Votre question
Fermé

Virus - Babylone Search ?

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
29 Avril 2011 20:57:46

Bonjour,

Je vous explique mon problème :
Tout à l'heure, on m'a appelé pour donner un coup de main sur un ordinateur et en ouvrant Firefox, je me suis retrouvé avec tout un tas de choses liées à "Babylone Search". J'ai réussi à enlever la toolbar et les options de recherches réglées ce sur "Babylone Search", du moins en apparence (pas sûr que tout soit disparu). Après une rapide recherche sur le web, je me suis laissé entendre que ce petit malin s'installe avec messenger plus et après vérification, une mise à jour de messenger plus a bien été faite ce matin sur l'ordinateur en question (Il est donc pas arrivé par hasard, c'est rassurant).

Bref, j'en ai profité pour lancer une analyse antivirus sur la machine et l'analyse a révélé un cheval de troie. En farfouillant un peu, apparement c'est lié à des add-on d'un célèbre MMORPG ^^ (la machine n'étant pas mienne, je ne sais pas les détails). Donc je suppose qu'il n'y a pas de lien avec "Babylone Search".

Donc ma question c'est : Est-ce que ce cheval de troie en cache un autre ou est-ce que la machine est saine ?
Et question subsidiaire : désinstaller la toolbar babylon search, ca suffit ? ^^


Voici le rapport d'antivir :

Avira AntiVir Personal
Date de création du fichier de rapport : vendredi 29 avril 2011 19:13

La recherche porte sur 2644027 souches de virus.

Le programme fonctionne en version intégrale illimitée.
Les services en ligne sont disponibles.

Détenteur de la licence : Avira AntiVir Personal - FREE Antivirus
Numéro de série : 0000149996-ADJIE-0000001
Plateforme : Windows XP
Version de Windows : (Service Pack 3) [5.1.2600]
Mode Boot : Démarré normalement
Identifiant : SYSTEM
Nom de l'ordinateur : MS-4C737A63C2ED

Informations de version :
BUILD.DAT : 10.0.0.135 31823 Bytes 18/04/2011 14:35:00
AVSCAN.EXE : 10.0.4.2 442024 Bytes 28/04/2011 09:30:15
AVSCAN.DLL : 10.0.3.0 56168 Bytes 17/08/2010 12:39:10
LUKE.DLL : 10.0.3.2 104296 Bytes 14/12/2010 08:04:36
LUKERES.DLL : 10.0.0.0 13672 Bytes 17/08/2010 12:39:11
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 15:04:43
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 18:15:32
VBASE002.VDF : 7.11.3.0 1950720 Bytes 09/02/2011 11:09:15
VBASE003.VDF : 7.11.5.225 1980416 Bytes 07/04/2011 11:40:58
VBASE004.VDF : 7.11.5.226 2048 Bytes 07/04/2011 11:40:58
VBASE005.VDF : 7.11.5.227 2048 Bytes 07/04/2011 11:40:58
VBASE006.VDF : 7.11.5.228 2048 Bytes 07/04/2011 11:40:58
VBASE007.VDF : 7.11.5.229 2048 Bytes 07/04/2011 11:40:58
VBASE008.VDF : 7.11.5.230 2048 Bytes 07/04/2011 11:40:58
VBASE009.VDF : 7.11.5.231 2048 Bytes 07/04/2011 11:40:58
VBASE010.VDF : 7.11.5.232 2048 Bytes 07/04/2011 11:40:58
VBASE011.VDF : 7.11.5.233 2048 Bytes 07/04/2011 11:40:59
VBASE012.VDF : 7.11.5.234 2048 Bytes 07/04/2011 11:40:59
VBASE013.VDF : 7.11.6.28 158208 Bytes 11/04/2011 10:02:33
VBASE014.VDF : 7.11.6.74 116224 Bytes 13/04/2011 10:02:34
VBASE015.VDF : 7.11.6.113 137728 Bytes 14/04/2011 10:02:34
VBASE016.VDF : 7.11.6.150 146944 Bytes 18/04/2011 12:56:11
VBASE017.VDF : 7.11.6.192 138240 Bytes 20/04/2011 11:50:10
VBASE018.VDF : 7.11.6.237 156160 Bytes 22/04/2011 09:32:59
VBASE019.VDF : 7.11.7.45 427520 Bytes 27/04/2011 09:30:15
VBASE020.VDF : 7.11.7.64 192000 Bytes 28/04/2011 12:55:15
VBASE021.VDF : 7.11.7.65 2048 Bytes 28/04/2011 12:55:15
VBASE022.VDF : 7.11.7.66 2048 Bytes 28/04/2011 12:55:15
VBASE023.VDF : 7.11.7.67 2048 Bytes 28/04/2011 12:55:15
VBASE024.VDF : 7.11.7.68 2048 Bytes 28/04/2011 12:55:15
VBASE025.VDF : 7.11.7.69 2048 Bytes 28/04/2011 12:55:16
VBASE026.VDF : 7.11.7.70 2048 Bytes 28/04/2011 12:55:16
VBASE027.VDF : 7.11.7.71 2048 Bytes 28/04/2011 12:55:16
VBASE028.VDF : 7.11.7.72 2048 Bytes 28/04/2011 12:55:16
VBASE029.VDF : 7.11.7.73 2048 Bytes 28/04/2011 12:55:16
VBASE030.VDF : 7.11.7.74 2048 Bytes 28/04/2011 12:55:16
VBASE031.VDF : 7.11.7.84 62464 Bytes 29/04/2011 12:55:18
Version du moteur : 8.2.4.224
AEVDF.DLL : 8.1.2.1 106868 Bytes 30/07/2010 17:34:28
AESCRIPT.DLL : 8.1.3.59 1261947 Bytes 23/04/2011 09:33:09
AESCN.DLL : 8.1.7.2 127349 Bytes 23/11/2010 09:18:00
AESBX.DLL : 8.1.3.2 254324 Bytes 23/11/2010 09:18:04
AERDL.DLL : 8.1.9.9 639347 Bytes 25/03/2011 12:55:42
AEPACK.DLL : 8.2.6.0 549237 Bytes 09/04/2011 11:41:10
AEOFFICE.DLL : 8.1.1.21 205179 Bytes 29/04/2011 12:56:25
AEHEUR.DLL : 8.1.2.112 3473784 Bytes 29/04/2011 12:56:20
AEHELP.DLL : 8.1.16.1 246134 Bytes 06/02/2011 08:53:11
AEGEN.DLL : 8.1.5.4 397684 Bytes 09/04/2011 11:41:03
AEEMU.DLL : 8.1.3.0 393589 Bytes 23/11/2010 09:17:46
AECORE.DLL : 8.1.20.2 196982 Bytes 09/04/2011 11:41:02
AEBB.DLL : 8.1.1.0 53618 Bytes 23/04/2010 17:52:27
AVWINLL.DLL : 10.0.0.0 19304 Bytes 17/08/2010 12:38:56
AVPREF.DLL : 10.0.0.0 44904 Bytes 17/08/2010 12:38:55
AVREP.DLL : 10.0.0.9 174120 Bytes 28/04/2011 09:30:15
AVREG.DLL : 10.0.3.2 53096 Bytes 17/08/2010 12:38:56
AVSCPLR.DLL : 10.0.4.2 84840 Bytes 28/04/2011 09:30:15
AVARKT.DLL : 10.0.22.6 231784 Bytes 14/12/2010 08:04:32
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 17/08/2010 12:38:55
SQLITE3.DLL : 3.6.19.0 355688 Bytes 17/06/2010 14:28:02
AVSMTP.DLL : 10.0.0.17 63848 Bytes 17/08/2010 12:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 17/06/2010 14:28:01
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 11/02/2010 00:23:03
RCTEXT.DLL : 10.0.58.0 99688 Bytes 17/08/2010 12:39:11

Configuration pour la recherche actuelle :
Nom de la tâche...............................: Contrôle intégral du système
Fichier de configuration......................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Documentation.................................: bas
Action principale.............................: interactif
Action secondaire.............................: ignorer
Recherche sur les secteurs d'amorçage maître..: marche
Recherche sur les secteurs d'amorçage.........: marche
Secteurs d'amorçage...........................: C:, D:, E:, F:,
Recherche dans les programmes actifs..........: marche
Programmes en cours étendus...................: marche
Recherche en cours sur l'enregistrement.......: marche
Recherche de Rootkits.........................: marche
Contrôle d'intégrité de fichiers système......: arrêt
Fichier mode de recherche.....................: Tous les fichiers
Recherche sur les archives....................: marche
Limiter la profondeur de récursivité..........: 20
Archive Smart Extensions......................: marche
Heuristique de macrovirus.....................: marche
Heuristique fichier...........................: moyen

Début de la recherche : vendredi 29 avril 2011 19:13

La recherche d'objets cachés commence.

La recherche sur les processus démarrés commence :
Processus de recherche 'msdtc.exe' - '40' module(s) sont contrôlés
Processus de recherche 'dllhost.exe' - '60' module(s) sont contrôlés
Processus de recherche 'dllhost.exe' - '45' module(s) sont contrôlés
Processus de recherche 'vssvc.exe' - '48' module(s) sont contrôlés
Processus de recherche 'avscan.exe' - '67' module(s) sont contrôlés
Processus de recherche 'avcenter.exe' - '63' module(s) sont contrôlés
Processus de recherche 'CCleaner.exe' - '44' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '34' module(s) sont contrôlés
Processus de recherche 'alg.exe' - '33' module(s) sont contrôlés
Processus de recherche 'wanmpsvc.exe' - '23' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '39' module(s) sont contrôlés
Processus de recherche 'SupServ.exe' - '15' module(s) sont contrôlés
Processus de recherche 'jqs.exe' - '82' module(s) sont contrôlés
Processus de recherche 'avshadow.exe' - '26' module(s) sont contrôlés
Processus de recherche 'EmmaUpdateMgmt.exe' - '14' module(s) sont contrôlés
Processus de recherche 'EmmaDeviceMgmt.exe' - '22' module(s) sont contrôlés
Processus de recherche 'AOLacsd.exe' - '43' module(s) sont contrôlés
Processus de recherche 'OLFSNT40.EXE' - '14' module(s) sont contrôlés
Processus de recherche 'ScnPanel.exe' - '32' module(s) sont contrôlés
Processus de recherche 'GoogleToolbarNotifier.exe' - '55' module(s) sont contrôlés
Processus de recherche 'msmsgs.exe' - '43' module(s) sont contrôlés
Processus de recherche 'MsnMsgr.Exe' - '112' module(s) sont contrôlés
Processus de recherche 'ctfmon.exe' - '25' module(s) sont contrôlés
Processus de recherche 'avguard.exe' - '54' module(s) sont contrôlés
Processus de recherche 'jusched.exe' - '21' module(s) sont contrôlés
Processus de recherche 'avgnt.exe' - '45' module(s) sont contrôlés
Processus de recherche 'AOLSoftware.exe' - '62' module(s) sont contrôlés
Processus de recherche 'QTTask.exe' - '19' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '34' module(s) sont contrôlés
Processus de recherche 'sched.exe' - '46' module(s) sont contrôlés
Processus de recherche 'spoolsv.exe' - '57' module(s) sont contrôlés
Processus de recherche 'Explorer.EXE' - '118' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '40' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '32' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '30' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '169' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '38' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '53' module(s) sont contrôlés
Processus de recherche 'lsass.exe' - '58' module(s) sont contrôlés
Processus de recherche 'services.exe' - '36' module(s) sont contrôlés
Processus de recherche 'winlogon.exe' - '71' module(s) sont contrôlés
Processus de recherche 'csrss.exe' - '12' module(s) sont contrôlés
Processus de recherche 'smss.exe' - '2' module(s) sont contrôlés

La recherche sur les secteurs d'amorçage maître commence :
Secteur d'amorçage maître HD0
[INFO] Aucun virus trouvé !

La recherche sur les secteurs d'amorçage commence :
Secteur d'amorçage 'C:\'
[INFO] Aucun virus trouvé !
Secteur d'amorçage 'D:\'
[INFO] Aucun virus trouvé !
Secteur d'amorçage 'E:\'
[INFO] Aucun virus trouvé !
Secteur d'amorçage 'F:\'
[INFO] Aucun virus trouvé !

La recherche sur les renvois aux fichiers exécutables (registre) commence :
Le registre a été contrôlé ( '1708' fichiers).


La recherche sur les fichiers sélectionnés commence :

Recherche débutant dans 'C:\'
Recherche débutant dans 'D:\'
Recherche débutant dans 'E:\'
E:\Launcher.exe
[RESULTAT] Contient le cheval de Troie TR/Spy.Delf.kpv
Recherche débutant dans 'F:\'

Début de la désinfection :
E:\Launcher.exe
[RESULTAT] Contient le cheval de Troie TR/Spy.Delf.kpv
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4c61a2c0.qua' !


Fin de la recherche : vendredi 29 avril 2011 20:39
Temps nécessaire: 1:25:10 Heure(s)

La recherche a été effectuée intégralement

11745 Les répertoires ont été contrôlés
1009488 Des fichiers ont été contrôlés
1 Des virus ou programmes indésirables ont été trouvés
0 Des fichiers ont été classés comme suspects
0 Des fichiers ont été supprimés
0 Des virus ou programmes indésirables ont été réparés
1 Les fichiers ont été déplacés dans la quarantaine
0 Les fichiers ont été renommés
0 Impossible de scanner des fichiers
1009487 Fichiers non infectés
12367 Les archives ont été contrôlées
0 Avertissements
1 Consignes
356557 Des objets ont été contrôlés lors du Rootkitscan
0 Des objets cachés ont été trouvés

Merci de votre attention :) 

Autres pages sur : virus babylone search

a c 623 8 Sécurité
30 Avril 2011 10:31:49

Bonjour,

Oui babylone est plutôt lié à des sponsors.

La détection d'antivir ressemble plu à un FP, mais cela peut dépendre :
- Si c'est un cd original du jeu, c'est un Faux Positif
- Si c'est un cd gravé issue du p2p ou autre, on peut avoir des doutes.

Pour enlever les dernières traces de babylone :

Télécharge OTL (de Old Timer) sur ton bureau.
  • Ferme toutes tes fenêtres, puis double clique sur OTL.exe pour le lancer.
    (Utilisateur de Vista/Windows 7 faites un clic droit -> "Exécuter en tant qu'administrateur")
  • Coche en haut la case devant "Tous les utilisateurs"
  • Sous Personnalisation, copie-colle l'ensemble du texte ci-dessous, laisse les autres options par défaut.
    netsvcs
    msconfig
    drivers32
    activex
    %SYSTEMDRIVE%\*.exe
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    CREATERESTOREPOINT

  • Clique sur le bouton Analyse en haut à gauche puis patiente quelques instants.
  • A la fin du scan, deux rapports s'ouvriront OTL.Txt et Extras.Txt. Copie/colle ici l'ensemble des rapports.
    PS : Les rapports sont aussi enregistrés sur le bureau

    Pour les rapports, merci d'utiliser ce service de rapport en ligne : dépose le fichier via "parcourir" et poste simplement le lien obtenu.
    Contenus similaires
    a c 623 8 Sécurité
    30 Avril 2011 15:27:32

    Re,

    Tu as vu pour çà ?
    Citation :
    La détection d'antivir ressemble plu à un FP, mais cela peut dépendre :
    - Si c'est un cd original du jeu, c'est un Faux Positif
    - Si c'est un cd gravé issue du p2p ou autre, on peut avoir des doutes.



    Pour le ménage de babylon :

    Programmes à désinstaller (via ajout/suppression des programmes, si présent) :
    - Java(TM) 6 Update 16
    - Java(TM) 6 Update 2
    - Java(TM) 6 Update 3
    - Java(TM) 6 Update 5
    - Java(TM) 6 Update 6
    - Java(TM) 6 Update 7
    - Java(TM) SE Development Kit 6 Update 6 (toutes des anciennes versions inutile vu que tu as la plus récente)
    - "AOL Toolbar 4.0" (sauf réelle utilité)
    - Viewpoint Media Player (sauf réelle utilité, installé par AOL, réputation moyenne niveau confiance)


    Relance OTL.exe
    (Utilisateur de Vista/Windows 7 faites un clic droit -> "Exécuter en tant qu'administrateur")

  • Copie/colle ce qui suit dans le cadre Personnalisation en bas à gauche.
    :OTL
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=f42fc8da000000000000000ea6891742&tlver=1.4.19.19&affID=17159
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    [2010/07/10 14:26:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/09/07 13:40:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/11/07 16:25:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2011/02/04 19:38:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    [2011/04/29 14:55:04 | 000,002,423 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
    O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Reg Error: Key error.)
    [2011/04/29 18:58:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\moi\Application Data\BabylonToolbar
    [2011/04/29 14:54:41 | 000,000,000 | ---D | C] -- C:\Program Files\Yuna Software
    [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "D:\Program Files\Java\jdk1.6.0_06\bin\java.exe"=-
    "C:\Documents and Settings\moi\Local Settings\Temp\Update_44a5.exe"=-

    :Commands
    [emptytemp]
    [emptyflash]


  • Puis clique sur le bouton Correction en haut à gauche
  • Si le pc demande à redémarrer accepte.
  • Poste le rapport de suppression.
    30 Avril 2011 16:32:04

    Re,

    Voilà le rapport d'OTL : http://www.cijoint.fr/cjlink.php?file=cj201104/cij5PmzS...

    Pour le Faux positif ou non, je n'ai pas pu demander à la personne où elle avait pris ça mais en fouillant un peu, apparement c'est une archive qui a été téléchargé quelque part sur le net...

    Voilà, merci de la rapidité ^^
    a c 623 8 Sécurité
    30 Avril 2011 22:49:22

    Re,

    Si sorti du net alors il faut prendre les précautions nécessaire ... et le doute est possible !

    Pour le reste, c'est ok, par contre, oui c'était bien lié à msn plus live, et il est possible qu'après le nettoyage qu'on vient d'effectuer le plugin ne fonctionne plus.
    Dans ce cas, il faudra le désinstaller, puis le réinstaller sans le sponsor !

    Relance OTL.exe
    (Utilisateur de Vista/Windows 7 faites un clic droit -> "Exécuter en tant qu'administrateur")

  • Clique sur "Purge d'outils"
  • Valide l'avertissement par "ok" et laisse le pc redémarrer.



    Pour aller plus loin dans ta protection et éviter de te faire réinfecter voici quelques conseils supplémentaires :


  • Attention lors de l'installation de logiciel :
    Veiller à toujours lire les conditions d'utilisation (CLUF), afin de déceler la gestion des données personnelles, l'installation de sponsors publicitaires ou tout autre atteintes à la vie privée. Refuser les toolbars et autres addons proposés.

  • Maintenir ses logiciels et son système à jour :
    De nombreuses infections sont dû à des failles de windows, mais aussi de logiciel tiers, comme Sun Java, Adobe Acrobat Reader, etc
    Tu peux faire un scan de vulnérabilité pour connaitre tes logiciels présentant des failles non corrigées ou à mettre à jour.

    Enfin, le plus important reste ton comportement sur ton PC, tu restes la plus importante protection : Évites les comportement à risque : P2P, cracks, téléchargements et installations douteux via des pubs, les messageries instantanées, ou des sites inconnu, sites pornographiques.
    A lire !


    [:_tom_:7]
    19 Octobre 2011 23:39:42

    hyunkel30 a dit :
    Re,

    Si sorti du net alors il faut prendre les précautions nécessaire ... et le doute est possible !

    Pour le reste, c'est ok, par contre, oui c'était bien lié à msn plus live, et il est possible qu'après le nettoyage qu'on vient d'effectuer le plugin ne fonctionne plus.
    Dans ce cas, il faudra le désinstaller, puis le réinstaller sans le sponsor !

    Relance OTL.exe
    (Utilisateur de Vista/Windows 7 faites un clic droit -> "Exécuter en tant qu'administrateur")

  • Clique sur "Purge d'outils"
  • Valide l'avertissement par "ok" et laisse le pc redémarrer.



    Pour aller plus loin dans ta protection et éviter de te faire réinfecter voici quelques conseils supplémentaires :


  • Attention lors de l'installation de logiciel :
    Veiller à toujours lire les conditions d'utilisation (CLUF), afin de déceler la gestion des données personnelles, l'installation de sponsors publicitaires ou tout autre atteintes à la vie privée. Refuser les toolbars et autres addons proposés.

  • Maintenir ses logiciels et son système à jour :
    De nombreuses infections sont dû à des failles de windows, mais aussi de logiciel tiers, comme Sun Java, Adobe Acrobat Reader, etc
    Tu peux faire un scan de vulnérabilité pour connaitre tes logiciels présentant des failles non corrigées ou à mettre à jour.

    Enfin, le plus important reste ton comportement sur ton PC, tu restes la plus importante protection : Évites les comportement à risque : P2P, cracks, téléchargements et installations douteux via des pubs, les messageries instantanées, ou des sites inconnu, sites pornographiques.
    A lire !


    [:_tom_:7]


  • Bonjour j'ai le meme souci avec babylon pouvez vous m'aider svp
    voila les rapport : OTL : http://www.cijoint.fr/cjlink.php?file=cj201110/cijQbVMI...
    Extras : http://www.cijoint.fr/cjlink.php?file=cj201110/cijP6k3c...

    Merci
    20 Novembre 2011 19:13:28

    Bonjour j ai moi aussi le même problème

    Pourriez vous m'aider s'il vous plait

    voici 2 rapports : OTL et OTL extras



    OTL logfile created on: 20/11/2011 18:52:51 - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\biggy\Downloads
    Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

    2,00 Gb Total Physical Memory | 1,24 Gb Available Physical Memory | 61,99% Memory free
    4,00 Gb Paging File | 2,80 Gb Available in Paging File | 70,04% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 74,52 Gb Total Space | 9,80 Gb Free Space | 13,15% Space Free | Partition Type: NTFS
    Drive E: | 73,06 Gb Total Space | 4,40 Gb Free Space | 6,03% Space Free | Partition Type: NTFS

    Computer Name: BIGGY-PC | User Name: biggy | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/11/20 18:35:59 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\biggy\Downloads\OTL.exe
    PRC - [2011/08/30 16:48:25 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    PRC - [2011/07/12 10:54:41 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
    PRC - [2011/06/24 05:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
    PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2011/02/18 10:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    PRC - [2010/11/20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2010/08/17 13:38:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    PRC - [2010/06/10 09:16:26 | 000,226,576 | ---- | M] (PCTV Systems S.à r.l.) -- C:\Program Files\Common Files\PCTV Systems\RemoTerm\remoterm.exe
    PRC - [2010/01/14 22:11:14 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    PRC - [2009/09/21 14:55:12 | 000,858,384 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    PRC - [2009/09/21 14:31:36 | 000,473,360 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    PRC - [2008/06/20 06:14:00 | 000,200,704 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynToshiba.exe
    PRC - [2007/02/13 09:30:24 | 000,405,504 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
    PRC - [2007/02/12 23:44:26 | 004,411,392 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
    PRC - [2006/11/06 11:36:30 | 000,021,504 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\upeksvr.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2010/06/10 09:16:32 | 000,032,016 | ---- | M] () -- C:\Program Files\Common Files\PCTV Systems\RemoTerm\HidInputFilter.dll
    MOD - [2009/12/12 15:12:03 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\rarext.dll
    MOD - [2007/02/12 23:44:26 | 004,411,392 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe


    ========== Win32 Services (SafeList) ==========

    SRV - [2011/08/30 16:48:25 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2011/07/12 10:54:41 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2010/12/04 12:25:54 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2010/11/20 13:21:36 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
    SRV - [2009/12/17 19:00:28 | 000,243,056 | ---- | M] (CybelSoft) [On_Demand | Stopped] -- C:\Program Files\ma-config.com\maconfservice.exe -- (maconfservice)
    SRV - [2009/09/21 14:55:12 | 000,858,384 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
    SRV - [2009/09/21 14:31:36 | 000,473,360 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
    SRV - [2009/07/14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
    SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
    SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
    SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/08/30 16:48:26 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
    DRV - [2011/08/30 16:48:26 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
    DRV - [2010/11/20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
    DRV - [2010/11/20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
    DRV - [2010/11/20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
    DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV - [2010/11/20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
    DRV - [2010/11/20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
    DRV - [2010/11/20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
    DRV - [2010/06/17 15:28:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
    DRV - [2010/04/23 12:23:12 | 000,859,648 | ---- | M] (DiBcom SA) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mod7700.sys -- (mod7700)
    DRV - [2010/01/14 11:51:16 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
    DRV - [2009/12/18 10:23:14 | 000,014,336 | ---- | M] (CybelSoft) [Kernel | On_Demand | Stopped] -- C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys -- (driverhardwarev2)
    DRV - [2009/09/15 11:34:14 | 006,000,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (netw5v32) Pilote de carte Intel(R)
    DRV - [2009/08/24 09:14:30 | 000,044,544 | ---- | M] (AzureWave Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\azvusb.sys -- (azvusb)
    DRV - [2009/07/14 01:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
    DRV - [2009/07/13 23:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2009/03/06 11:52:00 | 007,545,088 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2009/02/13 11:34:33 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
    DRV - [2007/11/09 05:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
    DRV - [2007/10/19 12:22:02 | 000,013,824 | ---- | M] (DiBcom S.A.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\modrc.sys -- (MODRC)
    DRV - [2007/01/26 17:13:40 | 000,017,712 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
    DRV - [2006/07/06 12:44:00 | 000,168,448 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========



    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-354180628-3701239105-950062051-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKU\S-1-5-21-354180628-3701239105-950062051-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 31 4A 23 E1 83 94 CA 01 [binary data]
    IE - HKU\S-1-5-21-354180628-3701239105-950062051-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-354180628-3701239105-950062051-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
    FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
    FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
    FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?AF=100476&babsrc=HP_ss&mntrI..."
    FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:4.0
    FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
    FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
    FF - prefs.js..keyword.URL: "http://search.babylon.com/?AF=100476&babsrc=adbartrp&mn..."


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@ma-config.com/HardwareDetection: C:\Program Files\ma-config.com\nphardwaredetection.dll (Cybelsoft)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll File not found
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\biggy\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\biggy\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\biggy\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/03 10:44:45 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/03 10:44:44 | 000,000,000 | ---D | M]

    [2010/01/13 20:11:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\biggy\AppData\Roaming\mozilla\Extensions
    [2011/11/20 15:18:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\biggy\AppData\Roaming\mozilla\Firefox\Profiles\kbsxo3w8.default\extensions
    [2011/11/05 03:53:52 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\biggy\AppData\Roaming\mozilla\Firefox\Profiles\kbsxo3w8.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2011/11/20 17:50:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\biggy\AppData\Roaming\mozilla\Firefox\Profiles\kbsxo3w8.default\extensions\ffxtlbr@babylon.com
    [2010/04/13 12:45:16 | 000,000,000 | ---D | M] (Illimitux) -- C:\Users\biggy\AppData\Roaming\mozilla\Firefox\Profiles\kbsxo3w8.default\extensions\illimitux@illimitux.net
    [2011/11/20 15:18:44 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\biggy\AppData\Roaming\mozilla\Firefox\Profiles\kbsxo3w8.default\extensions\plugin@yontoo.com
    [2010/01/14 11:51:40 | 000,002,059 | ---- | M] () -- C:\Users\biggy\AppData\Roaming\Mozilla\Firefox\Profiles\kbsxo3w8.default\searchplugins\daemon-search.xml
    [2011/10/21 10:10:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
    [2010/06/21 15:50:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/10/03 21:14:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/10/23 12:06:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2011/09/15 09:17:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
    [2011/10/21 10:10:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
    [2011/10/02 16:45:52 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2011/06/09 10:55:03 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
    [2011/11/20 15:18:18 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
    [2011/06/09 10:55:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2011/06/09 10:55:03 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
    [2011/06/09 10:55:03 | 000,001,154 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
    [2011/06/09 10:55:03 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
    [2011/06/09 10:55:03 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

    ========== Chrome ==========

    CHR - default_search_provider: Search the web (Babylon) (Enabled)
    CHR - default_search_provider: search_url = http://search.babylon.com/?q={searchTerms}&AF=100476&babsrc=SP_ss&mntrId=b882fdfa0000000000000019d2d410b7
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\biggy\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U27 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
    CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
    CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
    CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\biggy\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\biggy\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll
    CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
    CHR - plugin: DivX OVS Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
    CHR - plugin: Ma-Config.com plugin (Enabled) = C:\Program Files\ma-config.com\nphardwaredetection.dll
    CHR - plugin: Google Update (Enabled) = C:\Users\biggy\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll
    CHR - plugin: Facebook Plugin (Enabled) = C:\Users\biggy\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: Angry Birds = C:\Users\biggy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
    CHR - Extension: AT_JamesWhite = C:\Users\biggy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkeidgmehkdjmpjodpjkepolokanalkm\3_0\
    CHR - Extension: YouTube = C:\Users\biggy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
    CHR - Extension: Capture de Page Web - Webpage Screenshot = C:\Users\biggy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki\5.4.3_0\
    CHR - Extension: Monster Dash = C:\Users\biggy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknghehebaconkajgiobncfleofebcog\2.2_0\
    CHR - Extension: Ultime voiture Street Racer = C:\Users\biggy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkhlplfgnlmpppihiigcpbgehohljaam\1.0_0\
    CHR - Extension: Apple Shooter = C:\Users\biggy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ingecjekeggadjbbklelffkgeppklgnm\2.1_0\
    CHR - Extension: FastestChrome - Browse Faster = C:\Users\biggy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\5.7.8_0\
    CHR - Extension: WGT Golf Game = C:\Users\biggy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpedbpkelbhcbkdaglillalioeeekbpb\32.1.0_0\
    CHR - Extension: Tennis 3D = C:\Users\biggy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjpokfkdchapbkfpkmeiebmlfafbljla\2.3_0\

    O1 HOSTS File: ([2011/11/20 15:59:55 | 000,001,106 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 genuine.microsoft.com
    O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
    O1 - Hosts: 127.0.0.1 sa.windows.com
    O1 - Hosts: 127.0.0.1 se.windows.com
    O1 - Hosts: 127.0.0.1 ie.search.msn.com
    O1 - Hosts: 127.0.0.1 wustat.windows.com
    O1 - Hosts: 127.0.0.1 wutrack.windows.com
    O1 - Hosts: 127.0.0.1 catalog.microsoft.com
    O1 - Hosts: 127.0.0.1 sls.microsoft.com
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
    O4 - HKLM..\Run: [DivX Download Manager] "C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe" start File not found
    O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
    O4 - HKU\S-1-5-21-354180628-3701239105-950062051-1000..\Run: [RemoTerm.exe] C:\Program Files\Common Files\PCTV Systems\RemoTerm\RemoTerm.exe (PCTV Systems S.à r.l.)
    O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableCAD = 1
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-wind... (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-wind... (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-wind... (Java Plug-in 1.6.0_29)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.188.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4BBBF610-E6AC-43DA-9DEF-7A5EC0B14B41}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DDDFD3D8-BE05-4527-A328-0352856BE84C}: DhcpNameServer = 10.188.0.1
    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
    O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) -vrlogon.dll (UPEK Inc.)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - Winlogon\Notify\psfus: DllName - (C:\Windows\system32\psqlpwd.dll) - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O29 - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O33 - MountPoints2\{96064554-00fc-11df-b573-0016d4f51b66}\Shell - "" = AutoRun
    O33 - MountPoints2\{96064554-00fc-11df-b573-0016d4f51b66}\Shell\AutoRun\command - "" = G:\SETUP.EXE
    O33 - MountPoints2\{96064554-00fc-11df-b573-0016d4f51b66}\Shell\configure\command - "" = G:\SETUP.EXE
    O33 - MountPoints2\{96064554-00fc-11df-b573-0016d4f51b66}\Shell\install\command - "" = G:\SETUP.EXE
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
    MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found
    MsConfig - StartUpReg: Camera Assistant Software - hkey= - key= - C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
    MsConfig - StartUpReg: DivXUpdate - hkey= - key= - File not found
    MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
    MsConfig - StartUpReg: PSQLLauncher - hkey= - key= - C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)
    MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
    MsConfig - StartUpReg: SmartFaceVWatcher - hkey= - key= - File not found
    MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
    MsConfig - State: "startup" - 2

    Drivers32: aux - wdmaud.drv (Microsoft Corporation)
    Drivers32: midi - wdmaud.drv (Microsoft Corporation)
    Drivers32: midimapper - midimap.dll (Microsoft Corporation)
    Drivers32: mixer - wdmaud.drv (Microsoft Corporation)
    Drivers32: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
    Drivers32: msacm.msg711 - msg711.acm (Microsoft Corporation)
    Drivers32: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
    Drivers32: msacm.siren - sirenacm.dll (Microsoft Corporation)
    Drivers32: MSVideo8 - VfWWDM32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - iccvid.dll (Radius Inc.)
    Drivers32: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
    Drivers32: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation)
    Drivers32: vidc.mrle - msrle32.dll (Microsoft Corporation)
    Drivers32: vidc.msvc - msvidc32.dll (Microsoft Corporation)
    Drivers32: VIDC.UYVY - msyuv.dll (Microsoft Corporation)
    Drivers32: VIDC.YUY2 - msyuv.dll (Microsoft Corporation)
    Drivers32: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation)
    Drivers32: VIDC.YVYU - msyuv.dll (Microsoft Corporation)
    Drivers32: wave - wdmaud.drv (Microsoft Corporation)
    Drivers32: wavemapper - msacm32.drv (Microsoft Corporation)

    ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
    ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\Microsoft
    ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
    ActiveX: {35E2D378-85BF-A0AB-0BBF-5642279AA097} - Microsoft Windows Media Player
    ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
    ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
    ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
    ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
    ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
    ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
    ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
    ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
    ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\System32\Microsoft
    ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
    ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
    ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
    ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
    ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
    ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - .NET Framework
    ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
    ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
    ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
    ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
    ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
    ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/11/20 18:31:35 | 000,000,000 | ---D | C] -- C:\Users\biggy\AppData\Roaming\Malwarebytes
    [2011/11/20 18:31:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/11/20 18:31:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011/11/20 18:31:14 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2011/11/20 18:31:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/11/20 15:54:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
    [2011/11/20 15:54:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2011/11/20 15:54:09 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
    [2011/11/20 15:46:54 | 000,000,000 | ---D | C] -- C:\Users\biggy\AppData\Roaming\AccurateRip
    [2011/11/20 15:46:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\dBpoweramp Music Converter
    [2011/11/20 15:46:40 | 000,000,000 | ---D | C] -- C:\Program Files\Illustrate
    [2011/11/20 15:18:41 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo Layers Runtime
    [2011/11/20 15:18:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
    [2011/11/20 15:18:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
    [2011/11/20 15:18:09 | 000,000,000 | ---D | C] -- C:\Users\biggy\AppData\Roaming\Babylon
    [2011/11/17 20:31:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2011/11/17 20:30:21 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2011/11/17 20:30:20 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2011/11/09 17:05:57 | 002,341,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
    [2011/11/07 12:51:41 | 000,000,000 | ---D | C] -- C:\Users\biggy\Desktop\Dexter - Saison 5
    [2011/11/03 11:13:02 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
    [2011/11/03 11:13:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
    [2011/11/03 11:11:56 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2011/11/03 11:11:02 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
    [2011/11/03 10:44:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
    [2011/11/03 10:44:17 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
    [2011/11/03 10:44:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
    [2011/10/24 14:29:02 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx
    [2011/10/24 14:29:02 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts

    ========== Files - Modified Within 30 Days ==========

    [2011/11/20 18:31:21 | 000,001,072 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/11/20 18:08:46 | 000,368,330 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
    [2011/11/20 18:08:46 | 000,304,394 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011/11/20 18:08:46 | 000,045,934 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
    [2011/11/20 18:08:46 | 000,038,458 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011/11/20 18:06:11 | 000,001,078 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-354180628-3701239105-950062051-1000UA.job
    [2011/11/20 17:55:13 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
    [2011/11/20 17:06:00 | 000,001,026 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-354180628-3701239105-950062051-1000Core.job
    [2011/11/20 15:59:55 | 000,001,106 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2011/11/20 15:54:24 | 000,001,245 | ---- | M] () -- C:\Users\biggy\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
    [2011/11/20 15:54:24 | 000,001,221 | ---- | M] () -- C:\Users\biggy\Desktop\Spybot - Search & Destroy.lnk
    [2011/11/20 15:46:53 | 000,017,680 | ---- | M] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp Music Converter.dat
    [2011/11/20 15:46:19 | 000,033,846 | ---- | M] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp Music Converter.bmp
    [2011/11/20 15:46:02 | 006,908,648 | ---- | M] () -- C:\Windows\System32\SpoonUninstall.exe
    [2011/11/20 15:21:07 | 000,001,188 | ---- | M] () -- C:\Users\biggy\Desktop\Téléchargements - Raccourci.lnk
    [2011/11/20 15:18:16 | 000,002,477 | ---- | M] () -- C:\Users\Public\Desktop\Babylon.lnk
    [2011/11/20 12:58:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/11/20 12:58:10 | 1609,129,984 | -HS- | M] () -- C:\hiberfil.sys
    [2011/11/20 03:04:33 | 000,029,808 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/11/20 03:04:32 | 000,029,808 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/11/20 02:37:43 | 006,912,425 | ---- | M] () -- C:\Users\biggy\Desktop\Steve Jobs Walter Isaacson.pdf
    [2011/11/17 20:31:36 | 000,001,758 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2011/11/10 14:27:10 | 000,076,745 | ---- | M] () -- C:\Users\biggy\Desktop\19157118034e4bc76470123_l-barbecue-caddie.jpg
    [2011/11/10 14:24:42 | 000,058,766 | ---- | M] () -- C:\Users\biggy\Desktop\8886764764e4ee671dbbfe_609.jpg
    [2011/11/10 14:13:56 | 000,022,954 | ---- | M] () -- C:\Users\biggy\Desktop\Regardez-le-pts-rouge-10s-3492.htm
    [2011/11/10 13:29:31 | 000,410,080 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2011/11/07 15:40:32 | 015,800,024 | ---- | M] () -- C:\Users\biggy\Desktop\Mister You - Freestyle Planete Rap Skyrock (04_11_2011).mp4
    [2011/11/07 15:35:16 | 007,782,832 | ---- | M] () -- C:\Users\biggy\Desktop\Mister You - J_regarde en l_air (Officiel + Paroles).mp4
    [2011/11/05 02:17:10 | 089,104,539 | ---- | M] () -- C:\Users\biggy\Desktop\Willow Smith - Whip My Hair.mp4
    [2011/10/24 20:42:37 | 011,202,179 | ---- | M] () -- C:\Users\biggy\Desktop\Godspeed You_ Black Emperor - Storm_ Lift Yr. Skinny Fists, .mp4
    [2011/10/24 14:29:02 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx
    [2011/10/24 14:29:02 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts

    ========== Files Created - No Company Name ==========

    [2011/11/20 18:31:21 | 000,001,072 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/11/20 15:54:24 | 000,001,245 | ---- | C] () -- C:\Users\biggy\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
    [2011/11/20 15:54:24 | 000,001,221 | ---- | C] () -- C:\Users\biggy\Desktop\Spybot - Search & Destroy.lnk
    [2011/11/20 15:46:53 | 006,908,648 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe
    [2011/11/20 15:46:53 | 000,033,846 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp Music Converter.bmp
    [2011/11/20 15:46:53 | 000,017,680 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp Music Converter.dat
    [2011/11/20 15:21:07 | 000,001,188 | ---- | C] () -- C:\Users\biggy\Desktop\Téléchargements - Raccourci.lnk
    [2011/11/20 15:18:16 | 000,002,477 | ---- | C] () -- C:\Users\Public\Desktop\Babylon.lnk
    [2011/11/20 02:37:26 | 006,912,425 | ---- | C] () -- C:\Users\biggy\Desktop\Steve Jobs Walter Isaacson.pdf
    [2011/11/17 20:31:36 | 000,001,758 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2011/11/16 00:30:36 | 000,050,939 | ---- | C] () -- C:\Users\biggy\Desktop\Dexter - 6x01 - Those Kinds of Things.DVDSCR.3LTON.fr.srt
    [2011/11/10 14:27:12 | 000,076,745 | ---- | C] () -- C:\Users\biggy\Desktop\19157118034e4bc76470123_l-barbecue-caddie.jpg
    [2011/11/10 14:24:44 | 000,058,766 | ---- | C] () -- C:\Users\biggy\Desktop\8886764764e4ee671dbbfe_609.jpg
    [2011/11/10 14:14:09 | 000,022,954 | ---- | C] () -- C:\Users\biggy\Desktop\Regardez-le-pts-rouge-10s-3492.htm
    [2011/11/07 15:39:08 | 015,800,024 | ---- | C] () -- C:\Users\biggy\Desktop\Mister You - Freestyle Planete Rap Skyrock (04_11_2011).mp4
    [2011/11/07 15:34:38 | 007,782,832 | ---- | C] () -- C:\Users\biggy\Desktop\Mister You - J_regarde en l_air (Officiel + Paroles).mp4
    [2011/11/05 02:13:03 | 089,104,539 | ---- | C] () -- C:\Users\biggy\Desktop\Willow Smith - Whip My Hair.mp4
    [2011/10/24 20:34:34 | 011,202,179 | ---- | C] () -- C:\Users\biggy\Desktop\Godspeed You_ Black Emperor - Storm_ Lift Yr. Skinny Fists, .mp4
    [2011/06/10 05:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
    [2011/06/08 10:44:50 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
    [2011/01/23 23:23:26 | 000,007,619 | ---- | C] () -- C:\Users\biggy\AppData\Local\Resmon.ResmonCfg
    [2010/06/09 22:44:11 | 000,029,696 | ---- | C] () -- C:\Users\biggy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/03/22 11:46:38 | 000,135,168 | ---- | C] () -- C:\Windows\System32\usn0.dll
    [2010/03/22 11:46:38 | 000,045,056 | ---- | C] () -- C:\Windows\System32\_isusr2k.dll
    [2010/03/22 11:46:38 | 000,000,186 | ---- | C] () -- C:\Windows\System32\Usn0Msg.dat
    [2010/03/22 11:46:31 | 000,000,397 | ---- | C] () -- C:\Windows\System32\SCN2PM.DAT
    [2010/02/11 12:29:20 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
    [2010/02/07 21:23:32 | 000,000,000 | ---- | C] () -- C:\Users\biggy\AppData\Local\prvlcl.dat
    [2010/01/18 13:42:06 | 000,034,666 | ---- | C] () -- C:\Windows\Irremote.ini
    [2009/11/25 00:41:37 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
    [2009/07/14 09:39:49 | 000,368,330 | ---- | C] () -- C:\Windows\System32\perfh00C.dat
    [2009/07/14 09:39:49 | 000,344,522 | ---- | C] () -- C:\Windows\System32\perfi00C.dat
    [2009/07/14 09:39:49 | 000,045,934 | ---- | C] () -- C:\Windows\System32\perfc00C.dat
    [2009/07/14 09:39:49 | 000,038,160 | ---- | C] () -- C:\Windows\System32\perfd00C.dat
    [2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2009/07/14 05:33:53 | 000,410,080 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2009/07/14 03:05:48 | 000,304,394 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2009/07/14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2009/07/14 03:05:48 | 000,038,458 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2009/07/14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2009/07/14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2009/07/14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
    [2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
    [2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
    [2007/08/23 17:55:34 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll

    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.exe >

    < %ALLUSERSPROFILE%\Application Data\*. >

    < %ALLUSERSPROFILE%\Application Data\*.exe /s >

    < %APPDATA%\*. >
    [2011/11/20 15:46:54 | 000,000,000 | ---D | M] -- C:\Users\biggy\AppData\Roaming\AccurateRip
    [2011/08/19 08:12:48 | 000,000,000 | ---D | M] -- C:\Users\biggy\AppData\Roaming\Adobe
    [2011/11/03 11:38:34 | 000,000,000 | ---D | M] -- C:\Users\biggy\AppData\Roaming\Apple Computer
    [2010/11/04 19:18:32 | 000,000,000 | ---D | M] -- C:\Users\biggy\AppData\Roaming\Avira
    [2011/11/20 15:18:09 | 000,000,000 | ---D | M] -- C:\Users\biggy\AppData\Roaming\Babylon
    [2010/01/14 12:13:09 | 000,000,000 | ---D | M] -- C:\Users\biggy\AppData\Roaming\DAEMON Tools Lite
    [2010/02/24 18:25:03 | 000,000,000 | ---D | M] -- C:\Users\biggy\AppData\Roaming\DeepBurner
    [2010/07/24 18:03:32 | 000,000,000 | ---D | M] -- C:\Users\biggy\AppData\Roaming\DivX
    [2010/11/04 20:46:10 | 000,000,000 | ---D | M] -- C:\Users\biggy\AppData\Roaming\dvdcss
    [2010/02/03 13:24:51 | 000,000,000 | ---D | M] -- C:\Users\biggy\AppData\Roaming\Facebook
    [2011/11/20 18:15:00 | 000,000,000 | ---D | M] -- C:\Users\biggy\AppData\Roaming\foobar2000
    [2010/01/13 23:57:16 | 000,000,000 | ---D | M] -- C:\Users\biggy\AppData\Roaming\gtk-2.0
    [2010/01/13 19:10:33 | 000,000,000 | ---D | M] -- C:\Users\biggy\AppData\Roaming\Identities
    [2010/01/14 01:30:23 | 000,000,000 | ---D | M] -- C:\Users\biggy\AppData\Roaming\Intel
    [2011/07/20 00:43:07 | 000,000,000 | ---D | M] -- C:\Users\biggy\AppData\Roaming\iPodder
    [2011/01/18 19:56:18 | 000,000,000 | ---D | M] -- C:\Users\biggy\AppData\Roaming\Local
    [2010/01/13 21:55:25 | 000,000,000 | ---D | M] -- C:\Users\biggy\AppData\Roaming\Macromedia
    [2011/11/20 18:31:35 | 000,000,000 | ---D | M] -- C:\Users\biggy\AppData\Roaming\Malwarebytes
    [2009/07/14 10:00:41 | 000,000,000 | ---D | M] -- C:\Users\biggy\AppData\Roaming\Media Center Programs
    [2011/08/19 08:12:48 | 000,000,000 | --SD | M] -- C:\Users\biggy\AppData\Roaming\Microsoft
    [2010/01/13 20:11:24 | 000,000,000 | ---D | M] -- C:\Users\biggy\AppData\Roaming\Mozilla
    [2011/10/15 09:43:36 | 000,000,000 | ---D | M] -- C:\Users\biggy\AppData\Roaming\Pouchin TV Mod
    [2010/08/12 00:40:13 | 000,000,000 | ---D | M] -- C:\Users\biggy\AppData\Roaming\Research In Motion
    [2011/11/20 15:16:57 | 000,000,000 | ---D | M] -- C:\Users\biggy\AppData\Roaming\vlc
    [2010/07/25 18:20:58 | 000,000,000 | ---D | M] -- C:\Users\biggy\AppData\Roaming\WinBatch
    [2010/01/14 01:25:02 | 000,000,000 | ---D | M] -- C:\Users\biggy\AppData\Roaming\WinRAR

    < %APPDATA%\*.exe /s >
    [2010/02/03 13:24:51 | 000,050,354 | ---- | M] (Facebook, Inc.) -- C:\Users\biggy\AppData\Roaming\Facebook\uninstall.exe
    [2011/04/20 21:16:17 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\biggy\AppData\Roaming\Microsoft\Installer\{B0A92733-C870-415C-A494-DF72C2C58402}\ARPPRODUCTICON.exe
    [2011/06/07 07:31:10 | 002,959,376 | ---- | M] (Microsoft Corporation) -- C:\Users\biggy\AppData\Roaming\Research In Motion\BlackBerry Desktop\Updates\A7227214-39BE-46b4-8F87-42650B1C1046\dotnetfx35setup.exe
    [2011/07/22 09:48:38 | 117,454,168 | ---- | M] () -- C:\Users\biggy\AppData\Roaming\Research In Motion\BlackBerry Desktop\Updates\A7227214-39BE-46b4-8F87-42650B1C1046\Extractor.exe
    [2011/06/07 07:31:10 | 000,128,472 | ---- | M] (Macrovision Corporation) -- C:\Users\biggy\AppData\Roaming\Research In Motion\BlackBerry Desktop\Updates\A7227214-39BE-46b4-8F87-42650B1C1046\Helper.exe
    [2011/06/07 07:31:10 | 001,821,192 | ---- | M] (Microsoft Corporation) -- C:\Users\biggy\AppData\Roaming\Research In Motion\BlackBerry Desktop\Updates\A7227214-39BE-46b4-8F87-42650B1C1046\vcredist_x86.exe
    [2011/06/07 07:31:08 | 000,419,672 | ---- | M] (Research In Motion Limited) -- C:\Users\biggy\AppData\Roaming\Research In Motion\BlackBerry Desktop\Updates\A7227214-39BE-46b4-8F87-42650B1C1046\InstallerUtils\InstallerUtils.exe
    [2011/06/07 07:31:10 | 000,081,240 | ---- | M] (Research In Motion Limited) -- C:\Users\biggy\AppData\Roaming\Research In Motion\BlackBerry Desktop\Updates\A7227214-39BE-46b4-8F87-42650B1C1046\InstallerUtils\Setup.exe
    [2010/08/03 20:38:38 | 000,400,728 | ---- | M] (Research In Motion Limited) -- C:\Users\biggy\AppData\Roaming\Research In Motion\BlackBerry\Updates\F4FAEEFE-8DE3-4f0a-9182-5D8C6401AB3B\BBDesktopInstaller.exe
    [2010/08/03 20:38:38 | 002,959,376 | ---- | M] (Microsoft Corporation) -- C:\Users\biggy\AppData\Roaming\Research In Motion\BlackBerry\Updates\F4FAEEFE-8DE3-4f0a-9182-5D8C6401AB3B\dotnetfx35setup.exe
    [2010/08/12 00:15:48 | 102,135,128 | ---- | M] () -- C:\Users\biggy\AppData\Roaming\Research In Motion\BlackBerry\Updates\F4FAEEFE-8DE3-4f0a-9182-5D8C6401AB3B\Extractor.exe
    [2010/08/03 20:38:38 | 000,128,472 | ---- | M] (Macrovision Corporation) -- C:\Users\biggy\AppData\Roaming\Research In Motion\BlackBerry\Updates\F4FAEEFE-8DE3-4f0a-9182-5D8C6401AB3B\Helper.exe
    [2010/08/03 20:38:40 | 001,821,192 | ---- | M] (Microsoft Corporation) -- C:\Users\biggy\AppData\Roaming\Research In Motion\BlackBerry\Updates\F4FAEEFE-8DE3-4f0a-9182-5D8C6401AB3B\vcredist_x86.exe

    < %systemroot%\*. /mp /s >

    < %systemroot%\system32\*.dll /lockedfiles >

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\system32\drivers\*.sys /lockedfiles >
    [2010/01/14 11:51:16 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys

    < End of report >

    OTL Extras logfile created on: 20/11/2011 18:52:51 - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\biggy\Downloads
    Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

    2,00 Gb Total Physical Memory | 1,24 Gb Available Physical Memory | 61,99% Memory free
    4,00 Gb Paging File | 2,80 Gb Available in Paging File | 70,04% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 74,52 Gb Total Space | 9,80 Gb Free Space | 13,15% Space Free | Partition Type: NTFS
    Drive E: | 73,06 Gb Total Space | 4,40 Gb Free Space | 6,03% Space Free | Partition Type: NTFS

    Computer Name: BIGGY-PC | User Name: biggy | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-354180628-3701239105-950062051-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{04EF24DF-9468-4B44-93C3-EB70CBCB706A}" = o2c_2Go!
    "{10113A44-CBFF-4FF7-8A13-BD1EC4180C56}" = Protector Suite QL 5.6
    "{133742BA-6F46-4D3E-85AF-78631D9AD8B8}" = Installation Windows Live
    "{18754BA4-4F0C-4E6E-888B-9496AFA05F43}" = Ma-Config.com
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 29
    "{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{445B183D-F4F1-45C8-B9DB-F11355CA657B}" = Windows Live Messenger
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{75157F34-02C6-4831-BD66-3BC49E7A8394}" = BlackBerry Desktop Software 6.1
    "{76F0FEBD-6C17-4D57-2286-A5D451AB5D76}" = Ultimate ZIP Cracker Trial version
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
    "{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
    "{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime 1.10.01
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
    "{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
    "{90120000-0015-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
    "{90120000-0016-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
    "{90120000-0018-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
    "{90120000-0019-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
    "{90120000-001A-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
    "{90120000-001B-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
    "{90120000-001F-0401-0000-0000000FF1CE}_PROPLUS_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
    "{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
    "{90120000-001F-0413-0000-0000000FF1CE}_PROPLUS_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
    "{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007
    "{90120000-0044-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
    "{90120000-006E-040C-0000-0000000FF1CE}_PROPLUS_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV pour Windows Media Center
    "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
    "{AC76BA86-7AD7-1036-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Français
    "{B0A92733-C870-415C-A494-DF72C2C58402}" = BlackBerry Device Software Updater
    "{B3B487E7-6171-4376-9074-B28082CEB504}" = Windows Live Call
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{C7132F71-289A-4111-A9A9-1DD28C7B80A7}" = TVCenter
    "{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
    "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
    "{CCAFF072-4DDB-4846-963D-15F02A8E9472}" = Logiciel Intel(R) PROSet/Wireless WiFi
    "{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}" = Pinnacle TVCenter Pro
    "{F7B05784-334C-4F76-8BAB-30ABEB7FD534}" = TIPCI
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
    "BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
    "dBpoweramp Music Converter" = dBpoweramp Music Converter
    "Everest Poker.fr" = Everest Poker.fr (Remove Only)
    "foobar2000" = foobar2000 v1.1
    "InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
    "InstallShield_{F7B05784-334C-4F76-8BAB-30ABEB7FD534}" = Texas Instruments PCIxx21/x515/xx12 drivers.
    "Juice" = Juice 2.2
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Mozilla Firefox 7.0.1 (x86 fr)" = Mozilla Firefox 7.0.1 (x86 fr)
    "NVIDIA Drivers" = NVIDIA Drivers
    "Pouchin TV Mod" = Pouchin TV Mod
    "ProInst" = Intel PROSet Wireless
    "PROPLUS" = Microsoft Office Professional Plus 2007
    "Shutdown-IT" = Shutdown-IT
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "VLC media player" = VLC media player 1.1.11
    "WinLiveSuite_Wave3" = Installation Windows Live
    "WinRAR archiver" = Logiciel d'archivage WinRAR

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-354180628-3701239105-950062051-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Facebook Plug-In" = Facebook Plug-In
    "Google Chrome" = Google Chrome

    ========== Last 10 Event Log Errors ==========

    Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

    < End of report >

    2 Février 2012 14:48:50

    Bonjour,
    Babylon search s'installe quand tu télécharges certains logiciels, exemple:

    Télécharger xxx: il y a : accepter conditions.... puis quelques fois il y a : "installer barres doutils xxx" ou "installer tel logiciel" et le + souvent cest babylon toolbar et babylon search tu dois decocher le "installer" quand tu telecharges .


    14 Février 2012 21:26:58

    hyunkel30 a dit :
    Bonjour,

    Oui babylone est plutôt lié à des sponsors.

    La détection d'antivir ressemble plu à un FP, mais cela peut dépendre :
    - Si c'est un cd original du jeu, c'est un Faux Positif
    - Si c'est un cd gravé issue du p2p ou autre, on peut avoir des doutes.

    Pour enlever les dernières traces de babylone :

    Télécharge OTL (de Old Timer) sur ton bureau.
  • Ferme toutes tes fenêtres, puis double clique sur OTL.exe pour le lancer.
    (Utilisateur de Vista/Windows 7 faites un clic droit -> "Exécuter en tant qu'administrateur")
  • Coche en haut la case devant "Tous les utilisateurs"
  • Sous Personnalisation, copie-colle l'ensemble du texte ci-dessous, laisse les autres options par défaut.
    netsvcs
    msconfig
    drivers32
    activex
    %SYSTEMDRIVE%\*.exe
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    CREATERESTOREPOINT

  • Clique sur le bouton Analyse en haut à gauche puis patiente quelques instants.
  • A la fin du scan, deux rapports s'ouvriront OTL.Txt et Extras.Txt. Copie/colle ici l'ensemble des rapports.
    PS : Les rapports sont aussi enregistrés sur le bureauOTL logfile created on: 2012-02-14 14:37:17 - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\lucie\Desktop\Transfer de vinyl
    Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000c0c | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd

    1,44 Gb Total Physical Memory | 0,80 Gb Available Physical Memory | 55,52% Memory free
    2,87 Gb Paging File | 1,98 Gb Available in Paging File | 69,09% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 136,71 Gb Total Space | 64,55 Gb Free Space | 47,21% Space Free | Partition Type: NTFS
    Drive D: | 12,33 Gb Total Space | 5,63 Gb Free Space | 45,66% Space Free | Partition Type: NTFS

    Computer Name: LUCIE-PC | User Name: lucie | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012-02-14 14:32:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\lucie\Desktop\Transfer de vinyl\OTL.exe
    PRC - [2011-11-28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    PRC - [2011-02-26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2010-03-15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsAuxs.exe
    PRC - [2009-07-13 20:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2009-03-27 21:10:56 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
    PRC - [2008-06-26 18:09:36 | 000,167,936 | ---- | M] () -- C:\Program Files\D-Link\DWA-131 revA\WlanWpsSvc.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011-10-05 03:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
    MOD - [2010-06-04 22:41:30 | 001,564,880 | ---- | M] () -- C:\Program Files\Druide\Antidote 7\Programmes32\libQtXmlPatternsDruide32_7.dll
    MOD - [2010-06-04 22:41:28 | 006,891,216 | ---- | M] () -- C:\Program Files\Druide\Antidote 7\Programmes32\libQtGuiDruide32_7.dll
    MOD - [2010-06-04 22:41:28 | 000,626,896 | ---- | M] () -- C:\Program Files\Druide\Antidote 7\Programmes32\libQtNetworkDruide32_7.dll
    MOD - [2010-06-04 22:41:26 | 001,966,800 | ---- | M] () -- C:\Program Files\Druide\Antidote 7\Programmes32\libQtCoreDruide32_7.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2011-11-28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2011-06-30 18:50:19 | 000,069,120 | ---- | M] (BOONTY) [On_Demand | Stopped] -- C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe -- (Boonty Games)
    SRV - [2010-11-19 06:57:14 | 001,150,936 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\PC Tools Security\pctsSvc.exe -- (sdCoreService)
    SRV - [2010-08-10 16:41:36 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2010-03-15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
    SRV - [2009-07-13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009-07-13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
    SRV - [2009-03-27 21:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
    SRV - [2008-06-26 18:09:36 | 000,167,936 | ---- | M] () [Auto | Running] -- C:\Program Files\D-Link\DWA-131 revA\WlanWpsSvc.exe -- (WlanWpsSvc)


    ========== Driver Services (SafeList) ==========

    DRV - [2011-11-28 12:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2011-11-28 12:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2011-11-28 12:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2011-11-28 12:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2011-11-28 12:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV - [2011-11-28 12:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2010-11-25 10:43:00 | 000,239,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
    DRV - [2010-09-17 04:10:36 | 000,596,992 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su)
    DRV - [2010-07-16 14:59:54 | 000,338,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\pctDS.sys -- (pctDS)
    DRV - [2010-02-11 02:42:22 | 004,450,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
    DRV - [2009-08-13 14:07:12 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2009-07-13 18:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
    DRV - [2009-07-13 18:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
    DRV - [2009-07-13 17:02:52 | 000,043,008 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
    DRV - [2009-06-18 18:45:02 | 004,172,832 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVAC.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
    DRV - [2007-03-27 17:19:36 | 010,252,544 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
    DRV - [2006-04-07 17:06:38 | 000,038,496 | ---- | M] (OLYMPUS IMAGING CORP.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VNUSB.sys -- (VNUSB)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - No CLSID value found


    IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-320027058-3743665218-3297556579-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.facebook.com/home.php?ref=logo
    IE - HKU\S-1-5-21-320027058-3743665218-3297556579-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/defaultf.aspx?lang=fr-ca&OCID=iehp
    IE - HKU\S-1-5-21-320027058-3743665218-3297556579-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr-ca
    IE - HKU\S-1-5-21-320027058-3743665218-3297556579-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 03 F3 5A 2C D6 38 CB 01 [binary data]
    IE - HKU\S-1-5-21-320027058-3743665218-3297556579-1001\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
    IE - HKU\S-1-5-21-320027058-3743665218-3297556579-1001\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - No CLSID value found
    IE - HKU\S-1-5-21-320027058-3743665218-3297556579-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-320027058-3743665218-3297556579-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "BearShare Web Search"
    FF - prefs.js..browser.search.order.1: "BearShare Web Search"
    FF - prefs.js..browser.search.selectedEngine: "BearShare Web Search"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
    FF - prefs.js..extensions.enabledItems: ffxtlbr@Facemoods.com:1.1.0
    FF - prefs.js..extensions.enabledItems: textlinks@playsushi.com:1.2.1
    FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
    FF - prefs.js..extensions.enabledItems: {b9d63c58-90cc-428b-8d3b-cbb88eb07e7e}:3.2.5.2
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7280
    FF - prefs.js..keyword.URL: "http://start.facemoods.com/results.php?f=5&a=wfxt3&q="


    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\lucie\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

    [2010-12-24 09:57:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lucie\AppData\Roaming\mozilla\Extensions
    [2012-02-03 23:01:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lucie\AppData\Roaming\mozilla\Firefox\Profiles\xsu47hca.default\extensions
    [2010-08-22 21:49:39 | 000,000,000 | ---D | M] (Softonic_France Toolbar) -- C:\Users\lucie\AppData\Roaming\mozilla\Firefox\Profiles\xsu47hca.default\extensions\{364d4e0c-543f-4b85-abe3-19551139da4f}
    [2010-08-28 06:06:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lucie\AppData\Roaming\mozilla\Firefox\Profiles\xsu47hca.default\extensions\{4daac69c-cba7-45e2-9bc8-1044483d3352}
    [2010-11-06 18:19:59 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Users\lucie\AppData\Roaming\mozilla\Firefox\Profiles\xsu47hca.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
    [2010-12-18 12:43:00 | 000,000,000 | ---D | M] (Elf 1.15 Community Toolbar) -- C:\Users\lucie\AppData\Roaming\mozilla\Firefox\Profiles\xsu47hca.default\extensions\{b9d63c58-90cc-428b-8d3b-cbb88eb07e7e}
    [2010-12-18 12:43:00 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\lucie\AppData\Roaming\mozilla\Firefox\Profiles\xsu47hca.default\extensions\engine@conduit.com
    [2012-02-03 23:01:34 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\lucie\AppData\Roaming\mozilla\Firefox\Profiles\xsu47hca.default\extensions\ffxtlbr@babylon.com
    [2010-08-15 14:30:21 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\lucie\AppData\Roaming\mozilla\Firefox\Profiles\xsu47hca.default\extensions\ffxtlbr@Facemoods.com
    [2010-09-24 09:58:13 | 000,000,000 | ---D | M] (PlaySushi TextLinks) -- C:\Users\lucie\AppData\Roaming\mozilla\Firefox\Profiles\xsu47hca.default\extensions\textlinks@playsushi.com
    [2010-09-14 07:41:12 | 000,002,506 | ---- | M] () -- C:\Users\lucie\AppData\Roaming\Mozilla\Firefox\Profiles\xsu47hca.default\searchplugins\BearShareWebSearch.xml
    [2010-08-28 06:06:32 | 000,001,819 | ---- | M] () -- C:\Users\lucie\AppData\Roaming\Mozilla\Firefox\Profiles\xsu47hca.default\searchplugins\bing.xml

    O1 HOSTS File: ([2011-01-23 15:15:16 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (no name) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - No CLSID value found.
    O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (no name) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - No CLSID value found.
    O3 - HKU\S-1-5-21-320027058-3743665218-3297556579-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKU\S-1-5-21-320027058-3743665218-3297556579-1001\..\Toolbar\WebBrowser: (no name) - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - No CLSID value found.
    O3 - HKU\S-1-5-21-320027058-3743665218-3297556579-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: verbosestatus = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
    O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.... (Microsoft Office Template and Media Control)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/direc... (Shockwave ActiveX Control)
    O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/direc... (Shockwave ActiveX Control)
    O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/download/scan... (Windows Live OneCare safety scanner control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-wind... (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-wind... (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-wind... (Java Plug-in 1.6.0_26)
    O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://iplay.oberon-media.com/Gameshell/GameHost/1.0/Ob... (Oberon Flash Game Host)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5539E7EC-082E-4F19-84E0-5F82E77B52FB}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BDFAAB4F-D37D-445F-99CC-76AB4F50BD55}: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\intu-ir2009 {E4616804-F2F8-4839-B728-5305004DA6A7} - C:\Program Files\ImpotRapide 2009\ic2009pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Device Detector 3.lnk - C:\PROGRA~1\Olympus\DEVICE~1\DevDtct2.exe - (OLYMPUS IMAGING CORP.)
    MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Wireless Connection Manager.lnk - C:\PROGRA~1\D-Link\DWA-13~1\WIRELE~1.EXE - (D-Link Corp.)
    MsConfig - StartUpFolder: C:^Users^lucie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 - Capture d'écran et lancement.lnk - - File not found
    MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
    MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    MsConfig - StartUpReg: agentantidote.exe - hkey= - key= - C:\Program Files\Druide\Antidote 7\Programmes32\agentantidote.exe (Druide informatique inc.)
    MsConfig - StartUpReg: Facebook Update - hkey= - key= - C:\Users\lucie\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
    MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
    MsConfig - StartUpReg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
    MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
    MsConfig - StartUpReg: Malwarebytes' Anti-Malware (reboot) - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
    MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime Alternative\QTTask.exe (Apple Inc.)
    MsConfig - StartUpReg: snpstd3 - hkey= - key= - C:\Windows\vsnpstd3.exe ()
    MsConfig - StartUpReg: SoundMan - hkey= - key= - C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
    MsConfig - StartUpReg: StartCCC - hkey= - key= - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
    MsConfig - State: "startup" - 2

    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.ffds - C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll ()

    ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
    ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
    ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
    ActiveX: {3AE0F415-C135-5E4B-58C9-E4958795252D} - Browser Customizations
    ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
    ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
    ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
    ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
    ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
    ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
    ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
    ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
    ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
    ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
    ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
    ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
    ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
    ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
    ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - .NET Framework
    ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
    ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
    ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
    ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
    ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
    ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
    ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012-02-12 00:26:01 | 000,000,000 | ---D | C] -- C:\Users\lucie\Documents\ResultReport_fichiers
    [2012-02-09 02:15:54 | 000,000,000 | ---D | C] -- C:\Users\lucie\AppData\Local\ElevatedDiagnostics
    [2012-02-03 23:02:32 | 000,000,000 | ---D | C] -- C:\Users\lucie\AppData\Roaming\SumatraPDF
    [2012-02-03 23:01:26 | 000,000,000 | ---D | C] -- C:\Users\lucie\AppData\Local\Babylon
    [2012-02-03 23:01:23 | 000,000,000 | ---D | C] -- C:\Users\lucie\AppData\Roaming\Babylon
    [2012-02-03 23:01:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
    [2012-02-03 23:01:18 | 000,000,000 | ---D | C] -- C:\Program Files\FoxTabPDFReader
    [2012-02-02 18:20:09 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
    [2012-02-02 09:50:13 | 000,000,000 | ---D | C] -- C:\Users\lucie\AppData\Local\{A4777B27-66FE-4ED7-BF2B-AA2928107F6A}
    [2012-02-02 09:49:55 | 000,000,000 | ---D | C] -- C:\Users\lucie\AppData\Local\{8B63F4B9-17B8-43DC-B8A4-19D88E057C2E}
    [2012-01-31 09:29:13 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll
    [2012-01-31 09:29:13 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
    [2012-01-29 14:06:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    [2012-01-24 15:33:54 | 000,000,000 | ---D | C] -- C:\Users\lucie\AppData\Local\{DB17A264-49E5-44FB-B4BD-8841571C7FE4}
    [2012-01-24 15:33:19 | 000,000,000 | ---D | C] -- C:\Users\lucie\AppData\Local\{1F7E19F2-A0BB-4F0E-9376-4AB7D490191A}
    [2007-03-12 10:41:52 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll
    [2005-11-23 11:55:32 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [1 C:\Users\lucie\*.tmp files -> C:\Users\lucie\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012-02-14 14:26:23 | 000,027,623 | ---- | M] () -- C:\Users\lucie\AppData\Roaming\UserTile.png
    [2012-02-14 14:23:02 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012-02-14 13:58:03 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-320027058-3743665218-3297556579-1001UA.job
    [2012-02-14 09:37:36 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012-02-14 09:37:36 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012-02-14 09:30:38 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012-02-14 09:29:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012-02-14 09:29:43 | 1156,489,216 | -HS- | M] () -- C:\hiberfil.sys
    [2012-02-13 16:58:05 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-320027058-3743665218-3297556579-1001Core.job
    [2012-02-12 00:26:01 | 000,234,540 | ---- | M] () -- C:\Users\lucie\Documents\ResultReport.htm
    [2012-02-03 23:02:39 | 000,000,474 | ---- | M] () -- C:\user.js
    [2012-02-02 18:20:09 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
    [2012-01-27 00:21:24 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [1 C:\Users\lucie\*.tmp files -> C:\Users\lucie\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012-02-14 14:26:23 | 000,027,623 | ---- | C] () -- C:\Users\lucie\AppData\Roaming\UserTile.png
    [2012-02-12 00:26:00 | 000,234,540 | ---- | C] () -- C:\Users\lucie\Documents\ResultReport.htm
    [2012-02-04 00:01:37 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
    [2012-02-03 23:01:36 | 000,000,474 | ---- | C] () -- C:\user.js
    [2011-10-08 18:25:42 | 000,000,084 | ---- | C] () -- C:\Windows\Antidote7.ini
    [2011-08-15 13:05:05 | 000,007,609 | ---- | C] () -- C:\Users\lucie\AppData\Local\Resmon.ResmonCfg
    [2011-07-01 10:54:59 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
    [2011-05-23 15:14:26 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2011-05-04 11:15:33 | 000,007,680 | ---- | C] () -- C:\Users\lucie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010-12-18 13:00:39 | 000,114,688 | ---- | C] () -- C:\Windows\System32\OdiOlDVR.dll
    [2010-12-18 13:00:39 | 000,053,248 | ---- | C] () -- C:\Windows\System32\OdiAPI.dll
    [2010-11-17 14:57:03 | 000,153,088 | ---- | C] () -- C:\Program Files\UNWISE.EXE
    [2010-08-31 19:38:20 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2010-08-09 21:18:39 | 000,335,464 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2010-02-11 00:30:38 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
    [2009-07-14 03:39:49 | 000,704,242 | ---- | C] () -- C:\Windows\System32\perfh00C.dat
    [2009-07-14 03:39:49 | 000,344,522 | ---- | C] () -- C:\Windows\System32\perfi00C.dat
    [2009-07-14 03:39:49 | 000,130,548 | ---- | C] () -- C:\Windows\System32\perfc00C.dat
    [2009-07-14 03:39:49 | 000,038,160 | ---- | C] () -- C:\Windows\System32\perfd00C.dat
    [2009-07-13 23:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2009-07-13 21:05:48 | 000,615,810 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2009-07-13 21:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2009-07-13 21:05:48 | 000,106,190 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2009-07-13 21:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2009-07-13 21:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2009-07-13 21:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2009-07-13 19:55:09 | 000,587,776 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll
    [2009-07-13 18:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2009-07-13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
    [2009-07-13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
    [2009-06-10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
    [2009-06-09 16:28:36 | 000,032,769 | ---- | C] () -- C:\Windows\System32\ltltwin.dll
    [2009-04-23 17:29:16 | 000,189,051 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
    [2009-04-14 06:43:32 | 000,154,144 | ---- | C] () -- C:\Windows\System32\RTLCPAPI.dll
    [2006-09-19 08:07:28 | 000,827,392 | ---- | C] () -- C:\Windows\vsnpstd3.exe
    [2004-02-27 15:36:18 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini

    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.exe >

    < %ALLUSERSPROFILE%\Application Data\*. >

    < %ALLUSERSPROFILE%\Application Data\*.exe /s >

    < %APPDATA%\*. >
    [2012-02-12 16:36:19 | 000,000,000 | ---D | M] -- C:\Users\lucie\AppData\Roaming\Abra Academy2
    [2011-09-01 12:08:47 | 000,000,000 | ---D | M] -- C:\Users\lucie\AppData\Roaming\Adobe
    [2011-02-13 02:27:38 | 000,000,000 | ---D | M] -- C:\Users\lucie\AppData\Roaming\Anarchy
    [2011-07-29 21:49:36 | 000,000,000 | ---D | M] -- C:\Users\lucie\AppData\Roaming\Apple Computer
    [2010-08-31 19:39:02 | 000,000,000 | ---D | M] -- C:\Users\lucie\AppData\Roaming\ATI
    [2012-02-03 23:01:23 | 000,000,000 | ---D | M] -- C:\Users\lucie\AppData\Roaming\Babylon
    [2011-10-08 18:23:55 | 000,000,000 | ---D | M] -- C:\Users\lucie\AppData\Roaming\Druide
    [2011-02-06 10:22:39 | 000,000,000 | ---D | M] -- C:\Users\lucie\AppData\Roaming\ElementalsTheMagicKey
    [2011-06-27 21:18:03 | 000,000,000 | ---D | M] -- C:\Users\lucie\AppData\Roaming\EnchantedCavern
    [2011-02-09 15:40:39 | 000,000,000 | ---D | M] -- C:\Users\lucie\AppData\Roaming\Enlightenus
    [2011-07-28 22:16:51 | 000,000,000 | ---D | M] -- C:\Users\lucie\AppData\Roaming\Friday's games
    [2011-06-29 18:01:12 | 000,000,000 | ---D | M] -- C:\Users\lucie\AppData\Roaming\GameHousev1002
    [2011-08-29 21:54:46 | 000,000,000 | ---D | M] -- C:\Users\lucie\AppData\Roaming\Gamenauts
    [2011-08-29 22:06:06 | 000,000,000 | ---D | M] -- C:\Users\lucie\AppData\Roaming\Games
    [2010-11-21 13:24:57 | 000,000,000 | ---D | M] -- C:\Users\lucie\AppData\Roaming\GARMIN
    [2011-11-11 17:07:24 | 000,000,000 | ---D | M] -- C:\Users\lucie\AppData\Roaming\Google
    [2010-09-30 22:00:01 | 000,000,000 | ---D | M] -- C:\Users\lucie\AppData\Roaming\HdO Adventure
    [2010-11-06 20:12:02 | 000,000,000 | ---D | M] -- C:\Users\lucie\AppData\Roaming\Identities
    [2010-09-03 14:21:59 | 000,000,000 | ---D | M] -- C:\Users\lucie\AppData\Roaming\InstallShield
    [2011-04-14 17:53:15 | 000,000,000 | ---D | M] -- C:\Users\lucie\AppData\Roaming\Intuit Canada
    [2010-11-06 12:46:03 | 000,000,000 | ---D | M] -- C:\Users\lucie\AppData\Roaming\iWin
    [2010-09-30 21:45:43 | 000,000,000 | ---D | M] -- C:\Users\lucie\AppData\Roaming\Jetdogs Studios
    [2011-07-01 07:07:20 | 000,000,000 | ---D | M] -- C:\Users\lucie\AppData\Roaming\Jewel Match 3
    [2010-09-30 22:35:41 | 000,000,000 | ---D | M] -- C:\Users\lucie\AppData\Roaming\JewelMatch2
    [2010-08-10 16:51:32 | 000,000,000 | ---D | M] -- C:\Users\lucie\AppData\Roaming\Macromedia
    [2011-01-23 13:41:34 | 000,000,000 | ---D | M] -- C:\Users\lucie\AppData\Roaming\Malwarebytes
    [2009-07-14 04:00:22 | 000,000,000 | ---D | M] -- C:\Users\lucie\AppData\Roaming\Media Center Programs
    [2010-09-30 22:11:39 | 000,000,000 | ---D | M] -- C:\Users\lucie\AppData\Roaming\Merscom
    [2012-01-06 06:11:09 | 000,000,000 | --SD | M] -- C:\Users\lucie\AppData\Roaming\Microsoft
    [2010-12-24 09:57:30 | 000,000,000 | ---D | M] -- C:\Users\lucie\AppData\Roaming\Mozilla
    [2010-12-24 10:06:07 | 000,000,000 | ---D | M] -- C:\Users\lucie\AppData\Roaming\MusicNet
    [2010-08-13 00:37:07 | 000,000,000 | ---D | M] -- C:\Users\lucie\AppData\Roaming\Nero
    [2010-08-22 21:49:53 | 000,000,000 | ---D | M] -- C:\Users\lucie\AppData\Roaming\Notepad++
    [2010-11-15 18:01:37 | 000,000,000 | ---D | M] -- C:\Users\lucie\AppData\Roaming\Oberon Media
    [2011-04-18 19:29:04 | 000,000,000 | ---D | M] -- C:\Users\lucie\AppData\Roaming\Orneon
    [2011-01-23 14:45:53 | 000,000,000 | ---D | M] -- C:\Users\lucie\AppData\Roaming\PC Tools
    [2010-08-30 19:05:51 | 000,000,000 | ---D | M] -- C:\Users\lucie\AppData\Roaming\Peace Craft
    [2010-08-16 22:01:46 | 000,000,000 | ---D | M] -- C:\Users\lucie\AppData\Roaming\PhotoInPress
    [2011-07-28 12:07:21 | 000,000,000 | ---D | M] -- C:\Users\lucie\AppData\Roaming\Pi Eye Games
    [2011-08-31 22:41:23 | 000,000,000 | ---D | M] -- C:\Users\lucie\AppData\Roaming\PoBros
    [2012-01-29 14:37:39 | 000,000,000 | ---D | M] -- C:\Users\lucie\AppData\Roaming\Skype
    [2011-11-13 00:08:26 | 000,000,000 | ---D | M] -- C:\Users\lucie\AppData\Roaming\skypePM
    [2011-04-13 23:48:09 | 000,000,000 | ---D | M] -- C:\Users\lucie\AppData\Roaming\SpinTop Games
    [2012-02-03 23:02:34 | 000,000,000 | ---D | M] -- C:\Users\lucie\AppData\Roaming\SumatraPDF
    [2011-04-26 18:58:24 | 000,000,000 | ---D | M] -- C:\Users\lucie\AppData\Roaming\SunRay Games
    [2010-08-31 18:14:37 | 000,000,000 | ---D | M] -- C:\Users\lucie\AppData\Roaming\TeamViewer
    [2011-10-25 00:10:30 | 000,000,000 | ---D | M] -- C:\Users\lucie\AppData\Roaming\Template
    [2010-09-30 21:54:51 | 000,000,000 | ---D | M] -- C:\Users\lucie\AppData\Roaming\The Inquisitor
    [2011-03-15 08:59:30 | 000,000,000 | ---D | M] -- C:\Users\lucie\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
    [2012-01-29 14:37:39 | 000,000,000 | ---D | M] -- C:\Users\lucie\AppData\Roaming\uTorrent
    [2010-09-06 14:59:48 | 000,000,000 | ---D | M] -- C:\Users\lucie\AppData\Roaming\Vast Studios
    [2011-06-29 09:56:53 | 000,000,000 | ---D | M] -- C:\Users\lucie\AppData\Roaming\vlc
    [2011-02-06 17:42:43 | 000,000,000 | ---D | M] -- C:\Users\lucie\AppData\Roaming\Vogat Interactive
    [2011-07-31 14:17:46 | 000,000,000 | ---D | M] -- C:\Users\lucie\AppData\Roaming\Windows Live Writer
    [2010-08-15 18:30:41 | 000,000,000 | ---D | M] -- C:\Users\lucie\AppData\Roaming\WinRAR
    [2010-08-09 22:17:36 | 000,000,000 | ---D | M] -- C:\Users\lucie\AppData\Roaming\Yahoo!
    [2010-11-06 20:12:02 | 000,000,000 | ---D | M] -- C:\Users\lucie\AppData\Roaming\Zylom

    < %APPDATA%\*.exe /s >
    [2011-03-15 08:58:24 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\lucie\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
    [2010-08-31 19:32:41 | 000,010,134 | R--- | M] () -- C:\Users\lucie\AppData\Roaming\Microsoft\Installer\{9DBCF44B-77AC-81D8-0F8E-1E60D6330AC2}\ARPPRODUCTICON.exe

    < %systemroot%\*. /mp /s >

    < %systemroot%\system32\*.dll /lockedfiles >
    [2011-07-07 02:28:22 | 001,193,320 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FM20.DLL

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\system32\drivers\*.sys /lockedfiles >

    < >

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:5BC73C48
    @Alternate Data Stream - 297 bytes -> C:\ProgramData\TEMP:F21B6EAC
    @Alternate Data Stream - 202 bytes -> C:\ProgramData\TEMP:82CC2E16
    @Alternate Data Stream - 183 bytes -> C:\ProgramData\TEMP:D FC5A2B2
    @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:F9EDCFB0
    @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:E6C6EB3B
    @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:57B374AB
    @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:5CE65446
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:9B9085E9
    @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:17D88661
    @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:64170090
    @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:E0F0F1BE
    @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:E9FAC3AB
    @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:7B52659E
    @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:1709732A
    @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:082EF53F
    @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:C3C72D5F
    @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:7C60A173
    @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:E945C214
    @Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:12D2EB9C
    @Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:3B812EE0
    @Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:47FE7AB7

    < End of report >


    Pour les rapports, merci d'utiliser ce service de rapport en ligne : dépose le fichier via "parcourir" et poste simplement le lien obtenu.


    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS