Comment supprimer babylon search?

Ici vous trouverez de l'aide pour toutes les questions que vous vous posez sur la sécurité informatique, et sur les problèmes rencontrés avec les antivirus, firewalls, etc..

Modérateurs: Modérateurs, Equipe de désinfection

Règles du forum
Image Merci de lire les règlements du forum avant de poster.

Image Rappel: Le langage SMS n'est pas toléré sur ce forum. Les demandes d'aide écrites en SMS ou formulées dans un français trop approximatif ne seront pas traitées.
Publicité

Comment supprimer babylon search?

Messagede berniscotto » 05 Nov 2011 15:19

bonjour
nouveau sur le forum, 62 ans, pas très doué en informatique, espère vos conseils . merci d'avance .

sur windows vista, j'utilise mozilla firefox, avec page d'accueil google ... depuis 3 jours je suis souvent redirigé vers "babylon search " ... je veux supprimer cet intrus ... mais je ne le trouve pas en tapant dans "rechercher" sur mon ordi ... ?????

merci de vos lumières
berniscotto
berniscotto
De passage
De passage
 
Messages: 6
Inscription: 05 Nov 2011 14:57

Re: babylon search

Messagede SkyTech » 05 Nov 2011 16:14

Salut,

Des logiciels additionnels sont proposés (barre d'outils, adwares) via l'installation de logiciel par éditeurs.
L'éditeur touche de l'argent à chaque installation réussie de ces additionnels tiers (un genre de sponsoring).
Seulement certains éditeurs, abusent, pour gagner plus d'argent, ils redistribuent des logiciels libres développés par des bénévoles en y ajoutant ces logiciels additionnels.
Des pubs trompeuses peuvent aussi être utilisés pour faire installer ces logiciels.

Outre le fait que les procédés sont discutables, l'accumulation de ces programmes additionnels non essentiels concourent à ralentir considérablement l'ordinateur (peux aussi faire planter les navigateurs WEB).
Certains font aussi du tracking anonymes (récupérations des thématiques de sites visités).

Tu as la même chose avec les barres d'outils :
Les barres d'outils sont là pour t'affilier à un service (moteur de recherche de Yahoo! ou Google), ça rajoute des fonctionnalités mais en général les navigateurs les ont par défaut.
De plus, elles enregistrent les sites que tu visites pour les transmettre (tracking) à faire de la publicité ciblée, c'est pas super niveau protection de la vie privée.
Plusieurs toolbars ralentissent le PC et peuvent faire planter les navigateurs WEB.
Au final, il est pas conseillé d'en utiliser.

Lire :
Les PUPs/LPIs : http://www.malekal.com/2011/07/27/detec ... d-program/

Puis :

Téléchargez AdwCleaner( d'Xplode ) sur votre bureau.
Lancez le, cliquez sur [Suppression] puis patientez le temps du scan.
Une fois le scan fini, un rapport s'ouvrira.
Note : Le rapport est également sauvegardé sous C:\AdwCleaner[S1].txt
Avatar de l’utilisateur
SkyTech
Super Modérateur
Super Modérateur
 
Messages: 1370
Inscription: 16 Sep 2011 19:40

Re: babylon search

Messagede berniscotto » 05 Nov 2011 18:13

merci beaucoup sky tech ! :salut:

je vais suivre tes conseils

bonne journée
berniscotto
berniscotto
De passage
De passage
 
Messages: 6
Inscription: 05 Nov 2011 14:57

Re: babylon search

Messagede berniscotto » 05 Nov 2011 18:21

pas de chance :pale: quand j'essaie d'accéder au téléchargement de AdwCleaner mon anti virus affiche :

BitDefender 2011

Cette page Internet a été bloquée par la protection en temps réel du module Antivirus de BitDefender !

La page Web bloquée par BitDefender contenait des éléments infectés ou susceptibles d'être infectés par un virus. Votre système n'a PAS été infecté.
berniscotto
De passage
De passage
 
Messages: 6
Inscription: 05 Nov 2011 14:57

Re: babylon search

Messagede doc pc » 05 Nov 2011 21:57

salut vous deux,

juste pour faire avancer!
désactive ton antivirus le temps de télécharger et d'executer AdwCleaner
ça ne crain rien :dac:

@+
Sky :respect:
Avatar de l’utilisateur
doc pc
Super Modérateur
Super Modérateur
 
Messages: 3774
Inscription: 20 Fév 2010 3:23
Localisation: Groland

Re: Comment supprimer babylon search?

Messagede famillehanni » 15 Déc 2011 19:15

Bonjour, j'ai le même problème avec Babylon qui ne veut pas s'enlever.
J'ai suivi le prossecus mais il est toujours là.
Voilà le rapport :


# AdwCleaner v1.402 - Rapport créé le 15/12/2011 à 19:01:34
# Mis à jour le 11/12/11 à 19h par Xplode
# Système d'exploitation : Windows 7 Ultimate Service Pack 1 (32 bits)
# Nom d'utilisateur : Famille HANNI - FAMILLEHANNI-PC (Administrateur)
# Exécuté depuis : C:\Users\Famille HANNI\Downloads\adwcleaner (1).exe
# Option [Suppression]


***** [Services] *****


***** [Fichiers / Dossiers] *****

Dossier Supprimé : C:\ProgramData\Babylon
Dossier Supprimé : C:\Users\Famille HANNI\AppData\Roaming\Babylon
Dossier Supprimé : C:\Users\Famille HANNI\AppData\Roaming\pdfforge
Dossier Supprimé : C:\Users\Famille HANNI\AppData\Local\Babylon

***** [Registre] *****

Clé Supprimée : HKLM\SOFTWARE\Babylon
Clé Supprimée : HKLM\SOFTWARE\Classes\pdfforge.DllInfo
Clé Supprimée : HKLM\SOFTWARE\Classes\pdfforge.PDF.PDF
Clé Supprimée : HKLM\SOFTWARE\Classes\pdfforge.PDF.PDFEncryptor
Clé Supprimée : HKLM\SOFTWARE\Classes\pdfforge.PDF.PDFLine
Clé Supprimée : HKLM\SOFTWARE\Classes\pdfforge.PDF.PDFText
Clé Supprimée : HKLM\SOFTWARE\Classes\pdfforge.Tools
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4
Clé Supprimée : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

***** [Navigateurs] *****

-\\ Internet Explorer v9.0.8112.16421

Remplacé : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?AF=100490&ba ... 19210a2c62 --> hxxp://www.google.fr

-\\ Google Chrome v15.0.874.121

Fichier : C:\Users\Famille HANNI\AppData\Local\Google\Chrome\User Data\Default\Preferences

Supprimée : "icon_url": "hxxp://www.babylon.com/favicon.ico",
Supprimée : "keyword": "babylon.com",
Supprimée : "name": "Search the web (Babylon)",
Supprimée : "search_url": "hxxp://search.babylon.com/?q={searchTerms}&AF=100490&babsrc=SP_ss&mntrId=dc3041[...]

-\\ Opera v0.0.0.0

Fichier : C:\Users\Famille HANNI\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Le fichier ne contient aucune entrée illégitime.

*************************

AdwCleaner[S1].txt - [2614 octets] - [15/12/2011 19:01:34]

*************************

Dossier Temporaire : 6 dossier(s)et 21 fichier(s) supprimés

########## EOF - C:\AdwCleaner[S1].txt - [2834 octets] ##########

Merci pour votre aide...
famillehanni
De passage
De passage
 
Messages: 4
Inscription: 15 Déc 2011 19:08

Re: Comment supprimer babylon search?

Messagede SkyTech » 15 Déc 2011 22:04

Salut,

Tu peux désinstaller AdwCleaner.

Pour voir :


* Télécharge >> OTL <<sur ton bureau.

* Fait un double-clic sur l'icône d'OTL pour le lancer
/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"

* Assure toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case "Rapport minimal" soit cochée.

* Copies et colles le contenue de cette citation dans la partie inférieure d'OTL "Personnalisation"

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%temp%\*.exe /s
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
/md5start
explorer.exe
winlogon.exe
wininit.exe
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems /s
CREATERESTOREPOINT
nslookup http://www.google.fr /c
SAVEMBR:0
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs



* Cliques sur l'icône "Analyse" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan un ou deux rapports vont s'ouvrir "OTL.Txt" et ( ou ) "Extras.Txt"( dans certains cas).
* Copie et colle le ou les rapports dans ta réponse stp...
* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés
Avatar de l’utilisateur
SkyTech
Super Modérateur
Super Modérateur
 
Messages: 1370
Inscription: 16 Sep 2011 19:40

Re: Comment supprimer babylon search?

Messagede famillehanni » 16 Déc 2011 19:42

Bonsoir,
Merci pour la réponse, voilà le rapport :


Code: Tout sélectionner
OTL logfile created on: 16/12/2011 19:29:00 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Famille HANNI\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

767,55 Mb Total Physical Memory | 342,71 Mb Available Physical Memory | 44,65% Memory free
1,75 Gb Paging File | 0,93 Gb Available in Paging File | 53,10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 113,27 Gb Total Space | 55,26 Gb Free Space | 48,78% Space Free | Partition Type: NTFS
Drive D: | 113,76 Gb Total Space | 83,41 Gb Free Space | 73,32% Space Free | Partition Type: NTFS
Drive E: | 496,74 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: FAMILLEHANNI-PC | User Name: Famille HANNI | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - C:\Users\Famille HANNI\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Athan\Athan.exe (http://www.IslamicFinder.org)
PRC - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe ()
PRC - C:\Program Files\SoftwareForMe Inc\PhoneMyPC\PhoneMyPC.exe (SoftwareForMe Inc)
PRC - C:\Program Files\SoftwareForMe Inc\PhoneMyPC\PhoneMyPC_Helper.exe (SoftwareForMe Inc)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ()
MOD - C:\Program Files\Athan\vbp.dll ()
MOD - C:\Program Files\Athan\vbh.dll ()
MOD - C:\Program Files\Athan\vbq.dll ()


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (PassThru Service) -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe ()
SRV - (PhoneMyPC_Helper) -- C:\Program Files\SoftwareForMe Inc\PhoneMyPC\PhoneMyPC_Helper.exe (SoftwareForMe Inc)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (vmbus) -- C:\Windows\system32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (htcnprot) -- C:\Windows\System32\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider)
DRV - (HTCAND32) -- C:\Windows\System32\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys ()


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr-FR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 D8 F5 AE 50 39 CC 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..extensions.enabledItems: MapShare-status@tomtom.com:1.7.1
FF - prefs.js..extensions.enabledItems: baseTheme@tomtom.com:1.0.2

FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf:  File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.660: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.660: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.660: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf:  File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Famille HANNI\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Famille HANNI\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Famille HANNI\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Famille HANNI\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/08/14 09:28:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/12/01 10:17:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/12/01 10:17:41 | 000,000,000 | ---D | M]

[2010/12/29 12:58:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Famille HANNI\AppData\Roaming\mozilla\Extensions
[2010/12/29 12:58:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Famille HANNI\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2011/07/04 18:01:32 | 000,000,000 | ---D | M] (Map status indicator) -- C:\PROGRAM FILES\TOMTOM HOME 2\XUL\EXTENSIONS\MAPSHARE-STATUS@TOMTOM.COM

[color=#E56717]========== Chrome  ==========[/color]

CHR - default_search_provider: Search the web (Babylon) (Enabled)
CHR - default_search_provider: search_url = http://search.babylon.com/?q={searchTerms}&AF=100490&babsrc=SP_ss&mntrId=dc3041770000000000000019210a2c62
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Famille HANNI\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\Famille HANNI\AppData\Local\Google\Chrome\Application\16.0.912.63\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Famille HANNI\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Famille HANNI\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Freebox gestion compte Free = C:\Users\Famille HANNI\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbdmmjmephnknaophbodimnolknihelk\2.0.1_0\
CHR - Extension: YouTube = C:\Users\Famille HANNI\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Freemote v6 = C:\Users\Famille HANNI\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbpjpeceiagjcfiebblpdoiegipeoim\2.2_0\
CHR - Extension: Recherche Google = C:\Users\Famille HANNI\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Download on my freebox = C:\Users\Famille HANNI\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfaijjldlpnoibbgahfklghioogabdio\0.3.5_0\
CHR - Extension: Extension Chrome to Phone de Google = C:\Users\Famille HANNI\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.1_0\
CHR - Extension: FreeboxLink = C:\Users\Famille HANNI\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofdegjlhpamemcfncfmdpibhmkokioid\1.0_0\
CHR - Extension: Gmail = C:\Users\Famille HANNI\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2011/07/02 21:54:21 | 000,000,864 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 validation.sls.microsoft.com
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Athan] C:\Program Files\Athan\Athan.exe (http://www.IslamicFinder.org)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O8 - Extra context menu item: &Envoyer à OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{322DCD9B-6189-42EF-84ED-7F41252A50B8}: DhcpNameServer = 192.168.0.254
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found

MsConfig - StartUpReg: [b]Adobe ARM[/b] - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: [b]Adobe Reader Speed Launcher[/b] - hkey= - key= - C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: [b]BCSSync[/b] - hkey= - key= - C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
MsConfig - StartUpReg: [b]GmailNotifierPro[/b] - hkey= - key= - C:\Program Files\Gmail Notifier Pro\GmailNotifierPro.exe (Patrik Engström)
MsConfig - StartUpReg: [b]Google Update[/b] - hkey= - key= - C:\Users\Famille HANNI\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: [b]HomePlayer[/b] - hkey= - key= - C:\Program Files\HomePlayer\HomePlayer.exe ()
MsConfig - StartUpReg: [b]HTC Sync Loader[/b] - hkey= - key= - C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
MsConfig - StartUpReg: [b]OfficeSyncProcess[/b] - hkey= - key= - C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
MsConfig - StartUpReg: [b]Sidebar[/b] - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
MsConfig - StartUpReg: [b]SunJavaUpdateSched[/b] - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: [b]TkBellExe[/b] - hkey= - key= - c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: [b]TomTomHOME.exe[/b] - hkey= - key= - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {9793EDE2-499E-4A14-8220-523691D8F91B} - .NET Framework
ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.0
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2011/12/16 14:42:56 | 000,000,000 | ---D | C] -- C:\Users\Famille HANNI\AppData\Local\{BD994574-E858-4906-B46A-A4CCED969DA1}
[2011/12/16 14:42:32 | 000,000,000 | ---D | C] -- C:\Users\Famille HANNI\AppData\Local\{977188A2-2ED8-45BC-BE48-A49E3203B838}
[2011/12/15 21:22:49 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/12/15 21:22:46 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/12/15 21:22:45 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/12/15 21:22:44 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/12/15 21:22:44 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/12/15 21:22:39 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/12/15 16:41:09 | 002,342,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/12/15 16:41:04 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/12/15 16:40:39 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/12/15 16:40:35 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011/12/15 16:40:26 | 003,912,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/12/15 16:40:25 | 003,967,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/12/15 16:33:59 | 000,000,000 | ---D | C] -- C:\Users\Famille HANNI\AppData\Local\{4D09A02F-B877-4553-B806-2E337E085FBD}
[2011/12/15 16:33:45 | 000,000,000 | ---D | C] -- C:\Users\Famille HANNI\AppData\Local\{33F6386E-416B-4011-8AF0-D3C7A1A5ECDF}
[2011/12/14 18:02:42 | 000,000,000 | ---D | C] -- C:\Users\Famille HANNI\AppData\Roaming\Malwarebytes
[2011/12/14 18:02:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/14 18:02:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/14 18:02:14 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/12/14 18:02:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/14 13:51:09 | 000,000,000 | ---D | C] -- C:\Users\Famille HANNI\AppData\Local\{619D050A-7304-4B76-8330-847953149712}
[2011/12/14 13:50:16 | 000,000,000 | ---D | C] -- C:\Users\Famille HANNI\AppData\Local\{5302380B-1F1C-4D55-8EC0-A2E60BBF5854}
[2011/12/13 16:08:51 | 000,000,000 | ---D | C] -- C:\Users\Famille HANNI\Desktop\059-88-6313caef413b62a
[2011/12/13 14:25:52 | 000,000,000 | ---D | C] -- C:\Users\Famille HANNI\AppData\Local\{BE5A658E-8E90-4EA0-BBB4-5A6021C01598}
[2011/12/13 14:24:43 | 000,000,000 | ---D | C] -- C:\Users\Famille HANNI\AppData\Local\{390BA386-EBB6-4C72-83E9-3ED3B87286B1}
[2011/12/12 15:21:16 | 000,000,000 | ---D | C] -- C:\Users\Famille HANNI\AppData\Local\{AC21A4CA-5980-44EF-8B1D-BCF725E9897B}
[2011/12/12 15:21:02 | 000,000,000 | ---D | C] -- C:\Users\Famille HANNI\AppData\Local\{0C37384B-D9E0-45AD-AEB3-F1B67F99BDC2}
[2011/12/12 03:20:32 | 000,000,000 | ---D | C] -- C:\Users\Famille HANNI\AppData\Local\{E2983310-F29F-45DC-9553-A7BE761296D2}
[2011/12/11 15:19:51 | 000,000,000 | ---D | C] -- C:\Users\Famille HANNI\AppData\Local\{6635B683-D060-4D92-805C-EC9EDEFF8E32}
[2011/12/11 15:19:38 | 000,000,000 | ---D | C] -- C:\Users\Famille HANNI\AppData\Local\{7D12395B-8C51-4A5D-A8F1-7D7DB9F2EBCC}
[2011/12/11 11:33:25 | 000,000,000 | ---D | C] -- C:\Users\Famille HANNI\AppData\Local\{0D6978BC-2E5C-4881-990A-062865FA97D1}
[2011/12/10 13:52:06 | 000,000,000 | ---D | C] -- C:\Users\Famille HANNI\AppData\Local\{DA89D53E-44A4-44AC-B1A0-3DA317A7D43B}
[2011/12/10 13:50:34 | 000,000,000 | ---D | C] -- C:\Users\Famille HANNI\AppData\Local\{FA309F5A-57AD-4D90-8FBC-EDD04A946813}
[2011/12/09 16:26:54 | 000,000,000 | ---D | C] -- C:\Users\Famille HANNI\AppData\Local\{3A9037CF-EFFE-45EE-B1FC-A64BE7AD3CDC}
[2011/12/09 16:26:01 | 000,000,000 | ---D | C] -- C:\Users\Famille HANNI\AppData\Local\{30F9C390-DB63-4CA5-BDC5-3C2D4C4CA799}
[2011/12/08 13:51:23 | 000,000,000 | ---D | C] -- C:\Users\Famille HANNI\AppData\Local\{181915FE-76CA-4888-B35E-408B13CF781F}
[2011/12/08 13:50:22 | 000,000,000 | ---D | C] -- C:\Users\Famille HANNI\AppData\Local\{6230C490-6916-45E3-8E5E-34B1CE8CFFD0}
[2011/12/07 16:47:37 | 000,000,000 | ---D | C] -- C:\Users\Famille HANNI\AppData\Local\{C835841B-D498-46EF-B2B4-84A675E8CBEA}
[2011/12/07 16:47:24 | 000,000,000 | ---D | C] -- C:\Users\Famille HANNI\AppData\Local\{1BA16E59-62FF-4C63-8184-0B71736F34BB}
[2011/12/02 18:05:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/12/02 18:04:47 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/12/02 18:04:47 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/12/02 18:04:47 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/12/02 09:10:51 | 000,000,000 | ---D | C] -- C:\Users\Famille HANNI\AppData\Local\{E328B62B-5280-4F85-BBC2-0B7133D2789A}
[2011/12/02 09:10:38 | 000,000,000 | ---D | C] -- C:\Users\Famille HANNI\AppData\Local\{DC5A8887-3840-4282-B191-8C3FD722745E}
[2011/12/01 21:09:09 | 000,000,000 | ---D | C] -- C:\Windows\fr
[2011/12/01 20:57:38 | 000,000,000 | ---D | C] -- C:\Users\Famille HANNI\AppData\Local\{EF407B6A-FA36-43C7-A9DC-38B99E118B51}
[2011/12/01 20:57:25 | 000,000,000 | ---D | C] -- C:\Users\Famille HANNI\AppData\Local\{5D9558A3-E7C2-4914-8701-BEB25CA41629}
[2011/12/01 18:44:39 | 000,000,000 | ---D | C] -- C:\Users\Famille HANNI\AppData\Local\{A548C50B-259F-44A4-869E-839522D3845F}
[2011/12/01 11:28:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Blender
[2011/12/01 11:28:21 | 000,000,000 | ---D | C] -- C:\Program Files\PDF Blender
[2011/12/01 11:13:10 | 000,000,000 | ---D | C] -- C:\Program Files\Tracker Software
[2011/12/01 10:30:22 | 000,000,000 | ---D | C] -- C:\Users\Famille HANNI\Documents\Mes numérisations
[2011/12/01 10:25:52 | 000,000,000 | ---D | C] -- C:\Users\Famille HANNI\AppData\Local\HP
[2011/12/01 10:18:59 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG
[2011/12/01 10:18:59 | 000,000,000 | ---D | C] -- C:\Users\Famille HANNI\AppData\Roaming\HP
[2011/12/01 10:18:00 | 000,000,000 | ---D | C] -- C:\Users\Famille HANNI\AppData\Roaming\HpUpdate
[2011/12/01 10:16:57 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2011/12/01 10:15:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2011/12/01 09:59:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2011/12/01 09:59:39 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCOMCT2.OCX
[2011/12/01 09:59:39 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMAPI32.OCX
[2011/12/01 09:59:37 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCMCFR.DLL
[2011/12/01 09:59:37 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCC2FR.DLL
[2011/12/01 09:59:36 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPIDE.DLL
[2011/12/01 09:59:36 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator
[2011/12/01 09:36:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2011/11/26 12:18:11 | 000,000,000 | ---D | C] -- C:\Users\Famille HANNI\Desktop\WiiBackupManager0.3.2 (1)
[2011/11/19 09:17:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftwareForMe
[2011/11/19 09:17:42 | 000,000,000 | ---D | C] -- C:\Program Files\SoftwareForMe Inc
[2011/11/19 08:50:35 | 000,000,000 | ---D | C] -- C:\Sharing Downloads
[2011/11/19 08:50:14 | 000,131,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSADODC.ocx
[2011/11/19 08:50:14 | 000,115,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSINET.OCX
[2011/11/19 08:50:14 | 000,109,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSWINSCK.OCX
[2011/11/19 08:50:13 | 000,000,000 | ---D | C] -- C:\Program Files\OneStopSoft.com
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2011/12/16 19:33:29 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011/12/16 19:23:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4173410584-1170738123-2368846722-1001UA.job
[2011/12/16 19:07:01 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/16 15:31:50 | 000,704,242 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2011/12/16 15:31:50 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/16 15:31:50 | 000,434,288 | ---- | M] () -- C:\Windows\System32\perfh001.dat
[2011/12/16 15:31:50 | 000,130,548 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2011/12/16 15:31:50 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/16 15:31:50 | 000,078,786 | ---- | M] () -- C:\Windows\System32\perfc001.dat
[2011/12/16 14:41:22 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/16 14:40:37 | 000,408,672 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/16 14:40:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/16 14:39:55 | 603,627,520 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/15 18:51:49 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/12/14 18:02:19 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/12 11:23:02 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4173410584-1170738123-2368846722-1001Core.job
[2011/12/10 16:48:51 | 000,004,473 | ---- | M] () -- C:\user.js
[2011/12/10 14:37:18 | 000,737,280 | ---- | M] (Indigo Rose Corporation) -- C:\Windows\iun6002.exe
[2011/12/09 16:33:35 | 000,014,544 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/09 16:33:35 | 000,014,544 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/01 12:36:46 | 000,919,883 | ---- | M] () -- C:\Users\Famille HANNI\target.pdf
[2011/12/01 10:33:46 | 000,002,026 | ---- | M] () -- C:\Users\Famille HANNI\Desktop\Mes numérisations - Raccourci.lnk
[2011/12/01 10:19:30 | 000,179,823 | ---- | M] () -- C:\Windows\hpoins44.dat
[2011/12/01 10:15:57 | 000,002,073 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/12/01 09:39:26 | 000,146,707 | ---- | M] () -- C:\Windows\hpoins44.dat.temp
[2011/11/30 13:59:00 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/11/28 19:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/11/28 19:01:23 | 000,199,816 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/11/28 18:53:53 | 000,435,032 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/11/28 18:53:35 | 000,314,456 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/11/28 18:52:19 | 000,034,392 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/11/28 18:52:16 | 000,052,952 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/11/28 18:52:07 | 000,055,128 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/11/28 18:51:50 | 000,020,568 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/11/26 12:06:34 | 000,000,981 | ---- | M] () -- C:\Users\Famille HANNI\Desktop\WiiBackupManager - Raccourci.lnk
[2011/11/24 05:25:27 | 002,342,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/11/19 10:17:57 | 000,130,246 | ---- | M] () -- C:\Users\Famille HANNI\Desktop\Généalogie Christophe.gnl
[2011/11/19 10:13:07 | 000,130,246 | ---- | M] () -- C:\Users\Famille HANNI\Desktop\Généalogie Christophe.bak
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011/12/16 19:33:29 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011/12/14 18:02:19 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/10 14:37:26 | 000,004,473 | ---- | C] () -- C:\user.js
[2011/12/01 11:20:24 | 000,919,883 | ---- | C] () -- C:\Users\Famille HANNI\target.pdf
[2011/12/01 10:33:46 | 000,002,026 | ---- | C] () -- C:\Users\Famille HANNI\Desktop\Mes numérisations - Raccourci.lnk
[2011/12/01 10:15:57 | 000,002,073 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/12/01 09:34:59 | 000,179,823 | ---- | C] () -- C:\Windows\hpoins44.dat
[2011/12/01 09:34:59 | 000,000,512 | ---- | C] () -- C:\Windows\hpomdl44.dat
[2011/12/01 09:25:43 | 000,146,707 | ---- | C] () -- C:\Windows\hpoins44.dat.temp
[2011/12/01 09:25:43 | 000,000,512 | ---- | C] () -- C:\Windows\hpomdl44.dat.temp
[2011/11/26 12:06:34 | 000,000,981 | ---- | C] () -- C:\Users\Famille HANNI\Desktop\WiiBackupManager - Raccourci.lnk
[2011/08/14 09:18:57 | 000,000,404 | ---- | C] () -- C:\Windows\cdplayer.ini
[2011/05/04 09:16:44 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/05/04 09:14:15 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/05/02 16:12:48 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/03/14 09:56:12 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010/12/28 19:18:19 | 000,289,060 | ---- | C] () -- C:\Windows\System32\perfi001.dat
[2010/12/28 19:18:18 | 000,434,288 | ---- | C] () -- C:\Windows\System32\perfh001.dat
[2010/12/28 19:18:18 | 000,078,786 | ---- | C] () -- C:\Windows\System32\perfc001.dat
[2010/12/28 19:18:18 | 000,042,056 | ---- | C] () -- C:\Windows\System32\perfd001.dat
[2009/07/14 09:39:49 | 000,704,242 | ---- | C] () -- C:\Windows\System32\perfh00C.dat
[2009/07/14 09:39:49 | 000,344,522 | ---- | C] () -- C:\Windows\System32\perfi00C.dat
[2009/07/14 09:39:49 | 000,130,548 | ---- | C] () -- C:\Windows\System32\perfc00C.dat
[2009/07/14 09:39:49 | 000,038,160 | ---- | C] () -- C:\Windows\System32\perfd00C.dat
[2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 05:33:53 | 000,408,672 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 03:05:48 | 000,615,810 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 03:05:48 | 000,106,190 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*. >[/color]

[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.exe /s >[/color]

[color=#A23BEC]< %APPDATA%\*. >[/color]
[2011/01/23 14:03:48 | 000,000,000 | ---D | M] -- C:\Users\Famille HANNI\AppData\Roaming\Adobe
[2011/03/11 18:28:25 | 000,000,000 | ---D | M] -- C:\Users\Famille HANNI\AppData\Roaming\AVS4YOU
[2011/01/03 11:45:55 | 000,000,000 | ---D | M] -- C:\Users\Famille HANNI\AppData\Roaming\DAEMON Tools Lite
[2011/01/29 15:06:46 | 000,000,000 | ---D | M] -- C:\Users\Famille HANNI\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/12/01 10:25:53 | 000,000,000 | ---D | M] -- C:\Users\Famille HANNI\AppData\Roaming\HP
[2011/12/15 16:37:12 | 000,000,000 | ---D | M] -- C:\Users\Famille HANNI\AppData\Roaming\HpUpdate
[2011/09/28 09:22:19 | 000,000,000 | ---D | M] -- C:\Users\Famille HANNI\AppData\Roaming\HTC
[2011/01/23 14:07:04 | 000,000,000 | ---D | M] -- C:\Users\Famille HANNI\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2010/12/28 13:18:04 | 000,000,000 | ---D | M] -- C:\Users\Famille HANNI\AppData\Roaming\Identities
[2010/12/28 13:51:19 | 000,000,000 | ---D | M] -- C:\Users\Famille HANNI\AppData\Roaming\Macromedia
[2011/12/14 18:02:42 | 000,000,000 | ---D | M] -- C:\Users\Famille HANNI\AppData\Roaming\Malwarebytes
[2009/07/14 10:00:32 | 000,000,000 | ---D | M] -- C:\Users\Famille HANNI\AppData\Roaming\Media Center Programs
[2011/11/14 11:43:15 | 000,000,000 | ---D | M] -- C:\Users\Famille HANNI\AppData\Roaming\Micro Application
[2011/12/01 20:15:27 | 000,000,000 | --SD | M] -- C:\Users\Famille HANNI\AppData\Roaming\Microsoft
[2011/11/24 12:06:44 | 000,000,000 | ---D | M] -- C:\Users\Famille HANNI\AppData\Roaming\Mozilla
[2010/12/28 13:51:02 | 000,000,000 | ---D | M] -- C:\Users\Famille HANNI\AppData\Roaming\Opera
[2011/08/06 21:05:45 | 000,000,000 | ---D | M] -- C:\Users\Famille HANNI\AppData\Roaming\Outlook
[2011/06/24 20:18:25 | 000,000,000 | ---D | M] -- C:\Users\Famille HANNI\AppData\Roaming\Real
[2011/12/16 19:28:08 | 000,000,000 | ---D | M] -- C:\Users\Famille HANNI\AppData\Roaming\Skype
[2011/07/03 07:46:29 | 000,000,000 | ---D | M] -- C:\Users\Famille HANNI\AppData\Roaming\skypePM
[2011/01/23 14:02:54 | 000,000,000 | ---D | M] -- C:\Users\Famille HANNI\AppData\Roaming\Teleca
[2010/12/29 12:58:09 | 000,000,000 | ---D | M] -- C:\Users\Famille HANNI\AppData\Roaming\TomTom
[2011/12/16 19:37:32 | 000,000,000 | ---D | M] -- C:\Users\Famille HANNI\AppData\Roaming\uTorrent
[2011/10/02 07:17:19 | 000,000,000 | ---D | M] -- C:\Users\Famille HANNI\AppData\Roaming\vlc
[2011/01/03 20:43:11 | 000,000,000 | ---D | M] -- C:\Users\Famille HANNI\AppData\Roaming\WinRAR

[color=#A23BEC]< %APPDATA%\*.exe /s >[/color]
[2011/01/23 14:03:43 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Famille HANNI\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2007/08/02 03:00:00 | 005,138,928 | ---- | M] (Macromedia, Inc.) -- C:\Users\Famille HANNI\AppData\Roaming\Micro Application\Le Généalogiste\Arbre3D.exe
[2007/08/02 03:00:00 | 000,188,416 | ---- | M] () -- C:\Users\Famille HANNI\AppData\Roaming\Micro Application\Le Généalogiste\HTML\h8html.exe
[2011/09/22 18:01:08 | 000,044,478 | R--- | M] () -- C:\Users\Famille HANNI\AppData\Roaming\Microsoft\Installer\{0BCFA46E-2276-471F-8CC0-AE2368B616FB}\AppIcon.exe
[2011/02/04 16:38:41 | 000,514,216 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Famille HANNI\AppData\Roaming\Real\RealPlayer\setup\AU_setup20101108.exe
[2011/08/14 09:25:40 | 000,574,080 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Famille HANNI\AppData\Roaming\Real\RealPlayer\setup\AU_setup20110526.exe
[2011/10/23 07:57:08 | 000,317,048 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Famille HANNI\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.00\rnupgagent.exe

[color=#A23BEC]< %temp%\*.exe /s >[/color]

[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
[2001/05/24 12:59:30 | 000,162,304 | ---- | M] () -- C:\UNWISE.EXE

[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]

[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]

[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]

[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]
[2011/01/03 11:34:49 | 000,691,696 | ---- | M] ()[b] Unable to obtain MD5[/b] -- C:\Windows\system32\drivers\sptd.sys

[color=#A23BEC]< %systemroot%\System32\config\*.sav >[/color]


[color=#A23BEC]< MD5 for: EXPLORER.EXE  >[/color]
[2011/02/26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2010/11/20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe

[color=#A23BEC]< MD5 for: WININIT.EXE  >[/color]
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

[color=#A23BEC]< MD5 for: WINLOGON.EXE  >[/color]
[2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe

[color=#A23BEC]< HKEY_LOCAL_MACHINE\SYSTEM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters /s >[/color]

[color=#A23BEC]< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems /s >[/color]
"Debug" =
"" = mnmsrvc
"Kmode" = \SystemRoot\System32\win32k.sys
"Optional" = Posix [binary data]
"Posix" = %SystemRoot%\system32\psxss.exe
"Required" = DebugWindows [binary data]
"Windows" = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\CSRSS]
"CsrSrvSharedSectionBase" = 2137980928

[color=#A23BEC]< nslookup http://www.google.fr /c >[/color]
Serveur :   UnKnown
Address:  192.168.0.254

[color=#A23BEC]< hklm\software\clients\startmenuinternet|command /rs >[/color]
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Famille HANNI\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2011/12/07 12:16:29 | 001,047,096 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Famille HANNI\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2011/12/07 12:16:29 | 001,047,096 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Famille HANNI\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/12/07 12:16:29 | 001,047,096 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Famille HANNI\AppData\Local\Google\Chrome\Application\chrome.exe" [2011/12/07 12:16:29 | 001,047,096 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/05/04 08:40:01 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/05/04 08:40:01 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/05/04 08:40:01 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/05/04 08:40:02 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/05/04 08:40:02 | 000,748,336 | ---- | M] (Microsoft Corporation)

[color=#A23BEC]< hklm\software\clients\startmenuinternet|command /64 /rs >[/color]
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Famille HANNI\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2011/12/07 12:16:29 | 001,047,096 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Famille HANNI\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2011/12/07 12:16:29 | 001,047,096 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Famille HANNI\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/12/07 12:16:29 | 001,047,096 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Famille HANNI\AppData\Local\Google\Chrome\Application\chrome.exe" [2011/12/07 12:16:29 | 001,047,096 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/05/04 08:40:01 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/05/04 08:40:01 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/05/04 08:40:01 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/05/04 08:40:02 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/05/04 08:40:02 | 000,748,336 | ---- | M] (Microsoft Corporation)

< End of report >
famillehanni
De passage
De passage
 
Messages: 4
Inscription: 15 Déc 2011 19:08

Re: Comment supprimer babylon search?

Messagede SkyTech » 16 Déc 2011 20:14

AdwCleaner ne supporte pas Google Chrome donc faut faire le nettoyage à la main...

Relance OTL.
o sous Personnalisation, copie_colle le contenu du cadre ci dessous et clic Correction, un rapport apparaitra suite à l’opération que tu conserveras sur clé usb par exemple afin d’en coller le résultat :

:OTL
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
CHR - default_search_provider: Search the web (Babylon) (Enabled)
CHR - default_search_provider: search_url = http://search.babylon.com/?q={searchTerms}&AF=100490&babsrc=SP_ss&mntrId=dc3041770000000000000019210a2c62
CHR - plugin: Google Update (Enabled) = C:\Users\Famille HANNI\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
O4 - HKLM..\Run: [] File not found
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
:commands
[purity]
[emptytemp]
[emptyflash]


* redémarre le pc sous windows et poste le rapport ici
Avatar de l’utilisateur
SkyTech
Super Modérateur
Super Modérateur
 
Messages: 1370
Inscription: 16 Sep 2011 19:40

Re: Comment supprimer babylon search?

Messagede famillehanni » 17 Déc 2011 8:36

Salut merci encore.

Voilà le rapport :


All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin\ deleted successfully.
C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll not found.
Unable to fix default_search_provider items.
Unable to fix default_search_provider items.
File C:\Users\Famille HANNI\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
C:\Windows\95FC26FB19FD4A96BBB1B1062E8648F5.TMP\WiseCustomCalla.dll deleted successfully.
C:\Windows\95FC26FB19FD4A96BBB1B1062E8648F5.TMP\WiseData.ini deleted successfully.
C:\Windows\95FC26FB19FD4A96BBB1B1062E8648F5.TMP folder deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56468 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Famille HANNI
->Temp folder emptied: 350298 bytes
->Temporary Internet Files folder emptied: 8625060 bytes
->Java cache emptied: 3992364 bytes
->Google Chrome cache emptied: 82654145 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 57740 bytes

User: Invité
->Temp folder emptied: 5966237 bytes
->Temporary Internet Files folder emptied: 238311596 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 59246 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9136154 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 333,00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Famille HANNI
->Flash cache emptied: 0 bytes

User: Invité
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 12172011_082339

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...
famillehanni
De passage
De passage
 
Messages: 4
Inscription: 15 Déc 2011 19:08

Re: Comment supprimer babylon search?

Messagede SkyTech » 17 Déc 2011 9:47

Bon OTL n'a pas corrigé /:

Relance OTL et clic sur purge outil.

Sauvegarder tes favoris : http://www.sauvegarde-donnees.com/2010/ ... hrome.html

Réinialise Google Chrome : http://www.commentcamarche.net/faq/2667 ... gle-chrome
Avatar de l’utilisateur
SkyTech
Super Modérateur
Super Modérateur
 
Messages: 1370
Inscription: 16 Sep 2011 19:40

Re: Comment supprimer babylon search?

Messagede famillehanni » 18 Déc 2011 9:45

Merci Beaucoup SkyTech, babylon a bien disparu...
Merci pour ton aide.
A plus.
famillehanni
De passage
De passage
 
Messages: 4
Inscription: 15 Déc 2011 19:08


Retourner vers Sécurité informatique

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 0 invités