AddRemove-74b95b8f - C:\Windows\system32\74b95b8f.exe
AddRemove-EoRezo_is1 - C:\Program Files\EoRezo\unins000.exe
AddRemove-SoftwareUpdate_is1 - C:\Users\Mathieu\AppData\Roaming\eoRezo\SoftwareUpdate\unins000.exe

Sincerely yours,
Jujucds
jujucds
Regular Member
 
Posts: 20
Joined: March 11th, 2012, 9:34 am

Re: computer infected with "virus gendarmerie" bis

Unread postby Gary R » April 3rd, 2012, 6:18 pm

Still work to do .....

First

  • Click Start > Run type Notepad click OK.
  • This will open an empty Notepad file.
  • Copy/Paste the contents of the box below into Notepad.
Code: Select all
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00cbb66b-1d3b-46d3-9577-323a336acb50}]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000

File::
C:\Program Files\BrowserCompanion\jsloader.dll
C:\Program Files\BrowserCompanion\tdataprotocol.dll

DDS::
Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll
Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll
Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll
FF - user.js: extensions.BabylonToolbar_i.id - 400e65310000000000000021003c3e83
FF - user.js: extensions.BabylonToolbar_i.hardId - 400e65310000000000000021003c3e83
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15386
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1719:14:56
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - tt=090212_ctrl
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

  • Click Format and ensure Wordwrap is unchecked.
  • Save as CFScript.txt to your Desktop.

Image

Refering to the picture above, drag CFScript.txt into ComboFix.exe

Combofix will now process that file.

When finished, it will produce a log for you. Post that log in your next reply please. (it can also be found at C:\Combofix.txt)

Next

Please download Malwarebytes' Anti-Malware to your Desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.

  • Click on the Malwarebytes' Anti-Malware icon to launch the programme.
    • Click the Updates tab.
      • Click Check for Updates and allow the programme to download the latest definitions.
    • Click the Scanner tab.
      • Check Perform Quick Scan.
      • Click Scan and wait for the scan to complete.
      • When the scan is complete, click OK, then Show Results.
      • Check all items except items in the C:\System Volume Information folder and click on Remove Selected.
        • A box will pop-up telling you that files have been quarantined.
        • A log will pop-up.
      • Post the log in your next reply please.

You can also access the log by doing the following
  • Click on the Logs tab.
    • Click on the log at the bottom of those listed to highlight it.
    • Click Open

Summary of the logs I need from you in your next post:
  • Latest Combofix log
  • Malwarebytes log
  • Let me know how your computer is behaving now.


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: computer infected with "virus gendarmerie" bis

Unread postby jujucds » April 4th, 2012, 5:31 pm

Hello,
Please find below the contents of file Combofix§.txt

ComboFix 12-04-03.02 - Mathieu 04/04/2012 22:58:32.2.2 - x86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.2046.1090 [GMT 2:00]
Lancé depuis: C:\Users\Mathieu\Desktop\Combofix\ComboFix.exe
Commutateurs utilisés :: C:\Users\Mathieu\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FILE ::
"C:\Program Files\BrowserCompanion\jsloader.dll"
"C:\Program Files\BrowserCompanion\tdataprotocol.dll"


(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\BrowserCompanion\jsloader.dll
C:\Program Files\BrowserCompanion\tdataprotocol.dll
C:\Windows\Instaler Setup Log.txt
C:\Windows\system32\drivers\etc\hosts.ics

---- Exécution préalable -------

C:\Program Files\Eorezo
C:\Program Files\Eorezo\confmedia.cyp
C:\Program Files\Eorezo\unins000.dat
C:\Program Files\Eorezo\unins000.exe
C:\Users\Mathieu\AppData\Local\cbrpx.dat
C:\Users\Mathieu\AppData\Local\cbrpx_nav.dat
C:\Users\Mathieu\AppData\Local\cbrpx_navps.dat
C:\Users\Mathieu\AppData\Local\ejhmkp.dat
C:\Users\Mathieu\AppData\Local\ejhmkp_nav.dat
C:\Users\Mathieu\AppData\Local\ejhmkp_navps.dat
C:\Users\Mathieu\AppData\Local\etriawgd.dat
C:\Users\Mathieu\AppData\Local\etriawgd_nav.dat
C:\Users\Mathieu\AppData\Local\etriawgd_navps.dat
C:\Users\Mathieu\AppData\Local\gaabnvh.dat
C:\Users\Mathieu\AppData\Local\gaabnvh_nav.dat
C:\Users\Mathieu\AppData\Local\gaabnvh_navps.dat
C:\Users\Mathieu\AppData\Local\rnrnrnr.dat
C:\Users\Mathieu\AppData\Local\rnrnrnr_nav.dat
C:\Users\Mathieu\AppData\Local\rnrnrnr_navps.dat
C:\Users\Mathieu\AppData\Roaming\eoRezo
C:\Users\Mathieu\AppData\Roaming\eoRezo\install.exe
C:\Users\Mathieu\AppData\Roaming\eoRezo\SoftwareUpdate\help_config.cyp
C:\Users\Mathieu\AppData\Roaming\eoRezo\SoftwareUpdate\SoftwareUpdate.exe
C:\Users\Mathieu\AppData\Roaming\eoRezo\SoftwareUpdate\unins000.dat
C:\Users\Mathieu\AppData\Roaming\eoRezo\SoftwareUpdate\unins000.exe
C:\Users\Mathieu\AppData\Roaming\eoRezo\SoftwareUpdate\user_config.cyp
C:\Users\Mathieu\AppData\Roaming\eoRezo\SoftwareUpdate\user_profil.cyp
C:\Windows\system32\KBL.LOG

Une copie infectée de C:\Windows\system32\userinit.exe a été trouvée et désinfectée
Copie restaurée à partir de - C:\ComboFix\HarddiskVolumeShadowCopy9_!Windows!System32!userinit.exe


((((((((((((((((((((((((((((( Fichiers créés du 2012-03-04 au 2012-04-04 ))))))))))))))))))))))))))))))))))))


2012-04-04 21:13:50 . 2012-04-04 21:13:50 -------- d-----w- C:\Users\Invité\AppData\Local\temp
2012-04-04 21:13:50 . 2012-04-04 21:13:50 -------- d-----w- C:\Users\Default\AppData\Local\temp
2012-04-03 16:10:58 . 2012-04-03 16:10:58 56200 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{63ADCB21-4805-4EF9-9FA1-636EE34CA16C}\offreg.dll
2012-04-03 16:00:20 . 2012-03-14 02:15:38 6582328 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{63ADCB21-4805-4EF9-9FA1-636EE34CA16C}\mpengine.dll
2012-03-19 16:00:27 . 2012-03-19 16:00:28 592824 ----a-w- C:\Program Files\Mozilla Firefox\gkmedias.dll
2012-03-19 16:00:27 . 2012-03-19 16:00:27 44472 ----a-w- C:\Program Files\Mozilla Firefox\mozglue.dll
2012-03-15 20:36:53 . 2012-03-15 20:36:53 -------- d-----w- C:\_OTL
2012-03-14 18:11:53 . 2012-02-02 15:16:25 2044416 ----a-w- C:\Windows\system32\win32k.sys
2012-03-14 18:11:52 . 2012-02-14 15:45:30 219648 ----a-w- C:\Windows\system32\d3d10_1core.dll
2012-03-14 18:11:52 . 2012-02-13 13:44:40 1068544 ----a-w- C:\Windows\system32\DWrite.dll
2012-03-14 18:11:51 . 2012-02-14 15:45:30 160768 ----a-w- C:\Windows\system32\d3d10_1.dll
2012-03-14 18:11:51 . 2012-02-13 14:12:08 1172480 ----a-w- C:\Windows\system32\d3d10warp.dll
2012-03-14 18:11:51 . 2012-02-13 13:47:57 683008 ----a-w- C:\Windows\system32\d2d1.dll
2012-03-14 18:11:49 . 2012-01-31 10:59:56 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2012-03-14 18:11:28 . 2012-01-09 15:54:08 613376 ----a-w- C:\Windows\system32\rdpencom.dll
2012-03-14 18:11:27 . 2012-01-09 13:58:29 180736 ----a-w- C:\Windows\system32\drivers\rdpwd.sys
2012-03-11 17:58:07 . 2012-03-11 17:10:41 607260 ------r- C:\dds.scr
.


(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

2012-03-06 23:15:19 . 2012-03-03 21:04:52 41184 ----a-w- C:\Windows\avastSS.scr
2012-03-06 23:15:14 . 2012-03-03 21:04:51 201352 ----a-w- C:\Windows\system32\aswBoot.exe
2012-03-06 23:03:51 . 2012-03-03 21:06:03 612184 ----a-w- C:\Windows\system32\drivers\aswSnx.sys
2012-03-06 23:03:38 . 2012-03-03 21:06:08 337880 ----a-w- C:\Windows\system32\drivers\aswSP.sys
2012-03-06 23:02:00 . 2012-03-03 21:06:04 35672 ----a-w- C:\Windows\system32\drivers\aswRdr.sys
2012-03-06 23:01:53 . 2012-03-03 21:06:04 53848 ----a-w- C:\Windows\system32\drivers\aswTdi.sys
2012-03-06 23:01:48 . 2012-03-03 21:06:01 57688 ----a-w- C:\Windows\system32\drivers\aswMonFlt.sys
2012-03-06 23:01:30 . 2012-03-03 21:06:09 20696 ----a-w- C:\Windows\system32\drivers\aswFsBlk.sys
2012-02-25 20:49:54 . 2012-02-25 20:49:54 414368 ----a-w- C:\Windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 08:18:36 . 2009-11-08 12:18:19 237072 ------w- C:\Windows\system32\MpSigStub.exe
2012-02-17 14:48:59 . 2012-02-17 14:48:59 161792 ----a-w- C:\Windows\system32\msls31.dll
2012-02-17 14:48:59 . 2012-02-17 14:48:59 1127424 ----a-w- C:\Windows\system32\wininet.dll
2012-02-17 14:48:57 . 2012-02-17 14:48:57 86528 ----a-w- C:\Windows\system32\iesysprep.dll
2012-02-17 14:48:57 . 2012-02-17 14:48:57 76800 ----a-w- C:\Windows\system32\SetIEInstalledDate.exe
2012-02-17 14:48:57 . 2012-02-17 14:48:57 74752 ----a-w- C:\Windows\system32\RegisterIEPKEYs.exe
2012-02-17 14:48:57 . 2012-02-17 14:48:57 63488 ----a-w- C:\Windows\system32\tdc.ocx
2012-02-17 14:48:57 . 2012-02-17 14:48:57 48640 ----a-w- C:\Windows\system32\mshtmler.dll
2012-02-17 14:48:56 . 2012-02-17 14:48:56 367104 ----a-w- C:\Windows\system32\html.iec
2012-02-17 14:48:55 . 2012-02-17 14:48:55 74752 ----a-w- C:\Windows\system32\iesetup.dll
2012-02-17 14:48:55 . 2012-02-17 14:48:55 1427456 ----a-w- C:\Windows\system32\inetcpl.cpl
2012-02-17 14:48:54 . 2012-02-17 14:48:54 23552 ----a-w- C:\Windows\system32\licmgr10.dll
2012-02-17 14:48:54 . 2012-02-17 14:48:54 152064 ----a-w- C:\Windows\system32\wextract.exe
2012-02-17 14:48:54 . 2012-02-17 14:48:54 150528 ----a-w- C:\Windows\system32\iexpress.exe
2012-02-17 14:48:52 . 2012-02-17 14:48:52 420864 ----a-w- C:\Windows\system32\vbscript.dll
2012-02-17 14:48:51 . 2012-02-17 14:48:51 2382848 ----a-w- C:\Windows\system32\mshtml.tlb
2012-02-17 14:48:51 . 2012-02-17 14:48:51 142848 ----a-w- C:\Windows\system32\ieUnatt.exe
2012-02-17 14:48:51 . 2012-02-17 14:48:51 11776 ----a-w- C:\Windows\system32\mshta.exe
2012-02-17 14:48:51 . 2012-02-17 14:48:51 101888 ----a-w- C:\Windows\system32\admparse.dll
2012-02-17 14:48:50 . 2012-02-17 14:48:50 35840 ----a-w- C:\Windows\system32\imgutil.dll
2012-02-17 14:48:50 . 2012-02-17 14:48:50 1798656 ----a-w- C:\Windows\system32\jscript9.dll
2012-02-17 14:48:49 . 2012-02-17 14:48:49 110592 ----a-w- C:\Windows\system32\IEAdvpack.dll
2012-02-11 22:33:34 . 2010-08-26 20:39:10 472808 ----a-w- C:\Windows\system32\deployJava1.dll
2012-02-10 19:17:15 . 2012-02-03 19:56:18 91 ---ha-w- C:\Users\Mathieu\AppData\Local\ejhmkp.bat
2012-02-03 19:19:29 . 2011-04-09 19:05:08 91 ---ha-w- C:\Users\Mathieu\AppData\Local\dcutdd.bat
2012-03-19 16:00:27 . 2012-02-11 19:56:29 97208 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll


((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15:06 123536 ----a-w- C:\Program Files\AVAST Software\Avast\ashShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2009-04-11 06:28:03 1233920]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 16:36:30 455968]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-21 02:25:11 125952]
"Software Informer"="C:\Program Files\Software Informer\softinfo.exe" [2009-02-12 20:45:42 1716293]
"fsm"="" [BU]
"RGSC"="C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [BU]
"SpiderMessenger"="" [BU]
"Facebook Update"="C:\Users\Mathieu\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-11-06 19:11:53 137536]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-28 22:48:22 39408]
"ejhmkp"="c:\users\mathieu\appdata\local\ejhmkp.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 11:31:22 1033512]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 13:34:18 634880]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-09 16:59:30 4702208]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-10-24 10:02:14 178712]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-12-19 17:27:50 468264]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 12:31:34 202032]
"OnScreenDisplay"="C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 11:54:20 554320]
"UCam_Menu"="C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-16 21:13:28 218408]
"HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 07:03:20 75008]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 07:47:52 480560]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 14:53:06 311296]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 15:24:20 54840]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 23:04:34 39792]
"ORAHSSSessionManager"="C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe" [2009-03-03 09:02:22 107248]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-05 23:52:06 59240]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2009-10-03 09:40:00 13826664]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2011-06-26 13:31:51 273544]
"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 22:25:58 59240]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2011-10-24 13:28:52 421888]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2012-01-16 16:22:12 421736]
"Browser companion helper"="C:\Program Files\BrowserCompanion\BCHelper.exe" [2011-11-29 15:50:40 182576]
"BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 13:54:26 91520]
"avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe" [2012-03-06 23:15:17 4241512]

C:\Users\Mathieu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 16:34:48 451872 ----a-w- C:\Program Files\Common Files\LightScribe\LSRunOnce.exe

Contenu du dossier 'Tâches planifiées'

2012-04-04 C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2004331368-872200146-798892892-1000Core.job
- C:\Users\Mathieu\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-06 19:12:00 . 2011-11-06 19:11:53]

2012-04-04 C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2004331368-872200146-798892892-1000UA.job
- C:\Users\Mathieu\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-06 19:12:00 . 2011-11-06 19:11:53]

2012-04-04 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2009-12-28 19:26:08 . 2009-12-28 19:26:00]

2012-04-04 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2009-12-28 19:26:08 . 2009-12-28 19:26:00]

2012-04-03 C:\Windows\Tasks\HPCeeScheduleForMathieu.job
- C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-03-08 01:51:02 . 2007-09-28 10:58:42]

2012-04-04 C:\Windows\Tasks\Norton Security Scan for Mathieu.job
- C:\Program Files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\Nss.exe [2009-11-27 17:23:04 . 2011-01-19 17:02:55]


------- Examen supplémentaire -------

uStart Page = hxxp://www.google.fr/
mStart Page =
uInternet Settings,ProxyOverride = *.local
IE: &Envoyer à OneNote - C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 5.0\resources\fr-fr\local\search.html
IE: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
Trusted Zone: mappy.com
Trusted Zone: orange.fr
Trusted Zone: voila.fr\rw.search.ke
Trusted Zone: weborama.fr\orange
TCP: DhcpNameServer = 192.168.1.2
FF - ProfilePath - C:\Users\Mathieu\AppData\Roaming\Mozilla\Firefox\Profiles\t0np4bv7.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.BabylonToolbar_i.id - 400e65310000000000000021003c3e83
FF - user.js: extensions.BabylonToolbar_i.hardId - 400e65310000000000000021003c3e83
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15386
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1719:14:56
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - tt=090212_ctrl
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

- - - - ORPHELINS SUPPRIMES - - - -

WebBrowser-{977AE9CC-AF83-45E8-9E03-E2798216E2D5} - (no file)

Next files are coming.
jujucds
Regular Member
 
Posts: 20
Joined: March 11th, 2012, 9:34 am

Re: computer infected with "virus gendarmerie" bis

Unread postby jujucds » April 5th, 2012, 4:16 pm

Hello,

I apologize for being late.
You ask how my computer is behaving now. During thre infection, the computer was slow, but it is hard to determine whether now it is faster or not... I guess this will appear in the next few days. Another point: in my personal folder, a series of files appeared during the infection. and are stil prsent, with names like "ntuser.dat{80c78019-3cf5-11df-8bd4-001e68b05da3}.TM"
Below is file Malwarebytes.log
Best regards,
Jujucds

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Version de la base de données: v2012.04.04.08

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Mathieu :: PC [administrateur]

05/04/2012 21:12:37
mbam-log-2012-04-05 (21-12-37).txt

Type d'examen: Examen rapide
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 226931
Temps écoulé: 7 minute(s), 36 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 2
HKCU\Software\EoRezo (Rogue.Eorezo) -> Mis en quarantaine et supprimé avec succès.
HKLM\SOFTWARE\EoRezo (Rogue.Eorezo) -> Mis en quarantaine et supprimé avec succès.

Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 3
C:\Users\Mathieu\Local Settings\Application Data\EoRezo (Adware.EoRezo) -> Mis en quarantaine et supprimé avec succès.
C:\Users\Mathieu\Local Settings\Application Data\EoRezo\EoRezo (Adware.EoRezo) -> Mis en quarantaine et supprimé avec succès.
C:\Users\Mathieu\Local Settings\Application Data\EoRezo\EoRezo\EoStats (Adware.EoRezo) -> Mis en quarantaine et supprimé avec succès.

Fichier(s) détecté(s): 5
C:\Users\Mathieu\Local Settings\Application Data\EoRezo\EoRezo\confmedia.cyp (Adware.EoRezo) -> Mis en quarantaine et supprimé avec succès.
C:\Users\Mathieu\Local Settings\Application Data\EoRezo\EoRezo\eorezo_confMedia.cyp (Adware.EoRezo) -> Mis en quarantaine et supprimé avec succès.
C:\Users\Mathieu\Local Settings\Application Data\EoRezo\EoRezo\user.cyp (Adware.EoRezo) -> Mis en quarantaine et supprimé avec succès.
C:\Users\Mathieu\Local Settings\Application Data\EoRezo\EoRezo\user_profil.cyp (Adware.EoRezo) -> Mis en quarantaine et supprimé avec succès.
C:\Users\Mathieu\Local Settings\Application Data\EoRezo\EoRezo\EoStats\eoStats.txt (Adware.EoRezo) -> Mis en quarantaine et supprimé avec succès.

(fin)
jujucds
Regular Member
 
Posts: 20
Joined: March 11th, 2012, 9:34 am

Re: computer infected with "virus gendarmerie" bis

Unread postby Gary R » April 5th, 2012, 4:37 pm

There were a number of things not removed by Combofix that I had scripted for removal, so I'd like to use a different tool to remove them. This will require you to run another scan for me first.

Download OTL by OldTimer to your Desktop.

If you already have a copy of OTL delete it and use this version.

  • Double click OTL.exe to launch the programme.
  • Check the following.
    • Scan all users.
    • Standard Output.
    • Lop check.
    • Purity check.
  • Under Extra Registry section, select Use SafeList
  • Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
  • When finished it will produce two logs.
    • OTL.txt (open on your desktop).
    • Extras.txt (minimised in your taskbar)
  • Please post me both logs.

I'd also like you to run a general purpose online anti-virus scan please. This scan usually takes a few hours to run, but it is very thorough.

Please run a scan with ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go HERE then click on: Image
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log in your next reply please.
  • Now click on: Image (Selecting Uninstall application on close if you so wish)

Summary of the logs I need from you in your next post:
  • OTL.txt
  • Extras.txt
  • E-Set log


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: computer infected with "virus gendarmerie" bis

Unread postby jujucds » April 6th, 2012, 4:07 pm

Hello,

Please fing below OLT.txt and Extras.txt

OTL logfile created on: 06/04/2012 21:51:41 - Run 3
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Mathieu\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 0,87 Gb Available Physical Memory | 43,35% Memory free
4,23 Gb Paging File | 2,98 Gb Available in Paging File | 70,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137,62 Gb Total Space | 64,03 Gb Free Space | 46,53% Space Free | Partition Type: NTFS
Drive D: | 11,43 Gb Total Space | 2,38 Gb Free Space | 20,81% Space Free | Partition Type: NTFS

Computer Name: PC | User Name: Mathieu | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/06 21:40:21 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Mathieu\Downloads\OTL.exe
PRC - [2012/03/19 18:00:27 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/03/07 01:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/11/29 17:50:40 | 000,182,576 | ---- | M] (Blabbers Communications LTD) -- C:\Program Files\BrowserCompanion\BCHelper.exe
PRC - [2011/06/26 15:31:51 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/01/17 20:09:00 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 20:09:00 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/03 11:02:24 | 000,135,168 | ---- | M] (France Telecom SA) -- C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
PRC - [2009/03/03 11:02:06 | 000,602,864 | ---- | M] (France Telecom SA) -- C:\Program Files\OrangeHSS\Launcher\Launcher.exe
PRC - [2009/03/03 11:02:04 | 000,065,536 | ---- | M] (France Telecom SA) -- C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
PRC - [2009/03/03 11:02:04 | 000,065,536 | ---- | M] (France Telecom SA) -- C:\Program Files\Common Files\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
PRC - [2009/03/03 11:01:52 | 000,028,672 | ---- | M] (France Telecom SA) -- C:\Program Files\OrangeHSS\Connectivity\corecom\OraConfigRecover.exe
PRC - [2009/03/03 11:01:50 | 000,364,544 | ---- | M] (France Telecom SA) -- C:\Program Files\OrangeHSS\Connectivity\corecom\CoreCom.exe
PRC - [2009/03/03 11:01:48 | 000,712,704 | ---- | M] (France Telecom SA) -- C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe
PRC - [2009/03/03 11:01:42 | 000,090,112 | ---- | M] (France Telecom SA) -- C:\Program Files\Common Files\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
PRC - [2009/02/12 22:45:42 | 001,716,293 | ---- | M] (Informer Technologies, Inc.) -- C:\Program Files\Software Informer\softinfo.exe
PRC - [2007/10/24 12:02:16 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/10/24 12:02:14 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/10/09 18:59:30 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/01/17 15:34:18 | 000,634,880 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/19 18:00:27 | 001,969,080 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/02/25 22:49:54 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2012/02/12 00:37:43 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2011/08/07 13:54:44 | 000,362,029 | ---- | M] () -- C:\Program Files\BrowserCompanion\sqlite3.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009/03/03 11:02:22 | 000,077,824 | ---- | M] () -- C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
MOD - [2009/03/03 11:02:14 | 000,589,824 | ---- | M] () -- C:\Program Files\OrangeHSS\Launcher\Plugins\PluginLnhPromptManager2.dll
MOD - [2009/03/03 11:02:12 | 000,237,568 | ---- | M] () -- C:\Program Files\OrangeHSS\Launcher\Plugins\PluginLnhRecovery.dll
MOD - [2009/02/03 17:08:00 | 000,032,768 | ---- | M] () -- C:\Program Files\OrangeHSS\Launcher\WatchClient.dll
MOD - [2007/12/19 19:28:32 | 000,345,384 | ---- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\TV\CLTinyDB.dll
MOD - [2007/12/19 19:28:20 | 000,251,288 | ---- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\TV\CLCapEngine.dll
MOD - [2007/12/19 19:28:20 | 000,120,208 | ---- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\TV\CLSchMgr.dll
MOD - [2007/12/19 19:28:20 | 000,038,184 | ---- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\TV\CLCapSvcps.dll
MOD - [2007/12/19 19:27:04 | 000,066,856 | ---- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\common\MCEMediaStatus.dll
MOD - [2007/08/14 16:43:46 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2007/07/12 14:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007/07/12 14:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/03/07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/11/16 18:23:44 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2011/06/12 12:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2009/03/03 11:02:04 | 000,065,536 | ---- | M] (France Telecom SA) [Auto | Running] -- C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe -- (FTRTSVC)
SRV - [2008/01/21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/10/24 12:02:16 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007/03/05 10:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbmodem.sys -- (USBModem)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbdiag.sys -- (UsbDiag)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbbus.sys -- (usbbus)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Mathieu\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/03/07 01:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/07 01:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/07 01:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/03/07 01:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/07 01:01:48 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/03/07 01:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/05/10 08:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2009/10/03 06:02:06 | 009,905,096 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/02/03 17:07:42 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2009/02/03 17:07:40 | 000,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCAMp50.sys -- (PCAMp50)
DRV - [2007/09/18 01:17:36 | 000,098,816 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/07/11 10:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007/07/03 17:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007/07/03 17:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007/07/03 17:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2007/06/18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/03/21 22:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/02/24 14:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/01/23 16:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/01/17 15:38:52 | 000,983,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006/11/02 09:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)
DRV - [2006/07/24 17:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q={searchTerms}&crm=1


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2004331368-872200146-798892892-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
IE - HKU\S-1-5-21-2004331368-872200146-798892892-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2004331368-872200146-798892892-1000\..\URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll ()
IE - HKU\S-1-5-21-2004331368-872200146-798892892-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-2004331368-872200146-798892892-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=101365&mntrId=400e65310000000000000021003c3e83&tt=090212_ctrl
IE - HKU\S-1-5-21-2004331368-872200146-798892892-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_fr
IE - HKU\S-1-5-21-2004331368-872200146-798892892-1000\..\SearchScopes\{8978B5AF-2901-4B25-AF91-726C4CE68302}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-2004331368-872200146-798892892-1000\..\SearchScopes\{8A244612-A1F7-11E0-95C0-E71F4824019B}: "URL" = http://badoo.com/startpage/?source=bsb&q={searchTerms}
IE - HKU\S-1-5-21-2004331368-872200146-798892892-1000\..\SearchScopes\{A66091A8-1C1F-43E6-AAB4-E81144499536}: "URL" = http://slirsredirect.search.aol.com/sli ... 156&query={searchTerms}&invocationType=tb50hpcnnbie7-fr-fr
IE - HKU\S-1-5-21-2004331368-872200146-798892892-1000\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q={searchTerms}&crm=1
IE - HKU\S-1-5-21-2004331368-872200146-798892892-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2004331368-872200146-798892892-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "http://www.google.fr/"
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Mathieu\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Mathieu\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll File not found
FF - HKCU\Software\MozillaPlugins\electronicarts.com/GameFacePlugin: C:\Users\Mathieu\AppData\Roaming\Electronic Arts\Game Face\1.0.0.18\npGameFacePlugin.dll (Electronic Arts)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/12/06 00:46:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\SpiderMessengerHelper@spidermessenger.com:
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/03/03 22:50:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/03/25 20:05:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/19 18:00:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/12 00:33:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/12/06 00:46:57 | 000,000,000 | ---D | M]

[2012/02/11 21:56:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mathieu\AppData\Roaming\mozilla\Extensions
[2012/02/16 20:57:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mathieu\AppData\Roaming\mozilla\Firefox\Profiles\t0np4bv7.default\extensions
[2012/02/12 01:28:05 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Users\Mathieu\AppData\Roaming\mozilla\Firefox\Profiles\t0np4bv7.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
[2012/02/16 20:57:17 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\Mathieu\AppData\Roaming\mozilla\Firefox\Profiles\t0np4bv7.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
[2012/02/16 20:15:09 | 000,000,000 | ---D | M] (Browser Companion Helper) -- C:\Users\Mathieu\AppData\Roaming\mozilla\Firefox\Profiles\t0np4bv7.default\extensions\bbrs_002@blabbers.com
[2012/02/16 20:14:56 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Mathieu\AppData\Roaming\mozilla\Firefox\Profiles\t0np4bv7.default\extensions\ffxtlbr@babylon.com
[2012/03/19 19:18:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\MATHIEU\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T0NP4BV7.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/03/19 18:00:27 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/12 00:33:34 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/08 19:58:02 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2012/02/16 20:14:50 | 000,002,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012/02/08 19:46:45 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/08 19:58:02 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2012/02/08 19:58:02 | 000,001,154 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2012/02/08 19:58:02 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2012/02/08 19:58:02 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.142\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.142\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.142\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: (Enabled) = C:\Users\Mathieu\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibgfbdggapddbjjbopabhlhianklajie\1.0.5_0\chromeNPAPI.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll
CHR - plugin: Zylom Plugin (Enabled) = C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Mathieu\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Game Face Plugin (Enabled) = C:\Users\Mathieu\AppData\Roaming\Electronic Arts\Game Face\1.0.0.18\npGameFacePlugin.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - Extension: DealPly = C:\Users\Mathieu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\
CHR - Extension: Browser Companion Helper = C:\Users\Mathieu\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibgfbdggapddbjjbopabhlhianklajie\1.0.5_0\
CHR - Extension: avast! WebRep = C:\Users\Mathieu\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Mathieu\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\

O1 HOSTS File: ([2012/04/04 23:16:29 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Browser Companion Helper Verifier) - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files\BrowserCompanion\updatebhoWin32.dll ( )
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL)
O3 - HKU\S-1-5-21-2004331368-872200146-798892892-1000\..\Toolbar\WebBrowser: (no name) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No CLSID value found.
O3 - HKU\S-1-5-21-2004331368-872200146-798892892-1000\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Browser companion helper] C:\Program Files\BrowserCompanion\BCHelper.exe (Blabbers Communications LTD)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe (France Telecom SA)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-2004331368-872200146-798892892-1000..\Run: [ejhmkp] "c:\users\mathieu\appdata\local\ejhmkp.exe" ejhmkp File not found
O4 - HKU\S-1-5-21-2004331368-872200146-798892892-1000..\Run: [Facebook Update] C:\Users\Mathieu\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-2004331368-872200146-798892892-1000..\Run: [fsm] File not found
O4 - HKU\S-1-5-21-2004331368-872200146-798892892-1000..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent File not found
O4 - HKU\S-1-5-21-2004331368-872200146-798892892-1000..\Run: [Software Informer] C:\Program Files\Software Informer\softinfo.exe (Informer Technologies, Inc.)
O4 - HKU\S-1-5-21-2004331368-872200146-798892892-1000..\Run: [SpiderMessenger] File not found
O4 - Startup: C:\Users\Mathieu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2004331368-872200146-798892892-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2004331368-872200146-798892892-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Envoyer à OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: &Recherche AOL Toolbar - c:\Program Files\AOL\AOL Toolbar 5.0\resources\fr-FR\local\search.html ()
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-2004331368-872200146-798892892-1000\..Trusted Domains: mappy.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2004331368-872200146-798892892-1000\..Trusted Domains: orange.fr ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2004331368-872200146-798892892-1000\..Trusted Domains: voila.fr ([rw.search.ke] http in Trusted sites)
O15 - HKU\S-1-5-21-2004331368-872200146-798892892-1000\..Trusted Domains: weborama.fr ([orange] http in Trusted sites)
O15 - HKU\S-1-5-21-2004331368-872200146-798892892-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3208D13B-5BCF-4D1D-8FC5-55283BDB8971}: DhcpNameServer = 192.168.1.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4FAE890B-A261-409B-895A-C5D16C407E3E}: DhcpNameServer = 172.20.2.39 172.20.2.10
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img7.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img7.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/08 04:32:36 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 17:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/04 23:39:37 | 000,000,000 | ---D | C] -- C:\Users\Mathieu\AppData\Roaming\Malwarebytes
[2012/04/04 23:39:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/04 23:39:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/04/04 23:39:25 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/04/04 23:39:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/04/04 23:35:58 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Mathieu\Desktop\mbam--setup-1.60.1.1000.exe
[2012/04/04 23:22:33 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/04/04 22:56:37 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/04/03 22:00:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/04/03 22:00:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/04/03 22:00:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/04/03 21:59:31 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/04/03 21:59:22 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/03 21:50:13 | 000,000,000 | ---D | C] -- C:\Users\Mathieu\Desktop\Combofix
[2012/03/15 22:36:53 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/03/14 20:11:53 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/03/14 20:11:52 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012/03/14 20:11:52 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012/03/14 20:11:51 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012/03/14 20:11:51 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012/03/14 20:11:51 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012/03/14 20:11:28 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2012/03/13 20:41:27 | 002,063,920 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Mathieu\Desktop\tdsskiller.exe
[2012/03/11 19:58:07 | 000,607,260 | R--- | C] (Swearware) -- C:\dds.scr
[2012/03/11 19:10:29 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Mathieu\Desktop\dds.scr

========== Files - Modified Within 30 Days ==========

[2012/04/06 21:53:00 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/06 21:53:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/06 21:31:03 | 000,001,103 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2012/04/06 21:30:04 | 000,202,208 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/04/06 21:28:49 | 000,000,374 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2012/04/06 21:28:42 | 000,202,208 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012/04/06 21:28:19 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/06 21:28:18 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/06 21:28:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/06 21:28:08 | 2145,837,056 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/06 18:47:39 | 000,195,408 | ---- | M] () -- C:\Users\Mathieu\Oral exposé orientation.odt
[2012/04/06 18:17:10 | 000,000,562 | ---- | M] () -- C:\Windows\tasks\Norton Security Scan for Mathieu.job
[2012/04/06 17:17:05 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2004331368-872200146-798892892-1000UA.job
[2012/04/06 16:47:47 | 000,679,042 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2012/04/06 16:47:47 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/06 16:47:47 | 000,126,626 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2012/04/06 16:47:47 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/05 22:03:41 | 000,008,360 | ---- | M] () -- C:\Users\Mathieu\Sans nom 1.odt
[2012/04/04 23:39:28 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/04 23:35:59 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Mathieu\Desktop\mbam--setup-1.60.1.1000.exe
[2012/04/04 23:16:29 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/04/04 20:17:01 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2004331368-872200146-798892892-1000Core.job
[2012/04/03 17:42:26 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForMathieu.job
[2012/04/01 14:14:28 | 316,095,127 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/03/25 20:05:06 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/03/19 19:18:59 | 000,000,918 | ---- | M] () -- C:\Windows\System32\InstallUtil.InstallLog
[2012/03/18 20:01:39 | 000,139,264 | ---- | M] () -- C:\Users\Mathieu\Desktop\SystemLook.exe
[2012/03/15 20:52:49 | 000,420,992 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/03/13 20:41:45 | 002,063,920 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Mathieu\Desktop\tdsskiller.exe
[2012/03/11 19:10:41 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Mathieu\Desktop\dds.scr
[2012/03/11 19:10:41 | 000,607,260 | R--- | M] (Swearware) -- C:\dds.scr

========== Files Created - No Company Name ==========

[2012/04/06 16:58:54 | 000,195,408 | ---- | C] () -- C:\Users\Mathieu\Oral exposé orientation.odt
[2012/04/05 22:03:38 | 000,008,360 | ---- | C] () -- C:\Users\Mathieu\Sans nom 1.odt
[2012/04/04 23:39:28 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/03 22:00:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/04/03 22:00:02 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/04/03 22:00:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/04/03 22:00:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/04/03 22:00:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/04/02 19:10:53 | 000,000,330 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForMathieu.job
[2012/03/18 20:01:35 | 000,139,264 | ---- | C] () -- C:\Users\Mathieu\Desktop\SystemLook.exe
[2012/02/03 21:56:18 | 000,000,091 | -H-- | C] () -- C:\Users\Mathieu\AppData\Local\ejhmkp.bat
[2011/04/09 21:05:08 | 000,000,091 | -H-- | C] () -- C:\Users\Mathieu\AppData\Local\dcutdd.bat
[2010/07/04 10:35:33 | 000,047,487 | ---- | C] () -- C:\Windows\System32\agsrzwducwqvqf.exe
[2010/06/26 00:09:35 | 000,000,606 | ---- | C] () -- C:\Windows\hpomdl46.dat.temp
[2010/05/23 00:10:04 | 000,000,091 | -H-- | C] () -- C:\Users\Mathieu\AppData\Local\eppbllc.bat
[2010/05/06 13:38:03 | 000,000,092 | -H-- | C] () -- C:\Users\Mathieu\AppData\Local\jmhlv.bat
[2010/04/20 12:03:56 | 000,000,090 | -H-- | C] () -- C:\Users\Mathieu\AppData\Local\icdxsmh.bat

========== LOP Check ==========

[2012/03/03 22:50:59 | 000,000,000 | ---D | M] -- C:\Users\Mathieu\AppData\Roaming\Audacity
[2011/08/22 21:22:38 | 000,000,000 | ---D | M] -- C:\Users\Mathieu\AppData\Roaming\Babylon
[2011/12/18 23:38:11 | 000,000,000 | ---D | M] -- C:\Users\Mathieu\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2009/02/16 21:10:53 | 000,000,000 | ---D | M] -- C:\Users\Mathieu\AppData\Roaming\DMCache
[2010/10/04 18:39:40 | 000,000,000 | ---D | M] -- C:\Users\Mathieu\AppData\Roaming\Electronic Arts
[2009/02/15 16:50:23 | 000,000,000 | ---D | M] -- C:\Users\Mathieu\AppData\Roaming\GetGo Software
[2009/02/16 22:20:44 | 000,000,000 | ---D | M] -- C:\Users\Mathieu\AppData\Roaming\IDM
[2009/02/16 11:01:08 | 000,000,000 | ---D | M] -- C:\Users\Mathieu\AppData\Roaming\Leadertech
[2008/11/18 14:59:01 | 000,000,000 | ---D | M] -- C:\Users\Mathieu\AppData\Roaming\LG Electronics
[2009/07/27 17:53:08 | 000,000,000 | ---D | M] -- C:\Users\Mathieu\AppData\Roaming\Micro Application
[2010/01/18 02:48:52 | 000,000,000 | ---D | M] -- C:\Users\Mathieu\AppData\Roaming\muvee Technologies
[2012/02/12 00:47:38 | 000,000,000 | ---D | M] -- C:\Users\Mathieu\AppData\Roaming\OpenOffice.org
[2008/10/30 21:14:46 | 000,000,000 | ---D | M] -- C:\Users\Mathieu\AppData\Roaming\PeerNetworking
[2009/03/12 21:30:30 | 000,000,000 | ---D | M] -- C:\Users\Mathieu\AppData\Roaming\Samsung
[2012/04/06 21:32:02 | 000,000,000 | ---D | M] -- C:\Users\Mathieu\AppData\Roaming\Software Informer
[2009/03/04 00:10:57 | 000,000,000 | ---D | M] -- C:\Users\Mathieu\AppData\Roaming\Template
[2012/04/04 20:17:01 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2004331368-872200146-798892892-1000Core.job
[2012/04/06 17:17:05 | 000,000,936 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2004331368-872200146-798892892-1000UA.job
[2012/04/05 22:18:25 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >
jujucds
Regular Member
 
Posts: 20
Joined: March 11th, 2012, 9:34 am

Re: computer infected with "virus gendarmerie" bis

Unread postby Gary R » April 6th, 2012, 4:37 pm

You only posted the OTL.txt log, please post the Extras.txt log, and when you have run it please post the E-Set log
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: computer infected with "virus gendarmerie" bis

Unread postby jujucds » April 6th, 2012, 5:36 pm

Hello,

Below is the contents of file Extras.txt. I thought I had already send it to you, sorry about that.
In order to run ESET online Scanner, I have disabled my antivirus software, i. e. Avast. Then, when running ESET online Scanner, I got the mssage : another antivirus software was detected. This may affect the performance and quality of the scan. Should I disable this unknown (of me...) antivirus before scanning and if so could you indicate how yo do that ?
Thank you in advance,
Jujucds

OTL Extras logfile created on: 06/04/2012 21:51:41 - Run 3
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Mathieu\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 0,87 Gb Available Physical Memory | 43,35% Memory free
4,23 Gb Paging File | 2,98 Gb Available in Paging File | 70,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137,62 Gb Total Space | 64,03 Gb Free Space | 46,53% Space Free | Partition Type: NTFS
Drive D: | 11,43 Gb Total Space | 2,38 Gb Free Space | 20,81% Space Free | Partition Type: NTFS

Computer Name: PC | User Name: Mathieu | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2004331368-872200146-798892892-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe" = C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS -- (France Telecom SA)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C3C5534-268E-4826-AE9C-5F6C24592CAD}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{22D2FB40-7A67-4E18-B303-7FFDDACE535F}" = rport=2869 | protocol=6 | dir=out | app=system |
"{35923F49-A09C-40D7-996F-3D420B554D65}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{38BD040E-8887-4CFB-AE2E-304D599B0B0B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3C18E9A0-4E0A-48AE-A6C4-1A1822321E57}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{43B8FA80-EE6B-431F-967D-2E6802919326}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{43D59E80-A9ED-4C3E-97B5-41AC253DE083}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{49B98653-3F91-45CB-AF25-194A694B5BCF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{49C7BFB2-3D1E-4BBC-B1DC-6A3D94C0C2C8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4BB1A2EB-7DC6-41D4-84CF-0E90ADD2A76B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{4EFDA615-7A61-4862-8B7A-2AB89E5BBD7B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{5A7344BB-00A3-4659-9683-1CD402EE77EF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{61618BCC-CC5A-48F2-934E-2AB50E936E37}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{662AE78D-7B0A-4D94-8ECE-DFA6D53A9BCB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{72C34112-CD80-4214-B571-3075AEDD056F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{73D3BF36-039D-45D9-BCB3-FE55248F57E0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{765FA003-D92B-4E4F-B078-99E84D6743D5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{818034FC-A20B-4C82-A8BB-417518EFD245}" = lport=10243 | protocol=6 | dir=in | app=system |
"{96866597-866C-4144-A34A-4A93C08960DE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A17958E5-1A42-403A-817A-79D8032F9B63}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AADA8C7D-67B0-405F-BE7D-62B4CA0EBA9B}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{B0668573-2977-40C6-AB5B-5FD7A1FF421F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{B973048A-2BFC-4C84-8B61-856731110FE4}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{BF97328B-41A3-42BE-B384-E6CD8FB72EC5}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C3DCD097-0E22-442D-8658-AA617A8C9B8E}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C5EA5CA5-9F59-4E3F-B714-0ECA03A05C7A}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C8BE1391-BD9C-41A3-94D0-100B28A268EA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D516E829-C155-412F-AEEC-D7F8A0DBE5EF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DCB22D63-3702-4D22-9F6B-20C64DE77BD7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EA20DA0C-AF4D-4254-BC0B-306D1D4F07B3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FEA74A66-9906-4795-9819-41C4E0896CB4}" = rport=10243 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{050D1A61-699F-4EA7-9786-F3DDB0825311}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{0ADB8040-348B-4A43-8A22-310472DDC21B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{1096B610-CEE1-4AAC-B519-22025AD96052}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{1864A7DE-30DE-490D-A9F0-6DCA18C52FF6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{1BDC4CEB-B846-46D7-B244-1DDE676F8C24}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{21284650-121D-4362-B4AD-80F994E443DF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{28A2E4E2-BB8A-4E1F-B406-DABB8F589EA4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2F1C6610-110C-4CF6-A984-C6B88F76300E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2FAE95BF-0F5D-412D-8BF8-48FA363A1340}" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{3325C432-096E-4E35-8A38-5D377AB88029}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3EF12714-E54F-4273-9ACF-C1A8E53627CB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3F1349FB-D5F9-45CF-8719-12F65F5E1D28}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{40FB13DD-8F50-4BD8-9C57-653B21C23D33}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{412F5348-560D-4208-B71C-8583F71A7122}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{4785E5D1-F63A-417C-BFF8-C29794EF02DF}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{5156FB41-93DB-413C-A361-BEBFA26412B1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{52872535-0722-45AB-9BB5-7783489204CD}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{577F382E-6126-4CC4-BAAC-F4B2783980D5}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-203 |
"{596D874E-05AB-4B40-B7EE-54ED303A7230}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{5C53D4B8-6BBD-45C7-A00C-CD71AA774F37}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{6798A5A4-37AC-4054-A41B-FAE5717FDC34}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6EDB4917-D42F-4890-8C39-6246262ACD22}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{72F1FEC3-80F2-403F-8E18-33E929B32574}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{79081752-A423-4F0A-8F5C-06B0F3366989}" = dir=in | app=e:\setup\hpznui01.exe |
"{7C6A501C-95E0-41C5-A5C6-8D29D667EDAC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7D750F7A-D3B0-49F6-A26D-8B6DD42F442C}" = protocol=6 | dir=out | app=system |
"{80569BA4-F57E-4BD6-9015-91ED6FE29C8B}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{8072C25D-28AD-41C0-A857-FDF2443862AB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{82E4F81E-4DFE-41FE-B551-0FC3DEC5E050}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{875B1FB5-62D9-4C81-8542-C5E73A6C43DF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8A5B5AA7-89EA-46FF-81A4-7A8F10A367DC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{8BD4ADBE-A4B5-4A32-8628-A4CEB1A995AC}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{9ABD4BBC-76D4-433D-88B8-3A888D0461AA}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{9B15AC6F-99E2-40AA-A5C2-8EB9B28F440C}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{9DEDBCC2-770C-41F6-99EE-2CB23BD7F7A1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9F25CFB2-B753-4420-8733-1997F2965884}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{A1FC38ED-8BC7-4A9D-92C8-400D4A4E10CD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A842A99A-3E19-4010-84C1-1300211E9689}" = dir=in | app=c:\users\mathieu\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{B2C38177-A972-423E-A67F-386E4E5964AD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{B46CB9CA-B356-4391-BA21-B5E2EBAB0318}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{B4759EFA-7A4D-4B9C-84E6-BB6292218569}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{B4BAE9B3-0C71-4CA1-8691-30C525654284}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{BF55B0A7-D6A3-4660-912C-45FD45A6772D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{BFFCCD4E-E5F9-4968-8651-BCCAFF6DF017}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{C2BF4A44-0E62-4854-8EC1-139641C51973}" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{C65CC062-F944-4D85-A1BE-90D8CDD3FB9A}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{D245E28B-1768-464D-9CE8-F88163F377A3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{D3AD474E-BA4A-40FA-8C7E-F6F9285D6AFA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{DAEA6853-4527-4995-BFE8-D5A998166B1F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E0C65306-F828-45C1-A7E8-9BBC8FEB9D61}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{E63F5E5A-9C4B-4F88-ADDA-931E413843D0}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{E761550D-B728-406C-ACFF-59A1624DF92C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EBD3CF65-5FD3-40E7-95D5-FC66E6EA4194}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{EC9CAB91-9BD4-4837-9713-2E3E89205156}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EF1A33F5-0FC1-41A2-BDAF-4858861BCB16}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{F33C70C9-FDA0-4BAB-9E59-0E2218CF8B0C}" = protocol=58 | dir=in | app=system |
"{F4729CBA-3410-4CFF-9318-221ECD833CB9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F543A268-F717-4AC8-B17F-FC2599AAF796}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{F9B233F6-63C1-4D16-AB97-1210245B39E8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FC781B13-C784-4A73-913B-3D628B0054D6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"TCP Query User{665CA208-76DE-4EB9-BFF1-9FF7C52458EF}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{685D0BA9-4605-41E1-8F2C-F7AB11D248B6}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |
"TCP Query User{77E392CF-B6E4-4EC9-9F43-CE96E139CF0D}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{90279823-9B35-4171-8118-ED0085C796D4}C:\program files\live-player\live-player.exe" = protocol=6 | dir=in | app=c:\program files\live-player\live-player.exe |
"TCP Query User{93C1AEEE-7D67-4D4C-9595-4BB4947EC956}C:\program files\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files\ares\ares.exe |
"TCP Query User{C82B5513-EF21-488A-B95A-68BBF48605AD}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{CDB2DF6C-8A0B-45F5-9258-7918297E44AE}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{D15989DE-A5BC-4B56-9B4D-4907FABAC6AA}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |
"TCP Query User{D47BF627-D8C7-4B40-BFF6-5BFF53348EA4}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{0CC2E295-DC19-46A3-8C71-C664A074410F}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{3E70ADBE-31D8-4505-95EB-03D5F86AD20F}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{9169DB86-ECE8-4AD3-AA7D-2BB94B24BD1E}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{B80A294E-88AC-45AA-BB7D-2B9E0DE8CA32}C:\program files\live-player\live-player.exe" = protocol=17 | dir=in | app=c:\program files\live-player\live-player.exe |
"UDP Query User{BAFDBE47-ACA0-4B77-AC99-808C444B4BB0}C:\program files\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files\ares\ares.exe |
"UDP Query User{BC141682-C89C-4421-A441-DAE6E83F743A}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{DA8E8E62-D27F-477D-9DB4-1093BAB9DB0E}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |
"UDP Query User{E1CAAA6B-B875-448E-AC69-AB895DF50155}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |
"UDP Query User{EE21B8A6-088A-4E79-BFB8-D4EC92C76ADA}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{040FF9BD-17BE-427B-85DD-67694FB8F786}" = Badoo Desktop
"{05653DE1-6567-40C6-B930-39D399B64369}" = OpenOffice.org 3.3
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{06A940CD-4924-485E-8500-476C9E08A820}" = Samsung PC Studio 3
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}" = Microsoft .NET Framework 4 Client Profile FRA Language Pack
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2075CB0A-D26F-4DAA-B424-5079296B43BA}" = Windows Live FolderShare
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{2315B23D-3E21-4920-837D-AE6460934ECB}" = FIFA 09
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{250E9609-E830-43EB-B379-DAB7546A2422}" = muvee autoProducer 6.1
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 E1
"{39853B6B-FA3D-4040-805D-957CE51C4D0D}" = Code de la Route - Objectif Examen
"{3B160861-7250-451E-B5EE-8B92BF30A710}" = Microsoft Works
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.6
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{497072FE-0A75-4E5C-A5B7-EB1FA67F66F1}" = DJ_AIO_06_F4500_SW_MIN
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4D49757C-367A-4333-BDB3-68966162B14E}" = HP User Guides 0087
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{55A7B938-3D1E-4819-A87B-F83E736EF52E}" = F4500
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E5324C1-84FC-4F76-9A3A-C65E07F80EE6}" = Complément Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7421E270-0140-4F62-AE39-ECB9F1C81B35}" = SAGEM Wi-Fi 11g USB adapter (pilote)
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7AC15160-A49B-4A89-B181-D4619C025FFF}" = Samsung Samples Installer
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7DC4A410-9986-4329-9E5D-687B2C42CA39}" = HP QuickTouch 1.00 C4
"{7F08A772-2816-4F46-84F1-49578502AD28}" = HP Deskjet F4500 Printer Driver Software 13.0 Rel .6
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2010
"{90140000-0015-040C-0000-0000000FF1CE}_Office14.SingleImage_{C3AE9E57-4CD3-44FB-802F-9B461B26E3EB}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2010
"{90140000-0016-040C-0000-0000000FF1CE}_Office14.SingleImage_{C3AE9E57-4CD3-44FB-802F-9B461B26E3EB}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2010
"{90140000-0018-040C-0000-0000000FF1CE}_Office14.SingleImage_{C3AE9E57-4CD3-44FB-802F-9B461B26E3EB}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2010
"{90140000-0019-040C-0000-0000000FF1CE}_Office14.SingleImage_{C3AE9E57-4CD3-44FB-802F-9B461B26E3EB}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2010
"{90140000-001A-040C-0000-0000000FF1CE}_Office14.SingleImage_{C3AE9E57-4CD3-44FB-802F-9B461B26E3EB}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2010
"{90140000-001B-040C-0000-0000000FF1CE}_Office14.SingleImage_{C3AE9E57-4CD3-44FB-802F-9B461B26E3EB}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2010
"{90140000-001F-0401-0000-0000000FF1CE}_Office14.SingleImage_{1A43C155-3DDA-43C9-92C5-0E7D0B2B156D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2010
"{90140000-001F-0413-0000-0000000FF1CE}_Office14.SingleImage_{5072FEA2-862C-4BF0-9654-CB0DCBE2BE28}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2010
"{90140000-002C-040C-0000-0000000FF1CE}_Office14.SingleImage_{C8E4AA87-3E5A-4C70-8CB7-43FE25C99B74}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2010
"{90140000-0044-040C-0000-0000000FF1CE}_Office14.PROPLUS_{C3AE9E57-4CD3-44FB-802F-9B461B26E3EB}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2010
"{90140000-006E-040C-0000-0000000FF1CE}_Office14.SingleImage_{7C5C7E8C-F6D2-43AC-93A4-89E4FF7367E6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2010
"{90140000-00A1-040C-0000-0000000FF1CE}_Office14.SingleImage_{C3AE9E57-4CD3-44FB-802F-9B461B26E3EB}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-040C-0000-0000000FF1CE}" = Microsoft Office Groove MUI (French) 2010
"{90140000-00BA-040C-0000-0000000FF1CE}_Office14.PROPLUS_{C3AE9E57-4CD3-44FB-802F-9B461B26E3EB}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (French)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{952DEE45-7C0B-4CDF-80B3-D14BE6B02678}" = MSN Polygamy 8.1
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AB93C51F-71F9-4A28-8134-FE1B5B9373E9}" = Windows Live Remote Service Resources
"{AC76BA86-7AD7-1036-7B44-A81300000003}" = Adobe Reader 8.1.4 - Français
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{b02df929-29a7-4fd2-9a70-81a644b635f7}" = HP Total Care Advisor
"{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety
"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{C861504E-2F57-4F95-AB0A-C7C7D8E46A4E}" = Windows Live Family Safety
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software 1.10.13.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D416E000-D999-470A-BCAC-98E717CC1AFC}" = VirginMega.Fr Premium
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DFDBE1F9-04CE-4645-BB6C-4590EABC7A9C}" = Windows Live Remote Client Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1845F1C-068C-F8F4-D31D-D3540D47C453}" = Adobe Download Assistant
"{E2AA331E-E10E-438C-B1C0-24B2FFD3D9C4}" = SAGEM Wi-Fi 11g USB adapter (pilote)
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy
"{FDB5E0F3-86EA-4379-8A2F-1BC2436543E9}" = iCloud
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{ORAHSS}.UninstallSuite" = Orange - Logiciels Internet
"74b95b8f" = Contextual Tool Lightspeedincome
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AOL Toolbar" = AOL Toolbar 5.0
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"avast" = avast! Free Antivirus
"BabylonToolbar" = Babylon toolbar on IE
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"BrowserCompanion" = BrowserCompanion
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"DealPly" = DealPly
"EoRezo_is1" = EoRezo 10.3
"GeoGebra" = GeoGebra
"Google Chrome" = Google Chrome
"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"king.com" = king.com (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.4.2 (Full)
"LAME_is1" = LAME v3.99.3 (for Windows)
"ljvtyv" = Favorit
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile FRA Language Pack" = Module linguistique Microsoft .NET Framework 4 Client Profile FRA
"Mozilla Firefox 11.0 (x86 fr)" = Mozilla Firefox 11.0 (x86 fr)
"NSS" = Norton Security Scan
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUS" = Microsoft Office Professionnel Plus 2010
"Office14.SingleImage" = Microsoft Office Famille et Petite Entreprise 2010
"PhotoFiltre" = PhotoFiltre
"RealPlayer 12.0" = RealPlayer
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Shop for HP Supplies" = Shop for HP Supplies
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"SMSERIAL" = Motorola SM56 Data Fax Modem
"Software Informer_is1" = Software Informer 1.0 BETA
"SoftwareUpdate_is1" = SoftwareUpdate 1.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live
"Zylom Games Player Plugin" = Zylom Games Player Plugin

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2004331368-872200146-798892892-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"EA SPORTS Game Face Browser Plugin" = EA SPORTS Game Face Browser Plugin 1.0.0.18
"FoxTab Video Converter" = FoxTab Video Converter
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 04/04/2012 11:26:38 | Computer Name = PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 04/04/2012 11:26:38 | Computer Name = PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6334

Error - 04/04/2012 11:26:38 | Computer Name = PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6334

Error - 04/04/2012 11:26:39 | Computer Name = PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 04/04/2012 11:26:39 | Computer Name = PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7394

Error - 04/04/2012 11:26:39 | Computer Name = PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7394

Error - 04/04/2012 16:07:09 | Computer Name = PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 04/04/2012 16:07:09 | Computer Name = PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1950

Error - 04/04/2012 16:07:09 | Computer Name = PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1950

Error - 04/04/2012 16:30:08 | Computer Name = PC | Source = Application Error | ID = 1000
Description = Application défaillante connectivitymanager.exe, version 1.1.82.739,
horodatage 0x4999e0b4, module défaillant unknown, version 0.0.0.0, horodatage 0x00000000,
code d’exception 0xc0000005, décalage d’erreur 0x00000000, ID du processus 0x1770,
heure de début de l’application 0x01cd11d86f38e0d8.

[ System Events ]
Error - 04/04/2012 17:22:33 | Computer Name = PC | Source = Service Control Manager | ID = 7022
Description =

Error - 05/04/2012 15:03:16 | Computer Name = PC | Source = EventLog | ID = 6008
Description = L'arrêt système précédant à 23:47:09 le 04/04/2012 n'était pas prévu.

Error - 05/04/2012 15:04:53 | Computer Name = PC | Source = Service Control Manager | ID = 7000
Description =

Error - 05/04/2012 15:05:11 | Computer Name = PC | Source = Service Control Manager | ID = 7022
Description =

Error - 05/04/2012 15:05:11 | Computer Name = PC | Source = Service Control Manager | ID = 7001
Description =

Error - 06/04/2012 10:45:01 | Computer Name = PC | Source = Service Control Manager | ID = 7000
Description =

Error - 06/04/2012 11:01:22 | Computer Name = PC | Source = ipnathlp | ID = 31004
Description = L'agent proxy DNS n'a pas pu allouer 0 octets de mémoire. Ceci peut
indiquer que le système n'a plus beaucoup de mémoire virtuelle, ou que le gestionnaire
de mémoire a rencontré une erreur interne.

Error - 06/04/2012 11:01:52 | Computer Name = PC | Source = ipnathlp | ID = 31004
Description = L'agent proxy DNS n'a pas pu allouer 0 octets de mémoire. Ceci peut
indiquer que le système n'a plus beaucoup de mémoire virtuelle, ou que le gestionnaire
de mémoire a rencontré une erreur interne.

Error - 06/04/2012 15:28:11 | Computer Name = PC | Source = EventLog | ID = 6008
Description = L'arrêt système précédant à 20:15:03 le 06/04/2012 n'était pas prévu.

Error - 06/04/2012 15:29:49 | Computer Name = PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >
jujucds
Regular Member
 
Posts: 20
Joined: March 11th, 2012, 9:34 am

Re: computer infected with "virus gendarmerie" bis

Unread postby Gary R » April 7th, 2012, 1:19 am

No, don't worry about the message, just run the e-set scan. Hopefully the scan results will give some idea of what the "mystery" AV program is, and we can deal with it when we know what it is.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: computer infected with "virus gendarmerie" bis

Unread postby jujucds » April 7th, 2012, 9:07 am

Below the contents of file log.txt :

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=12
esets_scanner_update returned -1 esets_gle=12
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=0f0f54cb9004e642ac2cf52bf61a5afc
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-04-07 12:01:14
# local_time=2012-04-07 02:01:14 )
# country="France"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=768 16777215 100 0 61077508 61077508 0 0
# compatibility_mode=5892 16776574 100 100 64038 171323215 0 0
# compatibility_mode=8192 67108863 100 0 47211 47211 0 0
# scanned=245349
# found=11
# cleaned=0
# scan_time=9587
C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.31.2\BabylonToolbarApp.dll a variant of Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.31.2\BabylonToolbarsrv.exe probably a variant of Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarApp.dll a variant of Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarEng.dll Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarsrv.exe probably a variant of Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\FoxTabVideoConverter\VideoConverter.exe a variant of Win32/InstallCore.A application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\FoxTabVideoConverter\Uninstall\Uninstall.exe a variant of Win32/InstallCore.D application (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Users\Mathieu\AppData\Roaming\eoRezo\SoftwareUpdate\SoftwareUpdate.exe.vir a variant of Win32/Adware.EoRezo.N application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Mathieu\Desktop\Combofix\installer_lame_3_99_4_French.exe Win32/Vittalia application (unable to clean) 00000000000000000000000000000000 I


Thank you for you help,
jujucds
jujucds
Regular Member
 
Posts: 20
Joined: March 11th, 2012, 9:34 am

Re: computer infected with "virus gendarmerie" bis

Unread postby Gary R » April 7th, 2012, 5:08 pm

  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code: Select all
:OTL
IE - HKU\S-1-5-21-2004331368-872200146-798892892-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=101365&mntrId=400e65310000000000000021003c3e83&tt=090212_ctrl
[2012/02/16 20:14:56 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Mathieu\AppData\Roaming\mozilla\Firefox\Profiles\t0np4bv7.default\extensions\ffxtlbr@babylon.com
[2012/02/16 20:14:50 | 000,002,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)

:Files
C:\Program Files\BabylonToolbar
C:\Users\Mathieu\AppData\Roaming\Babylon

:Commands
[emptytemp]
[CreateRestorePoint]

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

Next

I'd like you to check some files for Viruses. (I suspect these may be false positives, so I'd like to see what other scans detect them as).
C:\Program Files\FoxTabVideoConverter\VideoConverter.exe
C:\Program Files\FoxTabVideoConverter\Uninstall\Uninstall.exe

  • Browse to the first file in the quote box above.
  • Click Send/Submit, and the file will upload to VirusTotal/Jotti, where it will be scanned by several anti-virus programmes.
  • After a while, a window will open, with details of what the scans found.
  • Note details of any viruses found.
  • Repeat for all files on the list, and post me the details please.

Summary of the logs I need from you in your next post:
  • OTL fix log
  • Results from VirusTotal or Jotti's
  • Let me know how your computer is behaving now.


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: computer infected with "virus gendarmerie" bis

Unread postby jujucds » April 8th, 2012, 1:38 pm

Hello,

Please find below the contents of file fix.log. When rrunning OTL, I did not pay attention to any of the settings. I hope this was the right thing to do. The results of VirusTotalwil be posyed separately.

OTL logfile created on: 08/04/2012 19:18:37 - Run 4
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Mathieu\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 0,90 Gb Available Physical Memory | 45,08% Memory free
4,23 Gb Paging File | 2,81 Gb Available in Paging File | 66,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137,62 Gb Total Space | 65,19 Gb Free Space | 47,37% Space Free | Partition Type: NTFS
Drive D: | 11,43 Gb Total Space | 2,38 Gb Free Space | 20,81% Space Free | Partition Type: NTFS

Computer Name: PC | User Name: Mathieu | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/06 21:40:21 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Mathieu\Desktop\OTL.exe
PRC - [2012/03/19 18:00:27 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/03/07 01:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/11/29 17:50:40 | 000,182,576 | ---- | M] (Blabbers Communications LTD) -- C:\Program Files\BrowserCompanion\BCHelper.exe
PRC - [2011/06/26 15:31:51 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/01/17 20:09:00 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 20:09:00 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/03 11:02:24 | 000,135,168 | ---- | M] (France Telecom SA) -- C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
PRC - [2009/03/03 11:02:06 | 000,602,864 | ---- | M] (France Telecom SA) -- C:\Program Files\OrangeHSS\Launcher\Launcher.exe
PRC - [2009/03/03 11:02:04 | 000,065,536 | ---- | M] (France Telecom SA) -- C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
PRC - [2009/03/03 11:02:04 | 000,065,536 | ---- | M] (France Telecom SA) -- C:\Program Files\Common Files\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
PRC - [2009/03/03 11:01:52 | 000,028,672 | ---- | M] (France Telecom SA) -- C:\Program Files\OrangeHSS\Connectivity\corecom\OraConfigRecover.exe
PRC - [2009/03/03 11:01:50 | 000,364,544 | ---- | M] (France Telecom SA) -- C:\Program Files\OrangeHSS\Connectivity\corecom\CoreCom.exe
PRC - [2009/03/03 11:01:48 | 000,712,704 | ---- | M] (France Telecom SA) -- C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe
PRC - [2009/03/03 11:01:42 | 000,090,112 | ---- | M] (France Telecom SA) -- C:\Program Files\Common Files\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
PRC - [2009/02/12 22:45:42 | 001,716,293 | ---- | M] (Informer Technologies, Inc.) -- C:\Program Files\Software Informer\softinfo.exe
PRC - [2007/10/24 12:02:16 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/10/24 12:02:14 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/10/09 18:59:30 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/01/17 15:34:18 | 000,634,880 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/19 18:00:27 | 001,969,080 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/02/25 22:49:54 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2012/02/12 00:37:43 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2012/02/12 00:37:43 | 000,170,496 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxslt.dll
MOD - [2011/08/07 13:54:44 | 000,362,029 | ---- | M] () -- C:\Program Files\BrowserCompanion\sqlite3.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2011/01/17 16:55:16 | 000,043,008 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\Basis\program\python-core-2.6.1\lib\_socket.pyd
MOD - [2009/03/03 11:02:14 | 000,589,824 | ---- | M] () -- C:\Program Files\OrangeHSS\Launcher\Plugins\PluginLnhPromptManager2.dll
MOD - [2009/03/03 11:02:12 | 000,237,568 | ---- | M] () -- C:\Program Files\OrangeHSS\Launcher\Plugins\PluginLnhRecovery.dll
MOD - [2009/02/03 17:08:00 | 000,032,768 | ---- | M] () -- C:\Program Files\OrangeHSS\Launcher\WatchClient.dll
MOD - [2007/12/19 19:28:32 | 000,345,384 | ---- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\TV\CLTinyDB.dll
MOD - [2007/12/19 19:28:20 | 000,251,288 | ---- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\TV\CLCapEngine.dll
MOD - [2007/12/19 19:28:20 | 000,120,208 | ---- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\TV\CLSchMgr.dll
MOD - [2007/12/19 19:28:20 | 000,038,184 | ---- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\TV\CLCapSvcps.dll
MOD - [2007/12/19 19:27:04 | 000,066,856 | ---- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\common\MCEMediaStatus.dll
MOD - [2007/08/14 16:43:46 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2007/07/12 14:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007/07/12 14:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/03/07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/06/12 12:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2009/03/03 11:02:04 | 000,065,536 | ---- | M] (France Telecom SA) [Auto | Running] -- C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe -- (FTRTSVC)
SRV - [2008/01/21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/10/24 12:02:16 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007/03/05 10:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbmodem.sys -- (USBModem)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbdiag.sys -- (UsbDiag)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbbus.sys -- (usbbus)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Mathieu\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/03/07 01:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/07 01:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/07 01:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/03/07 01:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/07 01:01:48 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/03/07 01:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/05/10 08:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2009/10/03 06:02:06 | 009,905,096 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/02/03 17:07:42 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2009/02/03 17:07:40 | 000,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCAMp50.sys -- (PCAMp50)
DRV - [2007/09/18 01:17:36 | 000,098,816 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/07/11 10:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007/07/03 17:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007/07/03 17:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007/07/03 17:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2007/06/18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/03/21 22:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/02/24 14:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/01/23 16:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/01/17 15:38:52 | 000,983,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006/11/02 09:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)
DRV - [2006/07/24 17:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q={searchTerms}&crm=1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll ()
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=101365&mntrId=400e65310000000000000021003c3e83&tt=090212_ctrl
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_fr
IE - HKCU\..\SearchScopes\{8978B5AF-2901-4B25-AF91-726C4CE68302}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{8A244612-A1F7-11E0-95C0-E71F4824019B}: "URL" = http://badoo.com/startpage/?source=bsb&q={searchTerms}
IE - HKCU\..\SearchScopes\{A66091A8-1C1F-43E6-AAB4-E81144499536}: "URL" = http://slirsredirect.search.aol.com/sli ... 156&query={searchTerms}&invocationType=tb50hpcnnbie7-fr-fr
IE - HKCU\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q={searchTerms}&crm=1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "http://www.google.fr/"
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Mathieu\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Mathieu\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll File not found
FF - HKCU\Software\MozillaPlugins\electronicarts.com/GameFacePlugin: C:\Users\Mathieu\AppData\Roaming\Electronic Arts\Game Face\1.0.0.18\npGameFacePlugin.dll (Electronic Arts)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/12/06 00:46:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\SpiderMessengerHelper@spidermessenger.com:
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/03/03 22:50:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/03/25 20:05:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/19 18:00:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/12 00:33:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/12/06 00:46:57 | 000,000,000 | ---D | M]

[2012/02/11 21:56:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mathieu\AppData\Roaming\mozilla\Extensions
[2012/02/16 20:57:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mathieu\AppData\Roaming\mozilla\Firefox\Profiles\t0np4bv7.default\extensions
[2012/02/12 01:28:05 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Users\Mathieu\AppData\Roaming\mozilla\Firefox\Profiles\t0np4bv7.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
[2012/02/16 20:57:17 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\Mathieu\AppData\Roaming\mozilla\Firefox\Profiles\t0np4bv7.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
[2012/02/16 20:15:09 | 000,000,000 | ---D | M] (Browser Companion Helper) -- C:\Users\Mathieu\AppData\Roaming\mozilla\Firefox\Profiles\t0np4bv7.default\extensions\bbrs_002@blabbers.com
[2012/02/16 20:14:56 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Mathieu\AppData\Roaming\mozilla\Firefox\Profiles\t0np4bv7.default\extensions\ffxtlbr@babylon.com
[2012/03/19 19:18:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\MATHIEU\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T0NP4BV7.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/03/19 18:00:27 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/12 00:33:34 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/08 19:58:02 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2012/02/16 20:14:50 | 000,002,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012/02/08 19:46:45 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/08 19:58:02 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2012/02/08 19:58:02 | 000,001,154 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2012/02/08 19:58:02 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2012/02/08 19:58:02 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.151\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.151\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.151\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: (Enabled) = C:\Users\Mathieu\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibgfbdggapddbjjbopabhlhianklajie\1.0.5_0\chromeNPAPI.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll
CHR - plugin: Zylom Plugin (Enabled) = C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Mathieu\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Game Face Plugin (Enabled) = C:\Users\Mathieu\AppData\Roaming\Electronic Arts\Game Face\1.0.0.18\npGameFacePlugin.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - Extension: DealPly = C:\Users\Mathieu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\
CHR - Extension: Browser Companion Helper = C:\Users\Mathieu\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibgfbdggapddbjjbopabhlhianklajie\1.0.5_0\
CHR - Extension: avast! WebRep = C:\Users\Mathieu\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Mathieu\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\

O1 HOSTS File: ([2012/04/04 23:16:29 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Browser Companion Helper Verifier) - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files\BrowserCompanion\updatebhoWin32.dll ( )
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Browser companion helper] C:\Program Files\BrowserCompanion\BCHelper.exe (Blabbers Communications LTD)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe (France Telecom SA)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [ejhmkp] "c:\users\mathieu\appdata\local\ejhmkp.exe" ejhmkp File not found
O4 - HKCU..\Run: [Facebook Update] C:\Users\Mathieu\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [fsm] File not found
O4 - HKCU..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent File not found
O4 - HKCU..\Run: [Software Informer] C:\Program Files\Software Informer\softinfo.exe (Informer Technologies, Inc.)
O4 - HKCU..\Run: [SpiderMessenger] File not found
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil11f_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Mathieu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Envoyer à OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: &Recherche AOL Toolbar - c:\Program Files\AOL\AOL Toolbar 5.0\resources\fr-FR\local\search.html ()
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: mappy.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: orange.fr ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: voila.fr ([rw.search.ke] http in Trusted sites)
O15 - HKCU\..Trusted Domains: weborama.fr ([orange] http in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3208D13B-5BCF-4D1D-8FC5-55283BDB8971}: DhcpNameServer = 192.168.1.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4FAE890B-A261-409B-895A-C5D16C407E3E}: DhcpNameServer = 172.20.2.39 172.20.2.10
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img7.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img7.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/08 04:32:36 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 17:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[CREATERESTOREPOINT]
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/04/08 19:12:04 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Mathieu\Desktop\OTL.exe
[2012/04/06 23:47:11 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Users\Mathieu\Desktop\freecell_xp.exe
[2012/04/04 23:39:37 | 000,000,000 | ---D | C] -- C:\Users\Mathieu\AppData\Roaming\Malwarebytes
[2012/04/04 23:39:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/04 23:39:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/04/04 23:39:25 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/04/04 23:39:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/04/04 23:35:58 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Mathieu\Desktop\mbam--setup-1.60.1.1000.exe
[2012/04/04 23:22:33 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/04/04 22:56:37 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/04/03 22:00:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/04/03 22:00:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/04/03 22:00:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/04/03 21:59:31 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/04/03 21:59:22 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/03 21:50:13 | 000,000,000 | ---D | C] -- C:\Users\Mathieu\Desktop\Combofix
[2012/03/15 22:36:53 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/03/14 20:11:53 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/03/14 20:11:52 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012/03/14 20:11:52 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012/03/14 20:11:51 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012/03/14 20:11:51 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012/03/14 20:11:51 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012/03/14 20:11:28 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2012/03/13 20:41:27 | 002,063,920 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Mathieu\Desktop\tdsskiller.exe
[2012/03/11 19:58:07 | 000,607,260 | R--- | C] (Swearware) -- C:\dds.scr
[2012/03/11 19:10:29 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Mathieu\Desktop\dds.scr

========== Files - Modified Within 30 Days ==========

[2012/04/08 19:12:59 | 000,202,208 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012/04/08 19:12:59 | 000,202,208 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/04/08 19:01:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/08 15:53:00 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/08 14:23:10 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2004331368-872200146-798892892-1000UA.job
[2012/04/08 14:23:06 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/08 14:23:06 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/08 11:07:01 | 000,001,103 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2012/04/08 11:06:41 | 000,000,374 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2012/04/08 11:06:30 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/08 11:06:02 | 2145,837,056 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/07 20:17:02 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2004331368-872200146-798892892-1000Core.job
[2012/04/07 00:06:49 | 000,203,024 | ---- | M] () -- C:\Windows\System32\cards.dll
[2012/04/07 00:06:49 | 000,203,024 | ---- | M] () -- C:\Users\Mathieu\Desktop\cards.dll
[2012/04/06 23:59:32 | 000,679,042 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2012/04/06 23:59:32 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/06 23:59:32 | 000,126,626 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2012/04/06 23:59:32 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/06 22:55:43 | 260,602,455 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/04/06 21:40:21 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Mathieu\Desktop\OTL.exe
[2012/04/06 18:17:10 | 000,000,562 | ---- | M] () -- C:\Windows\tasks\Norton Security Scan for Mathieu.job
[2012/04/04 23:39:28 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/04 23:35:59 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Mathieu\Desktop\mbam--setup-1.60.1.1000.exe
[2012/04/04 23:16:29 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/04/03 17:42:26 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForMathieu.job
[2012/03/25 20:05:06 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/03/19 19:18:59 | 000,000,918 | ---- | M] () -- C:\Windows\System32\InstallUtil.InstallLog
[2012/03/18 20:01:39 | 000,139,264 | ---- | M] () -- C:\Users\Mathieu\Desktop\SystemLook.exe
[2012/03/15 20:52:49 | 000,420,992 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/03/13 20:41:45 | 002,063,920 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Mathieu\Desktop\tdsskiller.exe
[2012/03/11 19:10:41 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Mathieu\Desktop\dds.scr
[2012/03/11 19:10:41 | 000,607,260 | R--- | M] (Swearware) -- C:\dds.scr

========== Files Created - No Company Name ==========

[2012/04/07 00:11:57 | 000,203,024 | ---- | C] () -- C:\Windows\System32\cards.dll
[2012/04/04 23:39:28 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/03 22:00:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/04/03 22:00:02 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/04/03 22:00:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/04/03 22:00:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/04/03 22:00:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/04/02 19:10:53 | 000,000,330 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForMathieu.job
[2012/03/18 20:01:35 | 000,139,264 | ---- | C] () -- C:\Users\Mathieu\Desktop\SystemLook.exe
[2012/02/03 21:56:18 | 000,000,091 | -H-- | C] () -- C:\Users\Mathieu\AppData\Local\ejhmkp.bat
[2011/04/09 21:05:08 | 000,000,091 | -H-- | C] () -- C:\Users\Mathieu\AppData\Local\dcutdd.bat
[2010/07/04 10:35:33 | 000,047,487 | ---- | C] () -- C:\Windows\System32\agsrzwducwqvqf.exe
[2010/06/26 00:09:35 | 000,000,606 | ---- | C] () -- C:\Windows\hpomdl46.dat.temp
[2010/05/23 00:10:04 | 000,000,091 | -H-- | C] () -- C:\Users\Mathieu\AppData\Local\eppbllc.bat
[2010/05/06 13:38:03 | 000,000,092 | -H-- | C] () -- C:\Users\Mathieu\AppData\Local\jmhlv.bat
[2010/04/20 12:03:56 | 000,000,090 | -H-- | C] () -- C:\Users\Mathieu\AppData\Local\icdxsmh.bat

========== Custom Scans ==========

< :OTL >

< IE - HKU\S-1-5-21-2004331368-872200146-798892892-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=101365&mntrId=400e65310000000000000021003c3e83&tt=090212_ctrl >

< [2012/02/16 20:14:56 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Mathieu\AppData\Roaming\mozilla\Firefox\Profiles\t0np4bv7.default\extensions\ffxtlbr@babylon.com >
Invalid Switch: 16 20:14:56 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Mathieu\AppData\Roaming\mozilla\Firefox\Profiles\t0np4bv7.default\extensions\ffxtlbr@babylon.com

< [2012/02/16 20:14:50 | 000,002,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml >
Invalid Switch: 16 20:14:50 | 000,002,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml

< O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.) >

< O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO) >

< >

< :Files >

< C:\Program Files\BabylonToolbar >

< C:\Users\Mathieu\AppData\Roaming\Babylon >

< >

< :Commands >

< [emptytemp] >

========== Alternate Data Streams ==========

@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >
jujucds
Regular Member
 
Posts: 20
Joined: March 11th, 2012, 9:34 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 297 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware