Sujet Précédent Sujet Suivant

Help virus BrowserModifier:Win32/Zwangi

Fermé
mimibuils31 Messages postés 5 Date d'inscription lundi 13 août 2012 Statut Membre Dernière intervention 13 août 2012 - Modifié par mimibuils31 le 13/08/2012 à 10:44
mimibuils31 Messages postés 5 Date d'inscription lundi 13 août 2012 Statut Membre Dernière intervention 13 août 2012 - 13 août 2012 à 21:25
Bonjour,
Depuis quelque temps, mon ordinateur portable est très lent et se met a chauffer anormalement. J'ai peur d'être infecté par un ou plusieurs virus. Merci d'avance pour toute l'aide que vous pourrez m'apporter.


A voir également:

4 réponses

Réponse 1 / 4
Utilisateur anonyme
13 août 2012 à 10:39
bonjour,

si il chauffe na rien a voire avec un virus esais de nettoyer ton ordi on bas.. de la page <

http://poloastucien.free.fr/nettoyer_depoussierer_son_pc_h.html

Télécharge AdwCleaner (de Xplode) sur ton Bureau.
http://www.general-changelog-team.fr/telechargements/logiciels/viewdownload/75-outils-de-xplode/28-adwcleaner
* Lance le, clique sur Suppression puis patiente le temps du scan.
* Une fois le scan terminé, un rapport s'ouvrira : poste le dans ta prochaine réponse.

ensuite *

tu a SUPERAntiSpyware !!!

Désinstalle celui que tu ne veux plus !

moi avis perso... garde Malwarebyte et Désinstalle Superantispyware !

Telecharge >-> Malwarebyte <-< ici https://www.clubic.com/telecharger-fiche215092-malwarebytes-anti-malware.html

--> Lance le programme d'instalation et laisse toi guider..
(installe le avec ces parametres par defaut)

--> Une fois installer < inclued picture > < inclued picture > ( ouvre le en mode administrateur pour windows Vista/7 )

--> Clique sur l'onglet mise a jour, et mets le a jour (sinon ineficace),

--> Retourne dans l'onglet recherche, et execute un examen complet,

--> Tu pourra si infection trouver, cliquer sur Afficher la Selection Puis >> Effacer la selection (si redemarage demander, alors accepte)

--> Apres le redemarage, un rapport va se generer, Poste le Ici STP°
0
Réponse 2 / 4
mimibuils31 Messages postés 5 Date d'inscription lundi 13 août 2012 Statut Membre Dernière intervention 13 août 2012
13 août 2012 à 11:07
merci de ton aide. Voici le rapport de adwcleaner


# AdwCleaner v1.800 - Rapport créé le 13/08/2012 à 10:53:19
# Mis à jour le 01/08/2012 par Xplode
# Système d'exploitation : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Nom d'utilisateur : User - ACER
# Exécuté depuis : D:\Downloads\adwcleaner (1).exe
# Option [Suppression]


***** [Services] *****


***** [Fichiers / Dossiers] *****

Dossier Supprimé : C:\ProgramData\Ask
Dossier Supprimé : C:\ProgramData\Trymedia
Dossier Supprimé : C:\Program Files\Conduit
Dossier Supprimé : C:\Program Files\GamesBar
Dossier Supprimé : C:\Program Files\I Want This

***** [Registre] *****

[*] Clé Supprimée : HKLM\SOFTWARE\Classes\CrossriderApp0002258.BHO
[*] Clé Supprimée : HKLM\SOFTWARE\Classes\CrossriderApp0002258.BHO.1
[*] Clé Supprimée : HKLM\SOFTWARE\Classes\CrossriderApp0002258.FBApi
[*] Clé Supprimée : HKLM\SOFTWARE\Classes\CrossriderApp0002258.FBApi.1
[*] Clé Supprimée : HKLM\SOFTWARE\Classes\CrossriderApp0002258.Sandbox
[*] Clé Supprimée : HKLM\SOFTWARE\Classes\CrossriderApp0002258.Sandbox.1
[*] Clé Supprimée : HKLM\SOFTWARE\Classes\Toolbar.CT1060933
[*] Clé Supprimée : HKLM\SOFTWARE\Classes\Toolbar.CT2438727
[*] Clé Supprimée : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Clé Supprimée : HKCU\Software\AppDataLow\Software\Conduit
Clé Supprimée : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Clé Supprimée : HKCU\Software\AppDataLow\Software\Freecause
Clé Supprimée : HKCU\Software\AppDataLow\Software\I Want This
Clé Supprimée : HKCU\Software\AppDataLow\Software\PriceGong
Clé Supprimée : HKCU\Software\AppDataLow\Software\SmartBar
Clé Supprimée : HKCU\Software\AppDataLow\Software\Toolbar
Clé Supprimée : HKCU\Software\Ask&Record
Clé Supprimée : HKCU\Software\Conduit
Clé Supprimée : HKCU\Software\Cr_Installer
Clé Supprimée : HKCU\Software\Nosibay
Clé Supprimée : HKCU\Software\Offerbox
Clé Supprimée : HKCU\Software\Softonic
Clé Supprimée : HKCU\Software\Spointer
Clé Supprimée : HKLM\SOFTWARE\Classes\ShopperReports.Reporter
Clé Supprimée : HKLM\SOFTWARE\Classes\ShopperReports.Reporter.1
Clé Supprimée : HKLM\SOFTWARE\Conduit
Clé Supprimée : HKLM\SOFTWARE\GamesBarSetup
Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk
Clé Supprimée : HKLM\SOFTWARE\Iminent
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want This
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Valeur Supprimée : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Valeur Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Bubble Dock]

***** [Registre - GUID] *****

Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{7025E484-D4B0-441A-9F0B-69063BD679CE}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{8258B35C-05B8-4C0E-9525-9BCCC70F8F2D}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{A89256AD-EC17-4A83-BEF5-4B8BC4F39306}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110011221158}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220022222258}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{33333333-3333-3333-3333-330033223358}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055225558}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066226658}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077227758}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440044224458}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65BCD620-07DD-012F-819F-073CF1B8F7C6}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011221158}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{100EB1FD-D03E-47FD-81F3-EE91287F9465}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011221158}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011221158}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}
Valeur Supprimée : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{977AE9CC-AF83-45E8-9E03-E2798216E2D5}]
Valeur Supprimée : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Navigateurs] *****

-\\ Internet Explorer v8.0.6001.19272

[OK] Le registre ne contient aucune entrée illégitime.

-\\ Google Chrome v21.0.1180.75

*************************

AdwCleaner[S1].txt - [294 octets] - [13/08/2012 10:51:14]
AdwCleaner[S2].txt - [11052 octets] - [13/08/2012 10:53:19]

########## EOF - C:\AdwCleaner[S2].txt - [11181 octets] ##########
0
Utilisateur anonyme
13 août 2012 à 12:57
ok J'attend le rapport Malwarebyte pour la suite !

* Télécharge [url=https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html]ZHPDiag/url (de Nicolas Coolman)
* Lance le (si tu es sous Windows Vista ou Windows 7, fais le par un clic-droit --> Exécuter en temps qu'administrateur)
* Laisse toi guider lors de l'installation (pense à cocher la case pour créer un raccourci sur le Bureau). Il se lancera automatiquement à la fin de l'installation.
* Clique sur l'icône représentant une loupe (« Lancer le diagnostic »)
* Enregistre le rapport sur ton Bureau à l'aide de l'icône représentant une disquette
* Rends toi sur [url=http://pjjoint.malekal.com/]ce site/url, clique sur "Parcourir", sélectionne le rapport de ZHPDiag et clique sur Envoyer le fichier. Patiente pendant l'envoi du fichier, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum.

@ +
0
Utilisateur anonyme
Modifié par fraci13 le 13/08/2012 à 18:48
désinstaller les programmes inutiles ! tu ne a BK !

1/
Copie tout le texte présent en gras ci-dessous ( tu le selectionnes avec ta souris / Clique droit dessus et choisis "copier" ou fait Ctrl+C

[MD5.00000000000000000000000000000000] [APT] [{6A205349-3DD0-41EE-809D-DA67256EE0C9}] (...) -- C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W0HCS833\zyngaIE_toolbar[1].exe (.not file.)
O43 - CFD: 11/12/2011 - 14:27:33 - [0,000] ----D C:\ProgramData\Symantec

FirewallRAZ
EmptyTemp
EmptyFlash


Puis Lance ZHPFix depuis le raccourci du bureau .

* Une fois l'outil ZHPFix ouvert , clique sur le bouton [ H ] ( "coller les lignes Helper" ) .

* Dans l'encadré principal tu verras donc les lignes que tu as copié précédemment apparaitrent .

Vérifie que toutes les lignes que je t'ai demandé de copier (et seulement elles) sont dans la fenêtre.

Clique sur le bouton GO

Copie/Colle le rapport à l'écran dans ton prochain message.
0
mimibuils31 Messages postés 5 Date d'inscription lundi 13 août 2012 Statut Membre Dernière intervention 13 août 2012
13 août 2012 à 21:25
Rapport de ZHPFix 1.2.07 par Nicolas Coolman, Update du 20/07/2012
Fichier d'export Registre : C:\ZHP\ZHPExportRegistry-13-08-2012-21-22-02.txt
Run by User at 13/08/2012 21:21:56
Windows Vista Home Premium Edition, 32-bit Service Pack 2 (Build 6002)
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html
Web site : http://nicolascoolman.skyrock.com/

========== Valeur(s) du Registre ==========
ABSENT Valeur Standard Profile: FirewallRaz :
ABSENT Valeur Domain Profile: FirewallRaz :
Aucune valeur présente dans la clé d'exception du registre (FirewallRaz)

========== Dossier(s) ==========
SUPPRIME Reboot Folder**: C:\ProgramData\Symantec
SUPPRIME Temporaires Windows:
SUPPRIME Flash Cookies:

========== Fichier(s) ==========
ABSENT Folder/File: c:\users\use 0000000] d-da67256ee0c9}] (...) -- c:\users\user\appdata\local\microsoft\windows\tempor
SUPPRIME Temporaires Windows:
SUPPRIME Flash Cookies:

========== Tache planifiée ==========
SUPPRIME Task: {6A205349-3DD0-41EE-809D-DA67256EE0C9}


========== Récapitulatif ==========
3 : Valeur(s) du Registre
3 : Dossier(s)
3 : Fichier(s)
1 : Tache planifiée


End of clean in 00mn 05s

========== Chemin de fichier rapport ==========
C:\ZHP\ZHPFix[R1].txt - 13/08/2012 21:21:56 [1193]
0
Réponse 3 / 4
mimibuils31 Messages postés 5 Date d'inscription lundi 13 août 2012 Statut Membre Dernière intervention 13 août 2012
13 août 2012 à 14:03
Voila le deuxième rapport.


Malwarebytes Anti-Malware (Essai) 1.62.0.1300
www.malwarebytes.org

Version de la base de données: v2012.08.13.02

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19272
User :: ACER [administrateur]

Protection: Activé

13/08/2012 11:16:02
mbam-log-2012-08-13 (11-16-02).txt

Type d'examen: Examen complet (C:\|D:\|)
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 359110
Temps écoulé: 1 heure(s), 27 minute(s), 45 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 1
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Aucune action effectuée.

Valeur(s) du Registre détectée(s): 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform|SRS_IT_E8790577B676545331AC91 (Malware.Trace) -> Données: -> Mis en quarantaine et supprimé avec succès.

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 8
C:\Program Files\Mozilla Firefox\extensions\{C91E1C68-B60A-4C9F-B53B-AAAEF0E7EF97} (Adware.QuestDns) -> Mis en quarantaine et supprimé avec succès.
C:\Program Files\Mozilla Firefox\extensions\{C91E1C68-B60A-4C9F-B53B-AAAEF0E7EF97}\chrome (Adware.QuestDns) -> Mis en quarantaine et supprimé avec succès.
C:\Program Files\Mozilla Firefox\extensions\{C91E1C68-B60A-4C9F-B53B-AAAEF0E7EF97}\defaults (Adware.QuestDns) -> Mis en quarantaine et supprimé avec succès.
C:\Program Files\Mozilla Firefox\extensions\{C91E1C68-B60A-4C9F-B53B-AAAEF0E7EF97}\defaults\preferences (Adware.QuestDns) -> Mis en quarantaine et supprimé avec succès.
C:\Users\User\Local Settings\Application Data\I Want This (Adware.GamePlayLab) -> Mis en quarantaine et supprimé avec succès.
C:\Users\User\Local Settings\Application Data\I Want This\Chrome (Adware.GamePlayLab) -> Mis en quarantaine et supprimé avec succès.
C:\Users\User\AppData\Local\I Want This (Adware.GamePlayLab) -> Mis en quarantaine et supprimé avec succès.
C:\Users\User\AppData\Local\I Want This\Chrome (Adware.GamePlayLab) -> Mis en quarantaine et supprimé avec succès.

Fichier(s) détecté(s): 6
C:\Program Files\Mozilla Firefox\extensions\{C91E1C68-B60A-4C9F-B53B-AAAEF0E7EF97}\chrome.manifest (Adware.QuestDns) -> Mis en quarantaine et supprimé avec succès.
C:\Program Files\Mozilla Firefox\extensions\{C91E1C68-B60A-4C9F-B53B-AAAEF0E7EF97}\install.rdf (Adware.QuestDns) -> Mis en quarantaine et supprimé avec succès.
C:\Program Files\Mozilla Firefox\extensions\{C91E1C68-B60A-4C9F-B53B-AAAEF0E7EF97}\chrome\questdns.jar (Adware.QuestDns) -> Mis en quarantaine et supprimé avec succès.
C:\Program Files\Mozilla Firefox\extensions\{C91E1C68-B60A-4C9F-B53B-AAAEF0E7EF97}\defaults\preferences\prefs.js (Adware.QuestDns) -> Mis en quarantaine et supprimé avec succès.
C:\Users\User\Local Settings\Application Data\I Want This\Chrome\I Want This.crx (Adware.GamePlayLab) -> Mis en quarantaine et supprimé avec succès.
C:\Users\User\AppData\Local\I Want This\Chrome\I Want This.crx (Adware.GamePlayLab) -> Mis en quarantaine et supprimé avec succès.

(fin)
0
Utilisateur anonyme
Modifié par fraci13 le 13/08/2012 à 14:09
ok J'attend le rapport ZHPDiag !

commet se comporta le PC ,?
0
Réponse 4 / 4
mimibuils31 Messages postés 5 Date d'inscription lundi 13 août 2012 Statut Membre Dernière intervention 13 août 2012
13 août 2012 à 14:59
le pc se comporte bien voila l'autre rapport mais je ne sais pas si j'ai fait la bonne manipulation .


Rapport de ZHPDiag v1.31.13 par Nicolas Coolman, Update du 31/07/2012
Run by User at 13/08/2012 14:15:04
Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html
Web site : http://nicolascoolman.skyrock.com/
State : Version à jour.


---\\ Web Browser
MSIE: Internet Explorer v

---\\ Windows Product Information
~ Langage: Français
Windows Vista Home Premium Edition, 32-bit Service Pack 2 (Build 6002)
Windows Server License Manager Script : OK
~ Vista, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 6CJ97
Windows License : OK
Windows Automatic Updates : OK

---\\ System Information
~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2037 MB (35% free)
System Restore: Inconnu (Unknown)
System drive C: has 60 GB (54%) free of 111 GB

---\\ Logged in mode
~ Computer Name: ACER
~ User Name: User
~ All Users Names: User, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\User\AppData\Roaming\
~ %Desktop% : D:\Desktop\
~ %Favorites% : D:\Favorites\
~ %LocalAppData% : C:\Users\User\AppData\Local\
~ %StartMenu% : C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 60 Go of 111 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 79 Go of 110 Go)
E:\ CD-ROM drive (Not Inserted)
G:\ Floppy drive, Flash card reader, USB Key (Not Inserted)



---\\ Security Center & Tools Informations
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyComputer: OK
[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK
~ Scan Security Center in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Explorateur Windows.) (.11/04/2009 - 23:27:38.) -- C:\Windows\Explorer.exe [2926592]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de démarrage de Windows.) (.21/01/2008 - 03:23:42.) -- C:\Windows\System32\Wininit.exe [96768]
[MD5.DEAF5B0677A6B864B8F4F41C127695DB] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.15/05/2012 - 07:37:49.) -- C:\Windows\System32\wininet.dll [916992]
[MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.11/04/2009 - 23:28:14.) -- C:\Windows\System32\Winlogon.exe [314368]
[MD5.3911B972B55FEA0478476B2E777B29FA] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.21/04/2011 - 14:58:27.) -- C:\Windows\system32\Drivers\AFD.sys [273408]
[MD5.1F05B78AB91C9075565A9D8A4B880BC4] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.11/04/2009 - 23:32:28.) -- C:\Windows\system32\Drivers\atapi.sys [19944]
[MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.21/01/2008 - 03:23:51.) -- C:\Windows\system32\Drivers\Cdfs.sys [70144]
[MD5.6B4BFFB9BECD728097024276430DB314] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.10/04/2009 - 21:39:18.) -- C:\Windows\system32\Drivers\Cdrom.sys [67072]
[MD5.622C41A07CA7E6DD91770F50D532CB6C] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 15:59:03.) -- C:\Windows\system32\Drivers\DfsC.sys [75264]
[MD5.062452B7FFD68C8C042A6261FE8DFF4A] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.10/04/2009 - 21:42:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [561152]
[MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - Pilote de port i8042.) (.21/01/2008 - 03:23:20.) -- C:\Windows\system32\Drivers\i8042prt.sys [54784]
[MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.21/01/2008 - 03:24:25.) -- C:\Windows\system32\Drivers\IpNat.sys [100864]
[MD5.1E94971C4B446AB2290DEB71D01CF0C2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 14:24:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [106496]
[MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] - (.Microsoft Corporation - MBT Transport driver.) (.10/04/2009 - 21:45:38.) -- C:\Windows\system32\Drivers\netBT.sys [185856]
[MD5.6A4A98CEE84CF9E99564510DDA4BAA47] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.11/04/2009 - 23:32:50.) -- C:\Windows\system32\Drivers\ntfs.sys [1083880]
[MD5.0FA9B5055484649D63C303FE404E5F4D] - (.Microsoft Corporation - Pilote de port parallèle.) (.02/11/2006 - 09:51:30.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/01/2008 - 03:24:55.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [76288]
[MD5.FBC0BACD9C3D7F6956853F64A66E252D] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/01/2008 - 03:23:01.) -- C:\Windows\system32\Drivers\rdpdr.sys [248832]
[MD5.7B75299A4D201D6A6533603D6914AB04] - (.Microsoft Corporation - SMB Transport driver.) (.10/04/2009 - 21:45:24.) -- C:\Windows\system32\Drivers\smb.sys [66560]
[MD5.76B06EB8A01FC8624D699E7045303E54] - (.Microsoft Corporation - TDI Translation Driver.) (.10/04/2009 - 21:45:58.) -- C:\Windows\system32\Drivers\tdx.sys [72192]
[MD5.147281C01FCB1DF9252DE2A10D5E7093] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.11/04/2009 - 23:32:56.) -- C:\Windows\system32\Drivers\volsnap.sys [226280]
~ Scan Generic Processes in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/3055
~ Mes musiques (My Musics) : 1/191
~ Mes Videos (My Videos) : 2/4
~ Mes Favoris (My Favorites) : 1/57
~ Mes Documents (My Documents) : 2/1742
~ Mon Bureau (My Desktop) : 1/121
~ Menu demarrer (Programs) : 1/41
~ Scan Hidden Files in 00mn 10s



---\\ Processus lancés
[MD5.866CD9A4BF30B79B3BEC2D4E2ED2F059] - (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Windows\RtHDVCpl.exe [4702208] [PID.3868]
[MD5.05CAC96E280B10EC432F9661AD73226F] - (.Egis Incorporated - Acer eDataSecurity Management Loader.) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe [525360] [PID.3876]
[MD5.B3E0C20A53D6A55590468B33AA9BC525] - (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [178712] [PID.3896]
[MD5.20F0D48EA1631579D84157658A59C5CD] - (.CyberLink - Notification tool for RealTek audio chip.) -- C:\Acer\Empowering Technology\eAudio\eAudio.exe [1286144] [PID.4008]
[MD5.5C33844FE593165193086033F4FCB096] - (.Alps Electric Co., Ltd. - Alps Pointing-device Driver.) -- C:\Program Files\Apoint2K\Apoint.exe [159744] [PID.4044]
[MD5.7F7B42B1BA42242116F5B277A063FE2E] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe [141848] [PID.4080]
[MD5.5F529FBB095CBC9F14BB1E97A7A6B547] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [166424] [PID.4092]
[MD5.D8A33AF26E4143F7A892009890BB6F64] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [133656] [PID.2060]
[MD5.C53545EEBCA33339313EEC5D00AEF648] - (.CyberLink Corp. - CyberLink PlayMovie Resident Program.) -- C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe [200704] [PID.2072]
[MD5.C0FD8553CECDE061AD3E7C1CC80C7EDB] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe [421160] [PID.2100]
[MD5.84DB35F319E5B67838A4877C11748866] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [462920] [PID.2180]
[MD5.734006A2DB2404138F2C1A2CB86D32EF] - (.Intel Corporation - igfxsrvc Module.) -- C:\Windows\system32\igfxsrvc.exe [256536] [PID.2892]
[MD5.BF08674925F151BD4537B89A493E3E0C] - (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehtray.exe [125952] [PID.2672]
[MD5.5D61BE7DB55B026A5D61A3EED09D0EAD] - (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408] [PID.]
[MD5.0B729DBAE22BCEACB1FA39B19748EBDC] - (.Microsoft Corporation - Voisinage immédiat.) -- C:\Windows\System32\p2phost.exe [192000] [PID.2684]
[MD5.AA04FCF6505766E177354E4E4CF5CFE1] - (.Orbiscom Ltd. All rights reserved. - ECBL Client.) -- C:\Program Files\e-Carte Bleue Banque Populaire\ecbl-nxbp.exe [278528] [PID.3344]
[MD5.C2688DA657F8881FE8162FB0773031A0] - (.WinZip Computing, S.L. - WinZip Executable.) -- C:\Program Files\WinZip\WZQKPICK32.exe [611144] [PID.1932]
[MD5.6109F4703DA86F81FA0C24493E5AAF24] - (.Acer Inc. - Acer eNet Tray.) -- C:\Acer\Empowering Technology\ENET\ENMTRAY.exe [761856] [PID.3952]
[MD5.0F4195B9B348DE5CF9B822F81704B20E] - (.Microsoft Corporation - Media Center Media Status Aggregator Servic.) -- C:\Windows\ehome\ehmsas.exe [37376] [PID.4060]
[MD5.5EF87457AB8A58694EBE35E55D093D04] - (.Realtek Semiconductor Corp. - Realtek HD Audio Data Rerouter.) -- C:\Users\User\AppData\Local\Temp\RtkBtMnt.exe [208896] [PID.1604]
[MD5.D96AA67C3F00F6D0AFFB0F79E73B7880] - (.Acer Inc. - Acer ePower Management DMC.) -- C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.exe [458752] [PID.4112]
[MD5.8D78BE3690DB07A2FD03D2A6B61E3DCD] - (.Alps Electric Co., Ltd. - Alps Pointing-device Driver for Windows NT/.) -- C:\Program Files\Apoint2K\Apntex.exe [49152] [PID.4184]
[MD5.9C9AAAE0527546B8A25D7BD6521675AA] - (.Acer Inc. - Acer Empowering Techonology Framework Launc.) -- C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.exe [323584] [PID.4220]
[MD5.AB3953395EDFABC2ACED5C3E43DDEE10] - (.Acer Inc. - eRecovery agent.) -- C:\Acer\Empowering Technology\eRecovery\ERAGENT.exe [393216] [PID.4256]
[MD5.8440F367180298301E4EE901EEDAACE1] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [1229848] [PID.5384]
[MD5.FCB13D9E3D55075C8FACA9CA3C55B263] - (...) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [3763200] [PID.5084]
[MD5.6080A176D09435FC8E6E800996656E18] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [69120] [PID.996]
~ Scan Processes Running in 00mn 02s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Preferences
G0 - GCSP: Preference [User Data\Default][HomePage] https://www.google.com/?gws_rd=ssl
G0 - GCSP: Preference [User Data\Default] https://www.google.com/?gws_rd=ssl
G1 - GCS: Preference [User Data\Default] None
~ Scan Google Browser in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
P2 - FPN:Firefox Plugin Navigator . (.Sun Microsystems, Inc. - NPRuntime Script Plug-in Library for Java(TM) Deploy.) -- C:\Program Files\Mozilla Firefox\Plugins\npdeployJava1.dll
P2 - FPN:Firefox Plugin Navigator . (.Microsoft Corporation - Office Plugin for Netscape Navigator.) -- C:\Program Files\Mozilla Firefox\Plugins\NPOFF12.DLL
P2 - FPN:Firefox Plugin Navigator . (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape "9.4.5".) -- C:\Program Files\Mozilla Firefox\Plugins\nppdf32.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin2.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin3.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin4.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin5.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin6.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin7.dll
P2 - FPN:Firefox Plugin Navigator . (.NOS Microsystems Ltd. - getplusplusadobe16291.) -- C:\Program Files\Mozilla Firefox\Plugins\np_gp.dll
P2 - FPN: [HKCU] [@Skype Limited.com/Facebook Video Calling Plugin] - (.Skype Limited - Facebook Video Calling Plugin.) -- C:\Users\User\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
P2 - FPN: [HKCU] [f4-group.com/F4WebPlugin] - (.F4 - F4 Web Plugin 0.2.20.) -- C:\Users\User\AppData\Roaming\F4\F4WebPlugin\npF4WebPlugin.dll
~ Scan Firefox Browser in 00mn 01s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.sfr.fr/
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.F4 - F4 Web Plugin 0.2.20.) (No version) -- (.not file.)
R3 - URLSearchHook: (no name) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} . (.F4 - F4 Web Plugin 0.2.20.) (No version) -- (.not file.)
R3 - URLSearchHook: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} . (.F4 - F4 Web Plugin 0.2.20.) (No version) -- (.not file.)
~ Scan IE Browser in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Scan Proxy management in 00mn 00s



---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Scan Hosts File in 00mn 00s
~ Nombre de lignes (Lines number): 20



---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [ccleaner] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\ccleaner.exe
O4 - HKCU\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Companion] . (.Sony Ericsson - Sony Ericsson PC Companion.) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
O4 - HKCU\..\Run: [CollaborationHost] . (.Microsoft Corporation - Voisinage immédiat.) -- C:\Windows\system32\p2phost.exe
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Application de configuration du service Par.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-21-3892284054-1420423189-2602620107-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-21-3892284054-1420423189-2602620107-1000\..\Run: [ccleaner] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\ccleaner.exe
O4 - HKUS\S-1-5-21-3892284054-1420423189-2602620107-1000\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-21-3892284054-1420423189-2602620107-1000\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-3892284054-1420423189-2602620107-1000\..\Run: [Sony Ericsson PC Companion] . (.Sony Ericsson - Sony Ericsson PC Companion.) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
O4 - HKUS\S-1-5-21-3892284054-1420423189-2602620107-1000\..\Run: [CollaborationHost] . (.Microsoft Corporation - Voisinage immédiat.) -- C:\Windows\system32\p2phost.exe
O4 - HKUS\S-1-5-21-3892284054-1420423189-2602620107-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-21-3892284054-1420423189-2602620107-1000\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Application de configuration du service Par.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe
~ Scan Application in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - Global Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Mail\WinMail.exe
O4 - Global Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - Global Startup: C:\Users\User\Desktop\Acer GameZone Online.lnk - Clé orpheline
O4 - Global Startup: C:\Users\User\Desktop\Dofus 2.lnk . (...) -- C:\Program Files\Dofus 2\app\UpLauncher.exe (.not file.)
O4 - Global Startup: C:\Users\User\Desktop\Jeux sur Orange.fr.lnk - Clé orpheline
O4 - Global Startup: C:\Users\User\Desktop\PhotoFiltre 7.lnk . (.Antonio Da Cruz.) -- C:\Program Files\PhotoFiltre 7\PhotoFiltre7.exe
O4 - Global Startup: C:\Users\User\Desktop\SWF & FLV Player.lnk . (...) -- C:\Program Files\Eltima Software\SWF & FLV Player\swf_player.exe (.not file.)
O4 - Global Startup: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\e-Carte Bleue Banque Populaire.lnk . (.Orbiscom Ltd. All rights reserved..) -- C:\Program Files\e-Carte Bleue Banque Populaire\ecbl-nxbp.exe
O4 - Global Startup: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk . (.Google Inc..) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - Global Startup: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\monAlbumPhoto.lnk . (.monAlbumPhoto.) -- C:\Program Files\monAlbumPhoto\monAlbumPhoto.exe
O4 - Global Startup: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Media Player\wmplayer.exe
~ Scan Global Startup in 00mn 00s



---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
O8 - Extra context menu item: E&xporter vers Microsoft Excel . (.Microsoft Corporation - Microsoft Office Excel.) -- C:\Program Files\MICROS~2\Office12\EXCEL.exe
~ Scan IE Menu Contextuel in 00mn 00s



---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(...) - C:\Program Files\Microsoft Office\Office\WINWORD.exe (.not file.)
O24 - Desktop General: BackupWallPaper - .(...) - C:\Windows\Web\Wallpaper\img34.jpg
O24 - Desktop General: WallPaper - .(...) - C:\Windows\Web\Wallpaper\img34.jpg
~ Scan Desktop Component in 00mn 00s



---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Adobe Flash Player Updater.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3892284054-1420423189-2602620107-1000Core.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3892284054-1420423189-2602620107-1000UA.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\User_Feed_Synchronization-{A112556B-3DF7-4E4E-8143-FF31EA6055DE}.job
[MD5.9EB925EDC8CF1C3D06E50E9348B54A0A] [APT] [FacebookUpdateTaskUserS-1-5-21-3892284054-1420423189-2602620107-1000Core] (.Facebook Inc..) -- C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe
[MD5.9EB925EDC8CF1C3D06E50E9348B54A0A] [APT] [FacebookUpdateTaskUserS-1-5-21-3892284054-1420423189-2602620107-1000UA] (.Facebook Inc..) -- C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe
[MD5.07C3A68C0D105B31EBA80FE363E7ED82] [APT] [{09081CD0-6F2B-4D29-A574-A4A4F770C64C}] (...) -- D:\Desktop\OOo_3.2.0_Win32Intel_install_wJRE_fr.exe
[MD5.18710A96C1B08C9CD91872B746F8A647] [APT] [{3BDB6638-1100-405D-9592-A60B75A73928}] (.LG Electronics.) -- D:\Downloads\LGUSBModemDriver_Eng_WHQL_Ver_4.9.4_All.exe
[MD5.18710A96C1B08C9CD91872B746F8A647] [APT] [{48EB4808-1477-4ACC-AC19-45869BC0D70A}] (.LG Electronics.) -- D:\Downloads\LGUSBModemDriver_Eng_WHQL_Ver_4.9.4_All(3).exe
[MD5.00000000000000000000000000000000] [APT] [{6A205349-3DD0-41EE-809D-DA67256EE0C9}] (...) -- C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W0HCS833\zyngaIE_toolbar[1].exe (.not file.)
[MD5.187E0D2AB859AD03393DDD731076BE81] [APT] [AppleSoftwareUpdate] (.Apple Inc..) -- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
~ Scan Scheduled Task in 00mn 16s



---\\ Composants installés (ActiveSetup Installed Components) (O40) (None)

---\\ Logiciels installés (O42)
O42 - Logiciel: PhotoFiltre 7 - (.Pas de propriétaire.) [HKCU] -- PhotoFiltre 7

---\\ HKCU & HKLM Software Keys
[HKCU\Software\AC3Filter]
[HKCU\Software\Acer]
[HKCU\Software\Adobe]
[HKCU\Software\Alps]
[HKCU\Software\AppDataLow\Software\Adobe]
[HKCU\Software\AppDataLow\Software\Crossrider]
[HKCU\Software\AppDataLow\Software\Macromedia]
[HKCU\Software\AppDataLow\Software\Microsoft]
[HKCU\Software\AppDataLow\Software\Monitored]
[HKCU\Software\AppDataLow\Software\Yahoo]
[HKCU\Software\AppDataLow\Software\settings]
[HKCU\Software\AppDataLow\Software]
[HKCU\Software\AppDataLow]
[HKCU\Software\Apple Computer, Inc.]
[HKCU\Software\Apple Inc.]
[HKCU\Software\ApplianTechnologies]
[HKCU\Software\Artogon]
[HKCU\Software\Astar Games]
[HKCU\Software\BVRP Software]
[HKCU\Software\Big Fish Games, Inc.]
[HKCU\Software\Big Fish Games]
[HKCU\Software\Binary Noise]
[HKCU\Software\Boolat Games]
[HKCU\Software\CDDB]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\Codeminion]
[HKCU\Software\Compal]
[HKCU\Software\Cyberlink]
[HKCU\Software\DivXNetworks]
[HKCU\Software\EPSON]
[HKCU\Software\ESET]
[HKCU\Software\F4]
[HKCU\Software\Facebook]
[HKCU\Software\Farm Mania]
[HKCU\Software\FindHiddenObjects.com]
[HKCU\Software\Foxit Software]
[HKCU\Software\Fugazo]
[HKCU\Software\GNU]
[HKCU\Software\GOG]
[HKCU\Software\Gabest]
[HKCU\Software\Gestalt Games]
[HKCU\Software\Good games]
[HKCU\Software\Google]
[HKCU\Software\Haali]
[HKCU\Software\IM Providers]
[HKCU\Software\IZSoftware]
[HKCU\Software\Intel]
[HKCU\Software\IronCode]
[HKCU\Software\JEDI-VCL]
[HKCU\Software\JavaSoft]
[HKCU\Software\JollyBear]
[HKCU\Software\Komar Games]
[HKCU\Software\LG Electronics Inc]
[HKCU\Software\Lazy Turtle Games]
[HKCU\Software\Local AppWizard-Generated Applications]
[HKCU\Software\MAP-DN]
[HKCU\Software\Macromedia]
[HKCU\Software\Macrovision]
[HKCU\Software\MagiciansHandbook2ReleaseV1.3]
[HKCU\Software\MagiciansHandbookCursedValley]
[HKCU\Software\Malwarebytes' Anti-Malware]
[HKCU\Software\MatchWare]
[HKCU\Software\Meridian93]
[HKCU\Software\Monitored]
[HKCU\Software\MozillaPlugins]
[HKCU\Software\Netscape]
[HKCU\Software\Nico Mak Computing]
[HKCU\Software\Northcode Inc]
[HKCU\Software\ODBC]
[HKCU\Software\Oberon Media]
[HKCU\Software\Oberon]
[HKCU\Software\OpenOffice.org]
[HKCU\Software\Opendisc]
[HKCU\Software\Piriform]
[HKCU\Software\Policies]
[HKCU\Software\RealNetworks]
[HKCU\Software\Realtek]
[HKCU\Software\RegisteredApplications]
[HKCU\Software\Royal Philips]
[HKCU\Software\Sahmon Games]
[HKCU\Software\Satsuki Decoder Pack]
[HKCU\Software\SecuROM]
[HKCU\Software\SkypeRS]
[HKCU\Software\Skype]
[HKCU\Software\Sony Corporation]
[HKCU\Software\Sony Ericsson]
[HKCU\Software\SpecialBit Games]
[HKCU\Software\SubSystems]
[HKCU\Software\Test3D]
[HKCU\Software\VB and VBA Program Settings]
[HKCU\Software\ValuSoft]
[HKCU\Software\WendigoStudios]
[HKCU\Software\WinRAR SFX]
[HKCU\Software\WinZip Computing]
[HKCU\Software\YahooPartnerToolbar]
[HKCU\Software\Yahoo]
[HKCU\Software\Zwick GmbH & Co.]
[HKCU\Software\Zylom]
[HKCU\Software\ej-technologies]
[HKCU\Software\monAlbumPhoto]
[HKCU\Software\settings]
[HKCU\Software\toolbar]
~ Scan Softwares in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 06/03/2010 - 11:43:58 - [0,330] ----D C:\Program Files\Acer
O43 - CFD: 06/03/2010 - 11:42:49 - [386,285] ----D C:\Program Files\Acer Arcade Deluxe
O43 - CFD: 06/03/2010 - 10:24:51 - [1,417] ----D C:\Program Files\ACER CrystalEye webcam
O43 - CFD: 08/11/2011 - 11:36:47 - [244,620] ----D C:\Program Files\Acer GameZone
O43 - CFD: 27/01/2012 - 14:53:02 - [1,298] ----D C:\Program Files\Acer Inc
O43 - CFD: 19/03/2008 - 07:20:52 - [12,096] ----D C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
O43 - CFD: 03/03/2012 - 19:57:10 - [109,828] ----D C:\Program Files\Adobe
O43 - CFD: 06/03/2010 - 11:45:38 - [10,908] ----D C:\Program Files\Apoint2K
O43 - CFD: 24/11/2010 - 18:13:42 - [2,200] ----D C:\Program Files\Apple Software Update
O43 - CFD: 18/03/2008 - 14:20:39 - [9,147] ----D C:\Program Files\Big Kahuna Reef
O43 - CFD: 05/05/2011 - 08:45:59 - [0,592] ----D C:\Program Files\Bonjour
O43 - CFD: 06/03/2010 - 13:07:29 - [2,716] ----D C:\Program Files\CCleaner
O43 - CFD: 23/02/2012 - 19:55:37 - [686,240] ----D C:\Program Files\Common Files
O43 - CFD: 18/03/2008 - 13:33:58 - [1,016] ----D C:\Program Files\CONEXANT
O43 - CFD: 18/03/2008 - 13:58:48 - [279,880] ----D C:\Program Files\CyberLink
O43 - CFD: 24/04/2011 - 19:44:13 - [6,019] ----D C:\Program Files\Datel
O43 - CFD: 15/10/2010 - 16:16:16 - [0,468] ----D C:\Program Files\e-Carte Bleue Banque Populaire
O43 - CFD: 27/01/2012 - 14:55:23 - [0,000] ----D C:\Program Files\EBP
O43 - CFD: 25/04/2012 - 13:16:51 - [345,331] ----D C:\Program Files\Google
O43 - CFD: 09/12/2011 - 08:25:49 - [134,947] ----D C:\Program Files\InstallShield Installation Information
O43 - CFD: 06/03/2010 - 10:25:02 - [7,844] ----D C:\Program Files\Intel
O43 - CFD: 15/06/2012 - 03:27:17 - [5,530] ----D C:\Program Files\Internet Explorer
O43 - CFD: 05/05/2011 - 08:55:31 - [1,771] ----D C:\Program Files\iPod
O43 - CFD: 05/05/2011 - 08:57:15 - [122,258] ----D C:\Program Files\iTunes
O43 - CFD: 24/10/2011 - 13:37:45 - [173,688] ----D C:\Program Files\Java
O43 - CFD: 02/06/2010 - 19:47:30 - [15,502] ----D C:\Program Files\JRE
O43 - CFD: 06/03/2010 - 11:40:17 - [2,273] ----D C:\Program Files\Launch Manager
O43 - CFD: 30/04/2010 - 23:16:32 - [1,011] ----D C:\Program Files\LG Electronics
O43 - CFD: 01/05/2010 - 06:35:22 - [148,708] ----D C:\Program Files\LG PC Suite 2
O43 - CFD: 27/01/2012 - 14:53:07 - [134,086] ----D C:\Program Files\Macabre Mysteries - La Malediction du Theatre Nightingale Edition Collector
O43 - CFD: 13/08/2012 - 11:15:05 - [11,801] ----D C:\Program Files\Malwarebytes' Anti-Malware
O43 - CFD: 11/11/2010 - 21:01:14 - [256,459] ----D C:\Program Files\MatchWare
O43 - CFD: 02/11/2006 - 14:37:34 - [89,117] ----D C:\Program Files\Microsoft Games
O43 - CFD: 27/01/2012 - 14:53:01 - [591,490] ----D C:\Program Files\Microsoft Office
O43 - CFD: 02/05/2012 - 03:03:09 - [19,508] ----D C:\Program Files\Microsoft Security Client
O43 - CFD: 16/05/2012 - 06:58:00 - [40,838] ----D C:\Program Files\Microsoft Silverlight
O43 - CFD: 07/09/2010 - 21:26:18 - [0,014] ----D C:\Program Files\Microsoft Visual Studio
O43 - CFD: 09/09/2010 - 05:17:07 - [144,853] ----D C:\Program Files\Microsoft Works
O43 - CFD: 07/09/2010 - 14:07:08 - [7,789] ----D C:\Program Files\Microsoft.NET
O43 - CFD: 28/09/2011 - 08:20:10 - [87,525] ----D C:\Program Files\monAlbumPhoto
O43 - CFD: 12/08/2010 - 09:52:09 - [94,740] ----D C:\Program Files\Movie Maker
O43 - CFD: 27/01/2012 - 14:50:10 - [1,726] ----D C:\Program Files\Mozilla Firefox
O43 - CFD: 02/11/2006 - 14:37:34 - [0,025] ----D C:\Program Files\MSBuild
O43 - CFD: 06/03/2010 - 13:05:32 - [26,600] ----D C:\Program Files\MSECache
O43 - CFD: 18/03/2008 - 13:43:46 - [46,688] ----D C:\Program Files\NewTech Infosystems
O43 - CFD: 08/11/2010 - 10:23:16 - [0,409] ----D C:\Program Files\NOS
O43 - CFD: 31/10/2011 - 21:52:45 - [0,159] ----D C:\Program Files\Oberon Media
O43 - CFD: 02/06/2010 - 19:49:03 - [366,610] ----D C:\Program Files\OpenOffice.org 3
O43 - CFD: 17/03/2012 - 20:22:37 - [7,801] ----D C:\Program Files\PhotoFiltre 7
O43 - CFD: 27/01/2012 - 14:53:01 - [72,787] ----D C:\Program Files\QuickTime
O43 - CFD: 22/04/2012 - 16:26:32 - [0,000] ----D C:\Program Files\Raptr
O43 - CFD: 18/03/2008 - 13:27:19 - [15,414] ----D C:\Program Files\Realtek
O43 - CFD: 02/11/2006 - 14:37:34 - [36,906] ----D C:\Program Files\Reference Assemblies
O43 - CFD: 06/03/2010 - 13:06:27 - [48,814] ----D C:\Program Files\Satsuki Decoder Pack
O43 - CFD: 01/12/2010 - 09:34:37 - [78,135] ----D C:\Program Files\Sony
O43 - CFD: 10/07/2011 - 21:23:20 - [70,686] ----D C:\Program Files\Sony Ericsson
O43 - CFD: 01/12/2010 - 09:34:35 - [70,571] ----D C:\Program Files\Sony Media Go Install
O43 - CFD: 06/06/2011 - 22:42:06 - [80,346] ----D C:\Program Files\VideoLAN
O43 - CFD: 06/03/2010 - 12:26:54 - [0,970] ----D C:\Program Files\Windows Calendar
O43 - CFD: 06/03/2010 - 12:26:51 - [2,610] ----D C:\Program Files\Windows Collaboration
O43 - CFD: 06/03/2010 - 12:26:44 - [4,283] ----D C:\Program Files\Windows Defender
O43 - CFD: 13/05/2012 - 20:43:13 - [6,757] ----D C:\Program Files\Windows Journal
O43 - CFD: 01/04/2011 - 07:12:29 - [71,941] ----D C:\Program Files\Windows Live
O43 - CFD: 13/04/2012 - 03:02:20 - [8,694] ----D C:\Program Files\Windows Mail
O43 - CFD: 27/01/2012 - 14:53:01 - [4,290] ----D C:\Program Files\Windows Media Player
O43 - CFD: 27/01/2012 - 14:53:01 - [7,589] ----D C:\Program Files\Windows NT
O43 - CFD: 06/03/2010 - 12:26:49 - [12,902] ----D C:\Program Files\Windows Photo Gallery
O43 - CFD: 06/03/2010 - 16:01:10 - [0,128] ----D C:\Program Files\Windows Portable Devices
O43 - CFD: 22/04/2012 - 15:59:29 - [7,658] ----D C:\Program Files\Windows Sidebar
O43 - CFD: 22/04/2012 - 15:59:44 - [107,579] ----D C:\Program Files\WinZip
O43 - CFD: 13/08/2012 - 14:15:59 - [12,789] ----D C:\Program Files\ZHPDiag
O43 - CFD: 03/03/2012 - 19:57:14 - [6,178] ----D C:\Program Files\Common Files\Adobe
O43 - CFD: 17/11/2010 - 09:40:20 - [29,398] ----D C:\Program Files\Common Files\Adobe AIR
O43 - CFD: 05/05/2011 - 08:55:28 - [87,501] ----D C:\Program Files\Common Files\Apple
O43 - CFD: 19/05/2010 - 19:44:24 - [0,082] ----D C:\Program Files\Common Files\Designer
O43 - CFD: 18/03/2008 - 13:58:41 - [7,841] ----D C:\Program Files\Common Files\InstallShield
O43 - CFD: 24/10/2011 - 13:38:20 - [1,201] ----D C:\Program Files\Common Files\Java
O43 - CFD: 18/03/2008 - 13:43:21 - [6,846] ----D C:\Program Files\Common Files\LightScribe
O43 - CFD: 21/03/2012 - 04:04:53 - [443,364] ----D C:\Program Files\Common Files\microsoft shared
O43 - CFD: 18/03/2008 - 13:42:59 - [9,257] ----D C:\Program Files\Common Files\muvee Technologies
O43 - CFD: 18/03/2008 - 13:43:57 - [2,141] ----D C:\Program Files\Common Files\NewTech Infosystems
O43 - CFD: 08/05/2010 - 20:02:31 - [0,338] ----D C:\Program Files\Common Files\Oberon Media
O43 - CFD: 02/11/2006 - 13:18:33 - [0,003] ----D C:\Program Files\Common Files\Services
O43 - CFD: 06/03/2010 - 10:24:56 - [4,597] ----D C:\Program Files\Common Files\snp2uvc
O43 - CFD: 01/12/2010 - 09:35:09 - [0,326] ----D C:\Program Files\Common Files\Sony Shared
O43 - CFD: 02/11/2006 - 13:18:33 - [39,198] ----D C:\Program Files\Common Files\SpeechEngines
O43 - CFD: 10/11/2011 - 04:19:39 - [47,971] ----D C:\Program Files\Common Files\System
O43 - CFD: 06/03/2010 - 12:51:09 - [0] ----D C:\Program Files\Common Files\Windows Live
O43 - CFD: 26/03/2010 - 09:38:37 - [111,778] ----D C:\ProgramData\1912 Titanic Mystery
O43 - CFD: 18/03/2008 - 14:20:58 - [0,015] ----D C:\ProgramData\Acer GameZone Console
O43 - CFD: 03/03/2012 - 19:57:19 - [124,936] ----D C:\ProgramData\Adobe
O43 - CFD: 06/11/2011 - 11:42:01 - [0,428] ----D C:\ProgramData\Alawar Stargaze
O43 - CFD: 30/09/2011 - 19:06:29 - [347,764] ----D C:\ProgramData\albumphoto
O43 - CFD: 24/11/2010 - 18:11:37 - [53,387] ----D C:\ProgramData\Apple
O43 - CFD: 05/05/2011 - 08:55:26 - [63,708] ----D C:\ProgramData\Apple Computer
O43 - CFD: 02/11/2006 - 15:02:03 - [0] --H-D C:\ProgramData\Application Data
O43 - CFD: 19/08/2010 - 20:56:25 - [28,434] ----D C:\ProgramData\Astar Games
O43 - CFD: 15/06/2010 - 14:46:13 - [45,755] ----D C:\ProgramData\BC Soft Games
O43 - CFD: 27/06/2012 - 14:31:58 - [0] ----D C:\ProgramData\Big Fish Games
O43 - CFD: 06/03/2010 - 11:33:31 - [0] --H-D C:\ProgramData\Bureau
O43 - CFD: 20/04/2011 - 18:51:38 - [0] ----D C:\ProgramData\Column of the Maya
O43 - CFD: 22/11/2011 - 08:37:57 - [0,051] ----D C:\ProgramData\CrioGames
O43 - CFD: 06/03/2010 - 11:53:26 - [0,004] ----D C:\ProgramData\CyberLink
O43 - CFD: 29/10/2010 - 12:36:47 - [0] ----D C:\ProgramData\Deadtime Stories
O43 - CFD: 02/11/2006 - 15:02:03 - [0] --H-D C:\ProgramData\Desktop
O43 - CFD: 02/11/2006 - 15:02:03 - [0] --H-D C:\ProgramData\Documents
O43 - CFD: 27/01/2012 - 14:55:23 - [0,000] ----D C:\ProgramData\EBP
O43 - CFD: 26/03/2010 - 13:05:38 - [0,014] ----D C:\ProgramData\EdensQuest
O43 - CFD: 16/11/2011 - 20:38:26 - [0] ----D C:\ProgramData\Elephant Games
O43 - CFD: 28/03/2010 - 18:08:43 - [0,304] ----D C:\ProgramData\EPSON
O43 - CFD: 06/03/2010 - 12:49:33 - [0,118] ----D C:\ProgramData\ESET
O43 - CFD: 15/11/2010 - 12:51:47 - [0,299] ----D C:\ProgramData\Farm Fishes
O43 - CFD: 22/11/2011 - 13:50:02 - [0,035] ----D C:\ProgramData\FarmFrenzy3_Arctica
O43 - CFD: 05/10/2010 - 15:54:55 - [0,000] ----D C:\ProgramData\FarmFrenzy3_Madagascar
O43 - CFD: 13/06/2010 - 10:42:15 - [0,273] ----D C:\ProgramData\FarmFrenzy3_Russia
O43 - CFD: 01/03/2011 - 18:00:49 - [0,032] ----D C:\ProgramData\FarmFrenzy_Rome
O43 - CFD: 06/03/2010 - 11:33:31 - [0] --H-D C:\ProgramData\Favoris
O43 - CFD: 02/11/2006 - 15:02:03 - [0] --H-D C:\ProgramData\Favorites
O43 - CFD: 15/06/2010 - 14:25:00 - [0] ----D C:\ProgramData\Flood Light Games
O43 - CFD: 18/03/2008 - 14:09:24 - [0] ----D C:\ProgramData\FloodLightGames
O43 - CFD: 28/06/2010 - 10:32:09 - [2,782] ----D C:\ProgramData\freshgames
O43 - CFD: 02/03/2011 - 14:52:40 - [21,391] ----D C:\ProgramData\Fugazo
O43 - CFD: 16/10/2010 - 18:37:40 - [0,011] ----D C:\ProgramData\Funny Bear Studio
O43 - CFD: 22/10/2010 - 12:46:47 - [0,514] ----D C:\ProgramData\Google
O43 - CFD: 26/04/2010 - 13:56:34 - [0,014] ----D C:\ProgramData\HideAndSecret3
O43 - CFD: 25/04/2010 - 11:10:58 - [0,012] ----D C:\ProgramData\HoverBee Studios
O43 - CFD: 26/03/2010 - 11:51:27 - [0,626] ----D C:\ProgramData\incredible express
O43 - CFD: 05/05/2010 - 17:22:35 - [75,533] ----D C:\ProgramData\IronCode
O43 - CFD: 19/10/2011 - 17:21:20 - [0,005] ----D C:\ProgramData\JollyBear
O43 - CFD: 13/08/2012 - 11:12:27 - [17,717] ----D C:\ProgramData\Malwarebytes
O43 - CFD: 07/03/2010 - 02:18:20 - [0,345] ----D C:\ProgramData\McAfee
O43 - CFD: 06/12/2011 - 12:42:31 - [0] ----D C:\ProgramData\MediaArt
O43 - CFD: 06/03/2010 - 11:33:31 - [0] --H-D C:\ProgramData\Menu Démarrer
O43 - CFD: 19/03/2010 - 08:27:49 - [39,582] ----D C:\ProgramData\Meridian93
O43 - CFD: 07/07/2010 - 10:43:29 - [0] ----D C:\ProgramData\Merscom
O43 - CFD: 22/04/2011 - 18:09:07 - [32,429] -S--D C:\ProgramData\Microsoft
O43 - CFD: 03/08/2012 - 03:06:54 - [0,063] ----D C:\ProgramData\Microsoft Help
O43 - CFD: 06/03/2010 - 11:33:31 - [0] --H-D C:\ProgramData\Modèles
O43 - CFD: 18/06/2011 - 18:11:26 - [0,003] ----D C:\ProgramData\MonteCristo
O43 - CFD: 07/04/2011 - 10:59:36 - [0,646] ----D C:\ProgramData\MumboJumbo
O43 - CFD: 08/09/2010 - 20:12:49 - [0,000] ----D C:\ProgramData\mwas
O43 - CFD: 16/12/2011 - 08:49:52 - [0,000] ----D C:\ProgramData\Norton
O43 - CFD: 04/07/2010 - 19:10:11 - [0,835] ----D C:\ProgramData\NortonInstaller
O43 - CFD: 17/11/2010 - 09:50:29 - [0,304] ----D C:\ProgramData\NOS
O43 - CFD: 30/05/2010 - 21:25:37 - [41,879] ----D C:\ProgramData\Oberon Media
O43 - CFD: 20/11/2011 - 14:59:43 - [0,133] ----D C:\ProgramData\Particles
O43 - CFD: 28/11/2011 - 22:26:49 - [0] ----D C:\ProgramData\PlayFirst
O43 - CFD: 27/04/2010 - 19:12:35 - [0,021] ----D C:\ProgramData\Playrix Entertainment
O43 - CFD: 26/03/2010 - 11:51:37 - [0] ----D C:\ProgramData\PoBros
O43 - CFD: 10/03/2010 - 11:50:13 - [0,026] ----D C:\ProgramData\rionix
O43 - CFD: 06/03/2010 - 12:44:45 - [0,000] ----D C:\ProgramData\SiteAdvisor
O43 - CFD: 23/02/2012 - 19:55:37 - [41,961] ----D C:\ProgramData\Skype
O43 - CFD: 01/12/2010 - 09:23:42 - [0] ----D C:\ProgramData\Sony Corporation
O43 - CFD: 10/07/2011 - 21:23:48 - [2,201] ----D C:\ProgramData\Sony Ericsson
O43 - CFD: 17/03/2010 - 10:54:28 - [16,743] ----D C:\ProgramData\SpecialBit Games
O43 - CFD: 23/03/2010 - 09:28:49 - [0,021] ----D C:\ProgramData\SpinTop Games
O43 - CFD: 02/11/2006 - 15:02:03 - [0] --H-D C:\ProgramData\Start Menu
O43 - CFD: 07/12/2011 - 14:25:35 - [0] ----D C:\ProgramData\SulusGames
O43 - CFD: 02/04/2010 - 07:55:32 - [0,000] ----D C:\ProgramData\Sun
O43 - CFD: 11/12/2011 - 14:27:33 - [0,000] ----D C:\ProgramData\Symantec
O43 - CFD: 10/12/2011 - 11:12:32 - [0] ---AD C:\ProgramData\TEMP
O43 - CFD: 02/11/2006 - 15:02:04 - [0] --H-D C:\ProgramData\Templates
O43 - CFD: 18/03/2010 - 11:40:49 - [0,002] ----D C:\ProgramData\The Mirror Mysteries
O43 - CFD: 17/03/2010 - 10:44:55 - [4,346] ----D C:\ProgramData\VisualShape
O43 - CFD: 27/10/2011 - 21:38:25 - [0] ----D C:\ProgramData\WindowsSearch
O43 - CFD: 22/04/2012 - 15:59:34 - [2,302] ----D C:\ProgramData\WinZip
O43 - CFD: 19/03/2008 - 07:20:52 - [6,585] ----D C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
O43 - CFD: 24/11/2010 - 18:16:26 - [0] ----D C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
O43 - CFD: 20/04/2012 - 17:09:20 - [0,088] -SH-D C:\Users\User\AppData\Roaming\.#
O43 - CFD: 14/03/2010 - 22:31:56 - [0,114] ----D C:\Users\User\AppData\Roaming\1morebee
O43 - CFD: 18/03/2008 - 14:20:58 - [0,120] ----D C:\Users\User\AppData\Roaming\Acer GameZone Console
O43 - CFD: 13/10/2010 - 19:26:46 - [14,529] ----D C:\Users\User\AppData\Roaming\Adobe
O43 - CFD: 06/11/2011 - 11:42:01 - [0,330] ----D C:\Users\User\AppData\Roaming\Alawar Stargaze
O43 - CFD: 22/03/2010 - 10:42:39 - [0,000] ----D C:\Users\User\AppData\Roaming\Ancient Quest of Saqqarah__oberon
O43 - CFD: 13/10/2010 - 21:04:39 - [0,004] ----D C:\Users\User\AppData\Roaming\app
O43 - CFD: 24/11/2010 - 20:21:50 - [0,230] ----D C:\Users\User\AppData\Roaming\Apple Computer
O43 - CFD: 21/10/2011 - 10:50:06 - [0,285] ----D C:\Users\User\AppData\Roaming\Artifex Mundi
O43 - CFD: 20/10/2011 - 08:54:04 - [0,669] ----D C:\Users\User\AppData\Roaming\Artogon
O43 - CFD: 11/03/2011 - 09:17:01 - [0,168] ----D C:\Users\User\AppData\Roaming\Awem
O43 - CFD: 10/11/2011 - 14:18:32 - [0,002] ----D C:\Users\User\AppData\Roaming\Az-Art
O43 - CFD: 11/05/2012 - 08:21:44 - [10,585] ----D C:\Users\User\AppData\Roaming\Azureus
O43 - CFD: 22/11/2011 - 21:47:23 - [34,936] ----D C:\Users\User\AppData\Roaming\Big Fish Games
O43 - CFD: 19/11/2011 - 08:37:37 - [0,016] ----D C:\Users\User\AppData\Roaming\BlamGames
O43 - CFD: 31/01/2011 - 13:30:30 - [0,001] ----D C:\Users\User\AppData\Roaming\Boolat Games
O43 - CFD: 20/10/2011 - 18:35:05 - [1,976] ----D C:\Users\User\AppData\Roaming\Boomzap
O43 - CFD: 29/11/2011 - 08:51:52 - [0,017] ----D C:\Users\User\AppData\Roaming\Casual Box
O43 - CFD: 20/04/2011 - 18:51:38 - [1,517] ----D C:\Users\User\AppData\Roaming\Column of the Maya
O43 - CFD: 12/11/2011 - 19:57:53 - [0,013] ----D C:\Users\User\AppData\Roaming\CursedOnboard
O43 - CFD: 25/03/2010 - 05:56:03 - [0] ----D C:\Users\User\AppData\Roaming\CyberLink
O43 - CFD: 06/12/2011 - 22:02:00 - [0,017] ----D C:\Users\User\AppData\Roaming\DailyMagic
O43 - CFD: 06/11/2011 - 23:01:34 - [0,574] ----D C:\Users\User\AppData\Roaming\DarkParablesBriarRose_BFG_SE
O43 - CFD: 08/11/2010 - 15:36:02 - [30,849] ----D C:\Users\User\AppData\Roaming\Dofus 2
O43 - CFD: 13/10/2010 - 21:04:33 - [0] ----D C:\Users\User\AppData\Roaming\Dofus-2.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
O43 - CFD: 16/10/2010 - 09:45:36 - [0] ----D C:\Users\User\AppData\Roaming\Dofus-3.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
O43 - CFD: 14/10/2010 - 06:42:41 - [0] ----D C:\Users\User\AppData\Roaming\Dofus.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
O43 - CFD: 24/09/2010 - 13:22:09 - [0,046] ----D C:\Users\User\AppData\Roaming\Dragon Altar Games
O43 - CFD: 25/02/2012 - 11:33:09 - [0] ----D C:\Users\User\AppData\Roaming\dvdcss
O43 - CFD: 25/01/2012 - 14:06:00 - [0,000] ----D C:\Users\User\AppData\Roaming\EBP
O43 - CFD: 16/11/2011 - 20:38:26 - [3,540] ----D C:\Users\User\AppData\Roaming\Elephant Games
O43 - CFD: 11/11/2010 - 21:02:00 - [0] ----D C:\Users\User\AppData\Roaming\Eltima Software
O43 - CFD: 28/03/2011 - 08:05:58 - [0,352] ----D C:\Users\User\AppData\Roaming\Enki Games
O43 - CFD: 26/01/2011 - 19:10:33 - [0,332] ----D C:\Users\User\AppData\Roaming\ERS G-Studio
O43 - CFD: 21/03/2010 - 22:08:06 - [0,001] ----D C:\Users\User\AppData\Roaming\EscapeTheMuseum2
O43 - CFD: 13/06/2012 - 19:17:41 - [7,606] ----D C:\Users\User\AppData\Roaming\F4
O43 - CFD: 25/04/2010 - 20:52:09 - [0,011] ----D C:\Users\User\AppData\Roaming\Farm Mania
O43 - CFD: 15/06/2010 - 14:25:00 - [0,038] ----D C:\Users\User\AppData\Roaming\Flood Light Games
O43 - CFD: 09/03/2010 - 09:39:34 - [0,550] ----D C:\Users\User\AppData\Roaming\FloodLightGames
O43 - CFD: 16/06/2010 - 10:08:31 - [0,152] ----D C:\Users\User\AppData\Roaming\FlyWheelGames
O43 - CFD: 06/03/2010 - 12:57:48 - [0,007] ----D C:\Users\User\AppData\Roaming\Foxit
O43 - CFD: 30/04/2010 - 06:21:14 - [0,000] ----D C:\Users\User\AppData\Roaming\Foxit Software
O43 - CFD: 28/06/2010 - 10:32:09 - [0] ----D C:\Users\User\AppData\Roaming\freshgames
O43 - CFD: 21/03/2010 - 23:08:27 - [0,228] ----D C:\Users\User\AppData\Roaming\Friday's games
O43 - CFD: 18/04/2011 - 21:41:50 - [3,322] ----D C:\Users\User\AppData\Roaming\Frogwares
O43 - CFD: 16/11/2011 - 17:03:02 - [0,002] ----D C:\Users\User\AppData\Roaming\Funswitch
O43 - CFD: 16/03/2010 - 12:27:10 - [0,002] ----D C:\Users\User\AppData\Roaming\Gaijin Ent
O43 - CFD: 08/07/2010 - 09:24:18 - [21,911] ----D C:\Users\User\AppData\Roaming\Gestalt Games
O43 - CFD: 17/11/2011 - 21:58:05 - [0,010] ----D C:\Users\User\AppData\Roaming\Ghost Ship Studios
O43 - CFD: 04/12/2011 - 23:56:01 - [0,035] ----D C:\Users\User\AppData\Roaming\GO Games
O43 - CFD: 11/11/2011 - 20:21:14 - [0,778] ----D C:\Users\User\AppData\Roaming\Gogii
O43 - CFD: 23/10/2010 - 19:31:02 - [0] ----D C:\Users\User\AppData\Roaming\Google
O43 - CFD: 08/11/2011 - 16:24:07 - [0,064] ----D C:\Users\User\AppData\Roaming\HdO Adventure
O43 - CFD: 12/03/2010 - 09:36:39 - [0,001] ----D C:\Users\User\AppData\Roaming\HiT-MM
O43 - CFD: 24/06/2010 - 08:34:54 - [0,006] ----D C:\Users\User\AppData\Roaming\Identities
O43 - CFD: 06/03/2010 - 11:37:08 - [0] ----D C:\Users\User\AppData\Roaming\InstallShield
O43 - CFD: 05/05/2010 - 17:22:34 - [1,215] ----D C:\Users\User\AppData\Roaming\IronCode
O43 - CFD: 17/11/2011 - 10:07:24 - [0,003] ----D C:\Users\User\AppData\Roaming\Islands
O43 - CFD: 12/11/2011 - 16:35:38 - [9,460] ----D C:\Users\User\AppData\Roaming\Jetdogs Studios
O43 - CFD: 15/11/2011 - 11:51:15 - [0,035] ----D C:\Users\User\AppData\Roaming\Lazy Turtle Games
O43 - CFD: 30/11/2011 - 18:07:40 - [1,095] ----D C:\Users\User\AppData\Roaming\LestaStudio
O43 - CFD: 30/04/2010 - 23:19:22 - [0,000] ----D C:\Users\User\AppData\Roaming\LG Electronics
O43 - CFD: 19/10/2010 - 13:47:05 - [0,000] ----D C:\Users\User\AppData\Roaming\Lost in the City
O43 - CFD: 06/03/2010 - 11:37:58 - [0,061] ----D C:\Users\User\AppData\Roaming\Macromedia
O43 - CFD: 18/10/2010 - 08:34:55 - [0,127] ----D C:\Users\User\AppData\Roaming\Magic3
O43 - CFD: 28/11/2011 - 20:30:39 - [0,048] ----D C:\Users\User\AppData\Roaming\MagicIndie
O43 - CFD: 13/08/2012 - 11:12:39 - [0,142] ----D C:\Users\User\AppData\Roaming\Malwarebytes
O43 - CFD: 11/11/2011 - 13:18:48 - [0,006] ----D C:\Users\User\AppData\Roaming\margrave3_full
O43 - CFD: 02/07/2010 - 07:44:37 - [1,400] ----D C:\Users\User\AppData\Roaming\MatchWare
O43 - CFD: 27/04/2011 - 19:25:33 - [0,026] ----D C:\Users\User\AppData\Roaming\md studio
O43 - CFD: 02/11/2006 - 14:37:34 - [0] ----D C:\Users\User\AppData\Roaming\Media Center Programs
O43 - CFD: 06/03/2010 - 13:06:58 - [0,000] ----D C:\Users\User\AppData\Roaming\Media Player Classic
O43 - CFD: 06/12/2011 - 12:42:31 - [0,097] ----D C:\Users\User\AppData\Roaming\MediaArt
O43 - CFD: 19/03/2010 - 08:27:24 - [0,003] ----D C:\Users\User\AppData\Roaming\Meridian93
O43 - CFD: 07/07/2010 - 10:43:29 - [0,071] ----D C:\Users\User\AppData\Roaming\Merscom
O43 - CFD: 17/03/2012 - 20:23:29 - [19,892] -S--D C:\Users\User\AppData\Roaming\Microsoft
O43 - CFD: 19/05/2010 - 19:42:36 - [0] ----D C:\Users\User\AppData\Roaming\Microsoft Web Folders
O43 - CFD: 13/08/2010 - 21:25:34 - [0,567] ----D C:\Users\User\AppData\Roaming\moovida-1
O43 - CFD: 17/03/2012 - 20:23:27 - [4,817] ----D C:\Users\User\AppData\Roaming\Nosibay
O43 - CFD: 03/06/2010 - 15:15:33 - [0,027] ----D C:\Users\User\AppData\Roaming\Oberonv1002
O43 - CFD: 23/03/2010 - 11:42:50 - [0,019] ----D C:\Users\User\AppData\Roaming\Oberonv1002fr
O43 - CFD: 17/09/2010 - 15:53:11 - [0,000] ----D C:\Users\User\AppData\Roaming\OfferBox
O43 - CFD: 06/03/2010 - 13:02:51 - [3,475] ----D C:\Users\User\AppData\Roaming\OpenOffice.org
O43 - CFD: 05/12/2011 - 10:59:00 - [0,018] ----D C:\Users\User\AppData\Roaming\Orneon
O43 - CFD: 19/01/2011 - 21:23:09 - [0,018] ----D C:\Users\User\AppData\Roaming\PeaceCraft2
O43 - CFD: 17/07/2011 - 12:32:52 - [0] ----D C:\Users\User\AppData\Roaming\PeerNetworking
O43 - CFD: 01/04/2011 - 11:42:14 - [0,011] ----D C:\Users\User\AppData\Roaming\Phantasmat_oberon_se
O43 - CFD: 17/03/2012 - 20:27:33 - [0,002] ----D C:\Users\User\AppData\Roaming\PhotoFiltre 7
O43 - CFD: 28/11/2011 - 22:26:49 - [1,452] ----D C:\Users\User\AppData\Roaming\PlayFirst
O43 - CFD: 18/11/2011 - 13:33:58 - [0,188] ----D C:\Users\User\AppData\Roaming\playmink
O43 - CFD: 26/03/2010 - 11:51:37 - [0,002] ----D C:\Users\User\AppData\Roaming\PoBros
O43 - CFD: 05/05/2010 - 21:20:54 - [0,017] ----D C:\Users\User\AppData\Roaming\Princess Isabella
O43 - CFD: 20/11/2011 - 14:59:28 - [0,094] ----D C:\Users\User\AppData\Roaming\Rainbow
O43 - CFD: 20/01/2011 - 09:21:48 - [0,020] ----D C:\Users\User\AppData\Roaming\Realore_Whiterra Roads Of Rome 2
O43 - CFD: 13/10/2010 - 21:04:39 - [0] ----D C:\Users\User\AppData\Roaming\Reg.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
O43 - CFD: 05/05/2010 - 09:38:11 - [0,009] ----D C:\Users\User\AppData\Roaming\RobinsonCrusoe
O43 - CFD: 27/03/2011 - 08:46:07 - [0,887] ----D C:\Users\User\AppData\Roaming\Sahmon Games
O43 - CFD: 21/03/2010 - 11:01:18 - [0,036] ----D C:\Users\User\AppData\Roaming\SerpentOfIsis
O43 - CFD: 24/06/2010 - 08:35:11 - [0,147] ----D C:\Users\User\AppData\Roaming\Settlement. Colossus
O43 - CFD: 31/01/2011 - 13:11:04 - [0,002] ----D C:\Users\User\AppData\Roaming\SevenSails
O43 - CFD: 04/10/2010 - 09:46:06 - [0,053] ----D C:\Users\User\AppData\Roaming\Silverback Productions
O43 - CFD: 11/03/2011 - 12:04:28 - [0,055] ----D C:\Users\User\AppData\Roaming\Skunk Studios
O43 - CFD: 23/02/2012 - 19:55:30 - [4,286] ----D C:\Users\User\AppData\Roaming\Skype
O43 - CFD: 01/12/2010 - 09:24:45 - [215,172] ----D C:\Users\User\AppData\Roaming\Sony
O43 - CFD: 19/12/2010 - 14:32:35 - [0,010] ----D C:\Users\User\AppData\Roaming\Sony Ericsson
O43 - CFD: 07/12/2011 - 14:25:35 - [0,938] ----D C:\Users\User\AppData\Roaming\SulusGames
O43 - CFD: 27/05/2010 - 11:58:25 - [0,021] ----D C:\Users\User\AppData\Roaming\Super-Cow
O43 - CFD: 17/04/2010 - 20:00:34 - [0,008] ----D C:\Users\User\AppData\Roaming\Template
O43 - CFD: 16/11/2011 - 17:11:28 - [38,627] ----D C:\Users\User\AppData\Roaming\Ten Heavens
O43 - CFD: 15/11/2010 - 14:42:46 - [0,002] ----D C:\Users\User\AppData\Roaming\TheGreatPharaoh
O43 - CFD: 15/10/2011 - 17:04:03 - [0,001] ----D C:\Users\User\AppData\Roaming\ThreeDays2
O43 - CFD: 26/03/2010 - 09:39:33 - [0,005] ----D C:\Users\User\AppData\Roaming\TitanicMystery
O43 - CFD: 25/01/2011 - 14:00:29 - [0,031] ----D C:\Users\User\AppData\Roaming\TOMI2.THE GATES OF FATE
O43 - CFD: 04/11/2011 - 17:02:25 - [0,030] ----D C:\Users\User\AppData\Roaming\Vast Studios
O43 - CFD: 17/03/2010 - 17:04:42 - [0,005] ----D C:\Users\User\AppData\Roaming\Virtual City
O43 - CFD: 17/03/2010 - 10:44:55 - [0,013] ----D C:\Users\User\AppData\Roaming\VisualShape
O43 - CFD: 25/02/2012 - 11:33:10 - [0,170] ----D C:\Users\User\AppData\Roaming\vlc
O43 - CFD: 19/11/2011 - 21:06:28 - [0,004] ----D C:\Users\User\AppData\Roaming\WendigoStudios
O43 - CFD: 01/03/2011 - 17:34:10 - [0] ----D C:\Users\User\AppData\Roaming\WinRAR
O43 - CFD: 19/05/2010 - 20:04:29 - [0] ----D C:\Users\User\AppData\Roaming\Yahoo!
O43 - CFD: 19/11/2011 - 07:36:25 - [0,235] ----D C:\Users\User\AppData\Roaming\YoudaGames
O43 - CFD: 24/06/2010 - 08:34:53 - [0,252] ----D C:\Users\User\AppData\Roaming\Zylom
O43 - CFD: 07/03/2010 - 23:07:15 - [0,007] ----D C:\Users\User\AppData\Local\Acer Arcade Deluxe
O43 - CFD: 06/03/2010 - 11:39:34 - [0,008] --H-D C:\Users\User\AppData\Local\acer eNM
O43 - CFD: 03/03/2012 - 19:56:13 - [0,246] ----D C:\Users\User\AppData\Local\Adobe
O43 - CFD: 24/11/2010 - 18:13:43 - [0] ----D C:\Users\User\AppData\Local\Apple
O43 - CFD: 09/01/2011 - 20:08:11 - [27,899] ----D C:\Users\User\AppData\Local\Apple Computer
O43 - CFD: 06/03/2010 - 11:36:43 - [0] ----D C:\Users\User\AppData\Local\Application Data
O43 - CFD: 31/01/2011 - 09:40:17 - [0,659] ----D C:\Users\User\AppData\Local\Astar Games
O43 - CFD: 27/06/2012 - 14:33:20 - [0,005] ----D C:\Users\User\AppData\Local\Conduit
O43 - CFD: 03/10/2010 - 22:23:59 - [0,670] ----D C:\Users\User\AppData\Local\Deadtime Stories
O43 - CFD: 01/12/2010 - 09:34:41 - [15,988] ----D C:\Users\User\AppData\Local\Downloaded Installations
O43 - CFD: 25/01/2012 - 13:47:44 - [0] ----D C:\Users\User\AppData\Local\EBP
O43 - CFD: 26/05/2010 - 08:48:22 - [1,106] ----D C:\Users\User\AppData\Local\ESET
O43 - CFD: 13/06/2012 - 19:17:30 - [93,953] ----D C:\Users\User\AppData\Local\F4
O43 - CFD: 17/10/2011 - 19:55:06 - [7,396] ----D C:\Users\User\AppData\Local\Facebook
O43 - CFD: 07/11/2010 - 19:07:18 - [498,868] ----D C:\Users\User\AppData\Local\FLVService
O43 - CFD: 22/04/2012 - 15:58:08 - [304,679] ----D C:\Users\User\AppData\Local\Google
O43 - CFD: 28/04/2010 - 17:09:48 - [0,042] ----D C:\Users\User\AppData\Local\Grubby Games
O43 - CFD: 06/03/2010 - 11:36:43 - [0] ----D C:\Users\User\AppData\Local\Historique
O43 - CFD: 19/10/2011 - 17:21:20 - [0] ----D C:\Users\User\AppData\Local\JollyBear
O43 - CFD: 07/03/2010 - 22:04:42 - [0,004] ----D C:\Users\User\AppData\Local\LostKing
O43 - CFD: 07/11/2010 - 21:03:20 - [913,105] ----D C:\Users\User\AppData\Local\Microsoft
O43 - CFD: 14/07/2011 - 22:06:26 - [1,670] ----D C:\Users\User\AppData\Local\Microsoft Games
O43 - CFD: 24/08/2011 - 11:40:13 - [0,101] ----D C:\Users\User\AppData\Local\Microsoft Help
O43 - CFD: 28/09/2011 - 08:21:03 - [0,003] ----D C:\Users\User\AppData\Local\monAlbumPhoto
O43 - CFD: 13/08/2010 - 21:25:37 - [0,124] ----D C:\Users\User\AppData\Local\moovida Air
O43 - CFD: 06/03/2010 - 12:56:57 - [0] ----D C:\Users\User\AppData\Local\Mozilla
O43 - CFD: 18/07/2010 - 17:51:03 - [113,896] ----D C:\Users\User\AppData\Local\Nick Chase A Detective Story
O43 - CFD: 21/03/2010 - 19:02:18 - [0,000] ----D C:\Users\User\AppData\Local\Oberon Games
O43 - CFD: 19/04/2011 - 16:15:27 - [0,171] ----D C:\Users\User\AppData\Local\Oberon Media
O43 - CFD: 22/04/2011 - 16:48:27 - [0] ----D C:\Users\User\AppData\Local\PackageAware
O43 - CFD: 25/03/2010 - 17:07:56 - [0,007] ----D C:\Users\User\AppData\Local\PlayMovie
O43 - CFD: 07/03/2010 - 23:07:08 - [0] ----D C:\Users\User\AppData\Local\PowerCinema
O43 - CFD: 01/12/2010 - 09:31:46 - [0,014] ----D C:\Users\User\AppData\Local\Sony
O43 - CFD: 07/02/2011 - 09:46:56 - [0] ----D C:\Users\User\AppData\Local\Sony Ericsson
O43 - CFD: 25/03/2010 - 12:01:15 - [0] ----D C:\Users\User\AppData\Local\STARGAZE_IMAGE_CACHE
O43 - CFD: 05/11/2011 - 19:01:27 - [0,015] ----D C:\Users\User\AppData\Local\Tales of Lagoona
O43 - CFD: 13/08/2012 - 14:14:43 - [0,741] ----D C:\Users\User\AppData\Local\Temp
O43 - CFD: 06/03/2010 - 11:36:43 - [0] ----D C:\Users\User\AppData\Local\Temporary Internet Files
O43 - CFD: 10/03/2010 - 15:56:31 - [124,323] ----D C:\Users\User\AppData\Local\VirtualStore
O43 - CFD: 07/11/2010 - 19:33:34 - [0,047] ----D C:\Users\User\AppData\Local\Windows Live
O43 - CFD: 22/04/2012 - 16:00:09 - [0,250] ----D C:\Users\User\AppData\Local\WinZip
O43 - CFD: 12/09/2010 - 19:39:28 - [0] ----D C:\Users\User\AppData\Local\Zylom Games
O43 - CFD: 27/01/2011 - 21:51:36 - [0,116] ----D C:\Users\User\AppData\Local\Zynga
O43 - CFD: 17/03/2012 - 20:22:37 - [0,015] R---D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
O43 - CFD: 08/11/2011 - 11:36:45 - [0] ----D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Acer GameZone
O43 - CFD: 06/03/2010 - 11:38:48 - [0,000] R---D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
O43 - CFD: 18/03/2008 - 14:00:03 - [0,007] ----D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerProducer
O43 - CFD: 13/10/2010 - 19:26:50 - [0] ----D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dofus 2
O43 - CFD: 08/09/2010 - 20:57:22 - [0,013] ----D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freecorder
O43 - CFD: 04/11/2011 - 10:21:32 - [0,004] ----D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Macabre Mysteries - La Malediction du Theatre Nightingale Edition Collector
O43 - CFD: 21/01/2008 - 04:42:46 - [0,001] R---D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
O43 - CFD: 06/03/2010 - 13:06:28 - [0,003] ----D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Satsuki Decoder Pack
O43 - CFD: 19/05/2010 - 19:47:49 - [0,000] R---D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
~ Scan Program Folder in 00mn 51s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.A94869F5F38B10E7FCB45E76932C1B31] - 13/08/2012 - 13:03:54 ---A- . (...) -- C:\Windows\System32\PerfStringBackup.INI [1502712]
O44 - LFC:[MD5.FB39FC62CCFA57807D0A03A1EF33DF6C] - 13/08/2012 - 13:03:54 ---A- . (...) -- C:\Windows\System32\perfc009.dat [105320]
O44 - LFC:[MD5.C5A777C3C919E119B57E71354114150B] - 13/08/2012 - 13:03:54 ---A- . (...) -- C:\Windows\System32\perfc00C.dat [127876]
O44 - LFC:[MD5.ED960BFD3F3A3A9A6A8B29B1535AEA51] - 13/08/2012 - 13:03:54 ---A- . (...) -- C:\Windows\System32\perfh009.dat [598346]
O44 - LFC:[MD5.DE5F0E164B4B2056B78C276D79C0EA76] - 13/08/2012 - 13:03:54 ---A- . (...) -- C:\Windows\System32\perfh00C.dat [681392]
O44 - LFC:[MD5.F850B86B2C731B81816529ADFB8C5C26] - 13/08/2012 - 13:01:55 ---A- . (...) -- C:\Windows\WindowsUpdate.log [2075356]
O44 - LFC:[MD5.0DB7527DB188C7D967A37BB51BBF3963] - 13/08/2012 - 12:59:26 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\System32\Drivers\mbamswissarmy.sys [40776]
O44 - LFC:[MD5.18A4E792AB58B8DBDBE8A761429A5E3E] - 13/08/2012 - 12:57:10 -S-A- . (...) -- C:\Windows\bootstat.dat [67584]
O44 - LFC:[MD5.475C5696A04C5F15F37139947E2DF85A] - 13/08/2012 - 12:57:07 ---A- . (...) -- C:\Windows\PFRO.log [15836]
O44 - LFC:[MD5.6DFE7F2E8E8A337263AA5C92A215F161] - 13/08/2012 - 10:12:25 ---A- . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Windows\System32\Drivers\mbam.sys [22344]
O44 - LFC:[MD5.9FA1E46C03C9A174BDE05BFCE07BBF3B] - 13/08/2012 - 09:53:33 ---A- . (...) -- C:\AdwCleaner[S2].txt [11183]
O44 - LFC:[MD5.5F94BF9548C5533A7ADCB597072CC83A] - 13/08/2012 - 09:51:14 ---A- . (...) -- C:\AdwCleaner[S1].txt [294]
O44 - LFC:[MD5.44BA19D5F763757A05DCF03E6D599A77] - 12/08/2012 - 08:53:28 ---A- . (...) -- C:\Windows\setupact.log [695]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 12/08/2012 - 08:53:24 ---A- . (...) -- C:\Windows\setuperr.log [0]
O44 - LFC:[MD5.BDEF95D41FBB7C69E8496E4099C6DF02] - 03/08/2012 - 02:26:18 ---A- . (...) -- C:\Windows\System32\FNTCACHE.DAT [407240]
O44 - LFC:[MD5.8965BB8B1E0B01999EFF61332F222803] - 03/08/2012 - 02:06:28 ---A- . (...) -- C:\Windows\win.ini [240]
~ Scan Files in 00mn 28s



---\\ Contrôle du Safe Boot (CSB) (O49) (None)

---\\ MountPoints2 Shell Key (O51)
O51 - MPSK:{017357cd-28f9-11df-8916-806e6f6e6963}\AutoRun\command. (...) -- E:\Install.exe (.not file.)
O51 - MPSK:{3b440428-e122-11e1-9ce3-ad769807ae89}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{711c6e24-389f-11df-90f9-f34e2674993c}\AutoRun\command. (...) -- F:\installer.exe (.not file.)
O51 - MPSK:{77b484df-bc07-11df-8513-855e5b1cc831}\AutoRun\command. (...) -- I:\WD SmartWare.exe (.not file.)
O51 - MPSK:{a052819e-ef00-11df-be90-9ae6c9379a21}\AutoRun\command. (...) -- G:\Startme.exe (.not file.)
~ Scan Keys in 00mn 00s



---\\ ShareTools MSconfig StartupReg (O53) (None)

---\\ Liste des Drivers Système (O58)
O58 - SDL:[MD5.04F0FCAC69C7C71A3AC4EB97FAFC8303] - 21/01/2008 - 03:23:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [422968]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 02/11/2006 - 08:09:42 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
~ Scan Drivers in 00mn 00s



---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.)
~ Scan Keys in 00mn 00s



---\\ Start Menu Internet (O68) (None)

---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - https://www.google.com/?gws_rd=ssl
O69 - SBI: SearchScopes [HKCU] {85CC851B-CFEB-48CF-BB4C-3324357B8BA0} - (Web Search) - http://search.freecause.com
O69 - SBI: SearchScopes [HKCU] {AA410A32-AE02-49E5-9E22-FA277ECFD301} - (Ask Search) -

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses
problême Opéra est ce un virus??
sand2504 -
sand2504 -

85 réponses
Comment savoir si j'ai attrapé un virus sur mon téléphone ?
Infolock -
bell -

66 réponses