angelus1717

ok encore merci pour ton aide bisous

voici le bébé !!! mdr Lien CJoint.com BGArKcFdf0K

eh hop voici ce que tu demande !!! lol Lien CJoint.com BGArkhNlM1O

voici ce que tu ma dfemander, Lien CJoint.com BGAqJTyz8fa

ah ok là je telecharge avast et je te post ce que tu as demander des que je l'ai

quel antivirus me conseil tu ? car je n'ai que le dernier programme que tu ma dit de telecharger !!

Rere, Bon bonne nouvelle le missile peut rester a l'abris pour le moment !! Kapersky a fini par tout nettoyer !!! yessssssssss Je te remercie de tout tes précieux conseils gros bisous

rere, dans le doute j'ai relancer MBAM en scan complet et surprise la petite bêbête est toujours présente grrrr voici le rapport de scan Malwarebytes Anti-Malware (Essai) 1.62.0.1300 www.malwarebytes.org Version de la base de données: v2012.07.25.08 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 Nanou :: NANOU-PC [administrateur] Protection: Désactivé 26/07/2012 14:37:31 mbam-log-2012-07-26 (14-37-31).txt Type d'examen: Examen complet (C:\|) Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM Options d'examen désactivées: P2P Elément(s) analysé(s): 308990 Temps écoulé: 18 minute(s), 50 seconde(s) Processus mémoire détecté(s): 0 (Aucun élément nuisible détecté) Module(s) mémoire détecté(s): 0 (Aucun élément nuisible détecté) Clé(s) du Registre détectée(s): 0 (Aucun élément nuisible détecté) Valeur(s) du Registre détectée(s): 0 (Aucun élément nuisible détecté) Elément(s) de données du Registre détecté(s): 0 (Aucun élément nuisible détecté) Dossier(s) détecté(s): 0 (Aucun élément nuisible détecté) Fichier(s) détecté(s): 1 C:\Users\Nanou\Desktop\RK_Quarantine\00000008.@.vir (Trojan.Dropper.BCMiner) -> Mis en quarantaine et supprimé avec succès. (fin) je l'ai suprimer de la quarantaine et aprés redemarage il réaparait sans cesse je sais plus quoi faire

re, redemarrage effectué voici le rapport de MBAM Malwarebytes Anti-Malware (Essai) 1.62.0.1300 www.malwarebytes.org Version de la base de données: v2012.07.25.08 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 Nanou :: NANOU-PC [administrateur] Protection: Désactivé 26/07/2012 14:27:10 mbam-log-2012-07-26 (14-27-10).txt Type d'examen: Examen rapide Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM Options d'examen désactivées: P2P Elément(s) analysé(s): 185068 Temps écoulé: 3 minute(s), 5 seconde(s) Processus mémoire détecté(s): 0 (Aucun élément nuisible détecté) Module(s) mémoire détecté(s): 0 (Aucun élément nuisible détecté) Clé(s) du Registre détectée(s): 0 (Aucun élément nuisible détecté) Valeur(s) du Registre détectée(s): 0 (Aucun élément nuisible détecté) Elément(s) de données du Registre détecté(s): 0 (Aucun élément nuisible détecté) Dossier(s) détecté(s): 0 (Aucun élément nuisible détecté) Fichier(s) détecté(s): 0 (Aucun élément nuisible détecté) (fin) je relance mon anti virus en te remerçiant beaucoup de ton aide biz

voilà RogueKiller V7.6.4 [17/07/2012] par Tigzy mail: tigzyRK<at>gmail<dot>com Remontees: [RogueKiller] Remontées (1/57) Blog: tigzy-RK Systeme d'exploitation: Windows 7 (6.1.7600 ) 64 bits version Demarrage : Mode normal Utilisateur: Nanou [Droits d'admin] Mode: Suppression -- Date: 26/07/2012 14:02:51 ¤¤¤ Processus malicieux: 0 ¤¤¤ ¤¤¤ Entrees de registre: 3 ¤¤¤ [ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Nanou\AppData\Local\{fe09ce2e-23ef-c6be-b551-13ec0a9986aa}\n.) -> REPLACED (c:\windows\system32\shell32.dll) [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤ [ZeroAccess][FILE] @ : c:\windows\installer\{fe09ce2e-23ef-c6be-b551-13ec0a9986aa}\@ --> REMOVED AT REBOOT [Del.Parent][FILE] 00000004.@ : c:\windows\installer\{fe09ce2e-23ef-c6be-b551-13ec0a9986aa}\U\00000004.@ --> REMOVED [Del.Parent][FILE] 00000008.@ : c:\windows\installer\{fe09ce2e-23ef-c6be-b551-13ec0a9986aa}\U\00000008.@ --> REMOVED [Del.Parent][FILE] 000000cb.@ : c:\windows\installer\{fe09ce2e-23ef-c6be-b551-13ec0a9986aa}\U\000000cb.@ --> REMOVED [Del.Parent][FILE] 80000000.@ : c:\windows\installer\{fe09ce2e-23ef-c6be-b551-13ec0a9986aa}\U\80000000.@ --> REMOVED [Del.Parent][FILE] 80000032.@ : c:\windows\installer\{fe09ce2e-23ef-c6be-b551-13ec0a9986aa}\U\80000032.@ --> REMOVED [Del.Parent][FILE] 80000064.@ : c:\windows\installer\{fe09ce2e-23ef-c6be-b551-13ec0a9986aa}\U\80000064.@ --> REMOVED [ZeroAccess][FOLDER] U : c:\windows\installer\{fe09ce2e-23ef-c6be-b551-13ec0a9986aa}\U --> REMOVED [Del.Parent][FILE] 00000004.@ : c:\windows\installer\{fe09ce2e-23ef-c6be-b551-13ec0a9986aa}\L\00000004.@ --> REMOVED [Del.Parent][FILE] 1afb2d56 : c:\windows\installer\{fe09ce2e-23ef-c6be-b551-13ec0a9986aa}\L\1afb2d56 --> REMOVED [Del.Parent][FILE] 201d3dde : c:\windows\installer\{fe09ce2e-23ef-c6be-b551-13ec0a9986aa}\L\201d3dde --> REMOVED [Del.Parent][FILE] 55490ac4 : c:\windows\installer\{fe09ce2e-23ef-c6be-b551-13ec0a9986aa}\L\55490ac4 --> REMOVED [ZeroAccess][FOLDER] L : c:\windows\installer\{fe09ce2e-23ef-c6be-b551-13ec0a9986aa}\L --> REMOVED [ZeroAccess][FILE] @ : c:\users\nanou\appdata\local\{fe09ce2e-23ef-c6be-b551-13ec0a9986aa}\@ --> REMOVED [Del.Parent][FILE] 00000004.@ : c:\users\nanou\appdata\local\{fe09ce2e-23ef-c6be-b551-13ec0a9986aa}\U\00000004.@ --> REMOVED [Del.Parent][FILE] 000000cb.@ : c:\users\nanou\appdata\local\{fe09ce2e-23ef-c6be-b551-13ec0a9986aa}\U\000000cb.@ --> REMOVED [Del.Parent][FILE] 80000000.@ : c:\users\nanou\appdata\local\{fe09ce2e-23ef-c6be-b551-13ec0a9986aa}\U\80000000.@ --> REMOVED [Del.Parent][FILE] 80000032.@ : c:\users\nanou\appdata\local\{fe09ce2e-23ef-c6be-b551-13ec0a9986aa}\U\80000032.@ --> REMOVED [Del.Parent][FILE] 80000064.@ : c:\users\nanou\appdata\local\{fe09ce2e-23ef-c6be-b551-13ec0a9986aa}\U\80000064.@ --> REMOVED [ZeroAccess][FOLDER] U : c:\users\nanou\appdata\local\{fe09ce2e-23ef-c6be-b551-13ec0a9986aa}\U --> REMOVED [Del.Parent][FILE] 00000004.@ : c:\users\nanou\appdata\local\{fe09ce2e-23ef-c6be-b551-13ec0a9986aa}\L\00000004.@ --> REMOVED [ZeroAccess][FOLDER] L : c:\users\nanou\appdata\local\{fe09ce2e-23ef-c6be-b551-13ec0a9986aa}\L --> REMOVED [ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_32\desktop.ini --> REMOVED AT REBOOT [ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> REMOVED AT REBOOT ¤¤¤ Driver: [NON CHARGE] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ Fichier HOSTS: ¤¤¤

voici le rapport que tu m'a demander merci beaucoup de ton aide RogueKiller V7.6.4 [17/07/2012] par Tigzy mail: tigzyRK<at>gmail<dot>com Remontees: [RogueKiller] Remontées (1/57) Blog: tigzy-RK Systeme d'exploitation: Windows 7 (6.1.7600 ) 64 bits version Demarrage : Mode normal Utilisateur: Nanou [Droits d'admin] Mode: Recherche -- Date: 26/07/2012 13:52:02 ¤¤¤ Processus malicieux: 0 ¤¤¤ ¤¤¤ Entrees de registre: 3 ¤¤¤ [ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Nanou\AppData\Local\{fe09ce2e-23ef-c6be-b551-13ec0a9986aa}\n.) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤ [ZeroAccess][FILE] @ : c:\windows\installer\{fe09ce2e-23ef-c6be-b551-13ec0a9986aa}\@ --> FOUND [ZeroAccess][FOLDER] U : c:\windows\installer\{fe09ce2e-23ef-c6be-b551-13ec0a9986aa}\U --> FOUND [ZeroAccess][FOLDER] L : c:\windows\installer\{fe09ce2e-23ef-c6be-b551-13ec0a9986aa}\L --> FOUND [ZeroAccess][FILE] @ : c:\users\nanou\appdata\local\{fe09ce2e-23ef-c6be-b551-13ec0a9986aa}\@ --> FOUND [ZeroAccess][FOLDER] U : c:\users\nanou\appdata\local\{fe09ce2e-23ef-c6be-b551-13ec0a9986aa}\U --> FOUND [ZeroAccess][FOLDER] L : c:\users\nanou\appdata\local\{fe09ce2e-23ef-c6be-b551-13ec0a9986aa}\L --> FOUND [ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_32\desktop.ini --> FOUND [ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> FOUND ¤¤¤ Driver: [NON CHARGE] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ Fichier HOSTS: ¤¤¤ ¤¤¤ MBR Verif: ¤¤¤ +++++ PhysicalDrive0: Hitachi HDS721010CLA332 ATA Device +++++ --- User --- [MBR] 4e12e8b4f9d23e660c4e62f3b6374dad [bSP] 6e05f89a61bda317e69a021879fc1a28 : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 16 | Size: 482082 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 987305984 | Size: 244407 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1487851520 | Size: 227377 Mo User = LL1 ... OK! User = LL2 ... OK! Termine : << RKreport[1].txt >> RKreport[1].txt

voici le rapport demander # AdwCleaner v1.703 - Rapport créé le 26/07/2012 à 13:38:49 # Mis à jour le 20/07/2012 par Xplode # Système d'exploitation : Windows 7 Ultimate N (64 bits) # Nom d'utilisateur : Nanou - NANOU-PC # Exécuté depuis : C:\Users\Nanou\Downloads\adwcleaner(1).exe # Option [suppression] ***** [services] ***** ***** [Fichiers / Dossiers] ***** Dossier Supprimé : C:\Users\Nanou\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847} Dossier Supprimé : C:\Users\Nanou\AppData\Local\Temp\Iminent Dossier Supprimé : C:\Users\Nanou\AppData\LocalLow\BabylonToolbar Dossier Supprimé : C:\Users\Nanou\AppData\LocalLow\Toolbar4 Dossier Supprimé : C:\Users\Nanou\AppData\Roaming\Babylon Dossier Supprimé : C:\Users\Nanou\AppData\Roaming\BrowserCompanion Dossier Supprimé : C:\Users\Nanou\AppData\Roaming\eType Dossier Supprimé : C:\Users\Nanou\AppData\Roaming\OfferBox Dossier Supprimé : C:\Users\Nanou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\vGrabber Dossier Supprimé : C:\Users\Nanou\AppData\Roaming\Mozilla\Firefox\Profiles\082mlq3d.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444} Dossier Supprimé : C:\Users\Nanou\AppData\Roaming\Mozilla\Firefox\Profiles\082mlq3d.default\extensions\ffxtlbr@babylon.com Dossier Supprimé : C:\ProgramData\Babylon Dossier Supprimé : C:\ProgramData\Tarma Installer Dossier Supprimé : C:\Program Files\Babylon Dossier Supprimé : C:\Program Files (x86)\BrowserCompanion Dossier Supprimé : C:\Program Files (x86)\SweetIM Dossier Supprimé : C:\Program Files (x86)\v-Grabber Fichier Supprimé : C:\Users\Nanou\AppData\Roaming\Mozilla\Firefox\Profiles\082mlq3d.default\searchplugins\Plusnetwork.xml Fichier Supprimé : C:\Users\Nanou\AppData\Roaming\Mozilla\Firefox\Profiles\082mlq3d.default\searchplugins\SweetIm.xml Fichier Supprimé : C:\Users\Nanou\AppData\Roaming\Mozilla\Firefox\Profiles\082mlq3d.default\extensions\adapter@babylontc.com.xpi Fichier Supprimé : C:\Users\Nanou\AppData\Roaming\Mozilla\Firefox\Profiles\082mlq3d.default\extensions\ocr@babylon.com.xpi Fichier Supprimé : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml ***** [Registre] ***** Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Rechercher sur le Web Clé Supprimée : HKCU\Software\Offerbox Clé Supprimée : HKCU\Software\Softonic Clé Supprimée : HKCU\Software\SweetIm Clé Supprimée : HKLM\SOFTWARE\Babylon Clé Supprimée : HKLM\SOFTWARE\Boxore Clé Supprimée : HKLM\SOFTWARE\Conduit Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn Clé Supprimée : HKLM\SOFTWARE\Iminent Clé Supprimée : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32 Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP Clé Supprimée : HKLM\SOFTWARE\Offerbox Clé Supprimée : HKLM\SOFTWARE\SweetIM [x64] Clé Supprimée : HKLM\SOFTWARE\Tarma Installer ***** [Registre - GUID] ***** Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7} Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759} Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF} Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291} Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08} Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B} Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B} Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Valeur Supprimée : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{977AE9CC-AF83-45E8-9E03-E2798216E2D5}] Valeur Supprimée : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}] [x64] Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA} [x64] Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09} [x64] Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49} [x64] Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460} [x64] Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920} [x64] Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3} [x64] Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861} [x64] Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065} [x64] Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA} [x64] Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000} [x64] Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4} [x64] Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D} [x64] Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0} [x64] Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C} [x64] Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9} [x64] Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08} [x64] Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4} [x64] Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C} [x64] Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37} [x64] Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0} [x64] Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003} [x64] Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4} [x64] Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D} [x64] Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5} [x64] Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A} [x64] Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D} [x64] Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA} [x64] Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75} [x64] Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556} [x64] Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C} [x64] Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500} [x64] Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205} [x64] Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED} [x64] Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25} [x64] Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D} [x64] Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3} [x64] Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7} [x64] Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01} [x64] Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2} [x64] Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587} [x64] Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4} [x64] Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B} [x64] Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7} ***** [Navigateurs] ***** -\\ Internet Explorer v9.0.8112.16421 Remplacé : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=114347&tt=190712_n_mont_3012_4&babsrc=HP_ss&mntrId=901951aa000000000000bc5ff4354e96 --> hxxp://www.google.com -\\ Mozilla Firefox v12.0 (fr) Nom du profil : default Fichier : C:\Users\Nanou\AppData\Roaming\Mozilla\Firefox\Profiles\082mlq3d.default\prefs.js C:\Users\Nanou\AppData\Roaming\Mozilla\Firefox\Profiles\082mlq3d.default\user.js ... Supprimé ! Supprimée : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com"); Supprimée : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=114347&tt=190712_n_mont_3012_4&bab[...] Supprimée : user_pref("browser.search.defaultenginename", "Search the web (Babylon)"); Supprimée : user_pref("browser.search.order.1", "Search the web (Babylon)"); Supprimée : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=114347&tt=190712_n_mont_3012[...] Supprimée : user_pref("extensions.BabylonToolbar.admin", false); Supprimée : user_pref("extensions.BabylonToolbar.aflt", "babsst"); Supprimée : user_pref("extensions.BabylonToolbar.babExt", ""); Supprimée : user_pref("extensions.BabylonToolbar.babTrack", "affID=114347&tt=190712_n_mont_3012_4"); Supprimée : user_pref("extensions.BabylonToolbar.bbDpng", 23); Supprimée : user_pref("extensions.BabylonToolbar.cntry", "FR"); Supprimée : user_pref("extensions.BabylonToolbar.dfltLng", "en"); Supprimée : user_pref("extensions.BabylonToolbar.dfltSrch", true); Supprimée : user_pref("extensions.BabylonToolbar.excTlbr", false); Supprimée : user_pref("extensions.BabylonToolbar.hdrMd5", "DD61B63DDB32C6A4D7E3BA6C6B851193"); Supprimée : user_pref("extensions.BabylonToolbar.hmpg", true); Supprimée : user_pref("extensions.BabylonToolbar.id", "901951aa000000000000bc5ff4354e96"); Supprimée : user_pref("extensions.BabylonToolbar.instlDay", "15544"); Supprimée : user_pref("extensions.BabylonToolbar.instlRef", "sst"); Supprimée : user_pref("extensions.BabylonToolbar.keyWordUrl", "hxxp://search.babylon.com/?affID=114347&tt=190712[...] Supprimée : user_pref("extensions.BabylonToolbar.lastDP", 23); Supprimée : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.29.117:05:24"); Supprimée : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "12.0"); Supprimée : user_pref("extensions.BabylonToolbar.newTab", true); Supprimée : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?affID=114347&tt=190712_[...] Supprimée : user_pref("extensions.BabylonToolbar.noFFXTlbr", false); Supprimée : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar"); Supprimée : user_pref("extensions.BabylonToolbar.propectorlck", 81616355); Supprimée : user_pref("extensions.BabylonToolbar.prtkDS", 1); Supprimée : user_pref("extensions.BabylonToolbar.prtkHmpg", 1); Supprimée : user_pref("extensions.BabylonToolbar.prtnrId", "babylon"); Supprimée : user_pref("extensions.BabylonToolbar.ptch_0717", true); Supprimée : user_pref("extensions.BabylonToolbar.sg", "none"); Supprimée : user_pref("extensions.BabylonToolbar.smplGrp", "none"); Supprimée : user_pref("extensions.BabylonToolbar.srcExt", "ss"); Supprimée : user_pref("extensions.BabylonToolbar.tlbrId", "base"); Supprimée : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://www.google.com/search?babsrc=TB_ggl&q="); Supprimée : user_pref("extensions.BabylonToolbar.vrsn", "1.5.29.1"); Supprimée : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.29.117:05:24"); Supprimée : user_pref("extensions.BabylonToolbar.vrsni", "1.5.29.1"); Supprimée : user_pref("extensions.BabylonToolbar_i.aflt", "babsst"); Supprimée : user_pref("extensions.BabylonToolbar_i.babExt", ""); Supprimée : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=114347&tt=190712_n_mont_3012_4"); Supprimée : user_pref("extensions.BabylonToolbar_i.hardId", "901951aa000000000000bc5ff4354e96"); Supprimée : user_pref("extensions.BabylonToolbar_i.id", "901951aa000000000000bc5ff4354e96"); Supprimée : user_pref("extensions.BabylonToolbar_i.instlDay", "15541"); Supprimée : user_pref("extensions.BabylonToolbar_i.instlRef", "sst"); Supprimée : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar"); Supprimée : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon"); Supprimée : user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); Supprimée : user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); Supprimée : user_pref("extensions.BabylonToolbar_i.tlbrId", "base"); Supprimée : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17"); Supprimée : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.29.117:05:24"); Supprimée : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17"); Supprimée : user_pref("extensions.enabledAddons", "{C9B68337-E93A-44EA-94DC-CB300EC06444}:4.51.0,plugin@videofil[...] Supprimée : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=114347&tt=190712_n_mont_3012_4&babsrc=KW_[...] -\\ Google Chrome v18.0.1025.162 Fichier : C:\Users\Nanou\AppData\Local\Google\Chrome\User Data\Default\Preferences Supprimée : "homepage": "hxxp://search.babylon.com/?affID=114347&tt=190712_n_mont_3012_4&babsrc=HP_ss&mntr[...] Supprimée : "description": "SweetIm for Facebook", Supprimée : "name": "SweetIM for Facebook", Supprimée : "homepage": "hxxp://www.searchplusnetwork.com/?sp=vit5", ************************* AdwCleaner[R1].txt - [19504 octets] - [26/07/2012 13:36:28] AdwCleaner[s1].txt - [286 octets] - [26/07/2012 13:37:19] AdwCleaner[R2].txt - [19627 octets] - [26/07/2012 13:38:22] AdwCleaner[s2].txt - [18509 octets] - [26/07/2012 13:38:49] ########## EOF - C:\AdwCleaner[s2].txt - [18638 octets] ##########

Bonjour à tous, Voilà plusieurs jours que mon pc est infecté par Trojan.Dropper.BCMiner Je suis sous XP j'ai lancer un scan et un nettoyage par MBAM je l'ai suprimer de la quarantaine mais quand je relance le scan il réaparait voici le rapport Elément(s) de données du Registre détecté(s): 0 (Aucun élément nuisible détecté) Dossier(s) détecté(s): 0 (Aucun élément nuisible détecté) Fichier(s) détecté(s): 1 C:\Windows\Installer\{fe09ce2e-23ef-c6be-b551-13ec0a9986aa}\U\00000008.@ (Malwarebytes Anti-Malware (Essai) 1.62.0.1300 www.malwarebytes.org Version de la base de données: v2012.07.25.08 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 Nanou :: NANOU-PC [administrateur] Protection: Désactivé 26/07/2012 12:09:10 mbam-log-2012-07-26 (12-09-10).txt Type d'examen: Examen complet (C:\|D:\|E:\|) Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM Options d'examen désactivées: P2P Elément(s) analysé(s): 313239 Temps écoulé: 23 minute(s), 41 seconde(s) Processus mémoire détecté(s): 0 (Aucun élément nuisible détecté) Module(s) mémoire détecté(s): 0 (Aucun élément nuisible détecté) Clé(s) du Registre détectée(s): 0 (Aucun élément nuisible détecté) Valeur(s) du Registre détectée(s): 0 (Aucun élément nuisible détecté) Elément(s) de données du Registre détecté(s): 0 (Aucun élément nuisible détecté) Dossier(s) détecté(s): 0 (Aucun élément nuisible détecté) Fichier(s) détecté(s): 1 C:\Windows\Installer\{fe09ce2e-23ef-c6be-b551-13ec0a9986aa}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Mis en quarantaine et supprimé avec succès) -> Mis en quarantaine et supprimé avec succès. J'ai ensuite lancer ZHPDIAG dont voici le rapport apport de ZHPDiag v1.31.11 par Nicolas Coolman, Update du 21/07/2012 Run by Nanou at 26/07/2012 13:14:06 Web site : ZHPDiag Outil de diagnostic Web site : Blog de NicolasCoolman - ZebHelpProcess - Skyrock.com State : Version à jour. ---\\ Web Browser MSIE: Internet Explorer v ---\\ Windows Product Information ~ Langage: Français Windows 7 Ultimate Edition, 64-bit (Build 7600) Windows Server License Manager Script : OK ~ Windows® 7, OEM_SLP channel System Locked Preinstallation (OEM_SLP) : OK Windows ID Activation : OK ~ Windows Partial Key : HYRR2 Windows License : OK ~ Windows Remaining Initializations Number : 3 Software Protection Service (Protection logicielle) : KO Windows Automatic Updates : OK Windows Activation Technologies : OK ---\\ System Information ~ Processor: AMD64 Family 16 Model 4 Stepping 3, AuthenticAMD ~ Operating System: 64 Bits Boot mode: Normal (Normal boot) Total RAM: 4095 MB (57% free) System Restore: Inconnu (Unknown) System drive C: has 436 GB (92%) free of 471 GB ---\\ Logged in mode ~ Computer Name: NANOU-PC ~ User Name: Nanou ~ All Users Names: Nanou, HomeGroupUser$, Administrateur, ~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89 Logged in as Administrator ---\\ Environnement Variables ~ System Unit : C:\ ~ %AppData% : C:\Users\Nanou\AppData\Roaming\ ~ %Desktop% : C:\Users\Nanou\Desktop\ ~ %Favorites% : C:\Users\Nanou\Favorites\ ~ %LocalAppData% : C:\Users\Nanou\AppData\Local\ ~ %StartMenu% : C:\Users\Nanou\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ DOS/Devices C:\ Hard drive, Flash drive, Thumb drive (Free 436 Go of 471 Go) D:\ Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go) E:\ Hard drive, Flash drive, Thumb drive (Free 206 Go of 222 Go) F:\ CD-ROM drive (Not Inserted) G:\ Floppy drive, Flash card reader, USB Key (Not Inserted) H:\ Floppy drive, Flash card reader, USB Key (Not Inserted) I:\ Floppy drive, Flash card reader, USB Key (Not Inserted) J:\ Floppy drive, Flash card reader, USB Key (Not Inserted) K:\ Floppy drive, Flash card reader, USB Key (Not Inserted) ---\\ Security Center & Tools Informations ~ Scan Security Center in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.0862495E0C825893DB75EF44FAEA8E93] - (.Microsoft Corporation - Explorateur Windows.) (.26/02/2011 - 07:23:14.) -- C:\Windows\Explorer.exe [2870272] [MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024] [MD5.870ECFEBD41C7B8F9C6777748368D51F] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.25/06/2012 - 02:22:51.) -- C:\Windows\System32\wininet.dll [1392128] [MD5.DA3E2A6FA9660CC75B471530CE88453A] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.28/10/2009 - 07:24:40.) -- C:\Windows\System32\Winlogon.exe [389632] [MD5.75341574F21E766748732BDF530C74BD] - (.Microsoft Corporation - Bibliothèque de licences.) (.14/07/2009 - 02:41:54.) -- C:\Windows\System32\sppcomapi.dll [231936] [MD5.DB9D6C6B2CD95A9CA414D045B627422E] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 04:59:11.) -- C:\Windows\system32\Drivers\AFD.sys [499200] [MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128] [MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160] [MD5.83D2D75E1EFB81B3450C18131443F7DB] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.14/07/2009 - 00:19:54.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456] [MD5.9C253CE7311CA60FC11C774692A13208] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.27/04/2011 - 03:57:40.) -- C:\Windows\system32\Drivers\DfsC.sys [102400] [MD5.0A49913402747A0B67DE940FB42CBDBB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.14/07/2009 - 01:06:13.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368] [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472] [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224] [MD5.040D62A9D8AD28922632137ACDD984F2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.04/05/2011 - 03:51:08.) -- C:\Windows\system32\Drivers\MRxSmb.sys [157696] [MD5.9162B273A44AB9DCE5B44362731D062A] - (.Microsoft Corporation - MBT Transport driver.) (.14/07/2009 - 00:21:29.) -- C:\Windows\system32\Drivers\netBT.sys [259072] [MD5.378E0E0DFEA67D98AE6EA53ADBBD76BC] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.11/03/2011 - 07:23:06.) -- C:\Windows\system32\Drivers\ntfs.sys [1657216] [MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280] [MD5.87A6E852A22991580D6D39ADC4790463] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 01:10:12.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [130048] [MD5.9706B84DBABFC4B4CA46C5A82B14DFA3] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.14/07/2009 - 01:18:02.) -- C:\Windows\system32\Drivers\rdpdr.sys [165376] [MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184] [MD5.079125C4B17B01FCAEEBCE0BCB290C0F] - (.Microsoft Corporation - TDI Translation Driver.) (.14/07/2009 - 00:21:15.) -- C:\Windows\system32\Drivers\tdx.sys [99840] [MD5.58F82EED8CA24B461441F9C3E4F0BF5C] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.14/07/2009 - 02:45:55.) -- C:\Windows\system32\Drivers\volsnap.sys [294992] ~ Scan Generic Processes in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 2/35 ~ Mes Videos (My Videos) : 1/6 ~ Mes Favoris (My Favorites) : 1/25 ~ Mes Documents (My Documents) : 1/549 ~ Mon Bureau (My Desktop) : 1/256 ~ Menu demarrer (Programs) : 1/38 ~ Scan Hidden Files in 00mn 00s ---\\ Processus lancés [MD5.4F69AABB5D82AA4EF6DFF7871212ADF6] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [924600] [PID.2660] [MD5.A7B6857B7503D9CA4F40D17A7EBB67FB] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [16824] [PID.2100] [MD5.7E55EB324D283979E450F71C973110B9] - (.Adobe Systems, Inc. - Adobe Flash Player 11.3 r300.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe [1536712] [PID.1956] [MD5.72AE847EB2B526CC0551C88B9A2970C1] - (...) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [3763200] [PID.2028] ~ Scan Processes Running in 00mn 00s ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Users\Nanou\AppData\Local\Google\Chrome\User Data\Default\Preferences G0 - GCSP: Preference [user Data\Default][HomePage] Babylon Search G1 - GCS: Preference [user Data\Default] None G0 - GCSP: Preference [user Data\Default][HomePage] http://www.searchplusnetwork.com ~ Scan Google Browser in 00mn 00s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) C:\Users\Nanou\AppData\Roaming\Mozilla\Firefox\Profiles\082mlq3d.default\prefs.js C:\Users\Nanou\AppData\Roaming\Mozilla\Firefox\Profiles\082mlq3d.default\user.js M3 - MFPP: Plugins - [Nanou] -- C:\Users\Nanou\AppData\Roaming\Mozilla\Firefox\Profiles\082mlq3d.default\searchplugins\Plusnetwork.xml M3 - MFPP: Plugins - [Nanou] -- C:\Users\Nanou\AppData\Roaming\Mozilla\Firefox\Profiles\082mlq3d.default\searchplugins\sweetim.xml M3 - MFPP: Plugins - [Nanou] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\amazon-france.xml M3 - MFPP: Plugins - [Nanou] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\babylon.xml M3 - MFPP: Plugins - [Nanou] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\bing.xml M3 - MFPP: Plugins - [Nanou] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\cnrtl-tlfi-fr.xml M3 - MFPP: Plugins - [Nanou] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\eBay-france.xml M3 - MFPP: Plugins - [Nanou] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\google.xml M3 - MFPP: Plugins - [Nanou] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\wikipedia-fr.xml M3 - MFPP: Plugins - [Nanou] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\yahoo-france.xml M0 - MFSP: prefs.js [Nanou - 082mlq3d.default] Babylon Search M2 - MFEP: prefs.js [Nanou - 082mlq3d.default\ffxtlbr@babylon.com] [] Babylon v1.1.9 (.Babylon.) M2 - MFEP: prefs.js [Nanou - 082mlq3d.default\plugin@videofiledownload.com] [] VideoFileDownload - Download YouTube Videos v1.5 (.VideoFileDownload.) M2 - MFEP: prefs.js [Nanou - 082mlq3d.default\{C9B68337-E93A-44EA-94DC-CB300EC06444}] [] IMinent Toolbar v4.51.0 (.IMinent.) ~ Scan Firefox Browser in 00mn 00s ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Babylon Search R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Search Microsoft.com R3 - URLSearchHook: (no name) [64Bits] - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Interpréteur de commandes Windows.) (No version) -- (.not file.) ~ Scan IE Browser in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Scan Proxy management in 00mn 00s ---\\ Redirection du fichier Hosts (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Scan Hosts File in 00mn 00s ~ Nombre de lignes (Lines number): 21 ---\\ Applications démarrées par registre & par dossier (O4) O4 - HKCU\..\Run: [EPSON SX218 Series] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGDE.exe ~ Scan Application in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - Global Startup: C:\Users\Nanou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - Global Startup: C:\Users\Nanou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - Global Startup: C:\Users\Nanou\Desktop\Google Chrome.lnk . (.Google Inc..) -- C:\Users\Nanou\AppData\Local\Google\Chrome\Application\chrome.exe O4 - Global Startup: C:\Users\Nanou\Desktop\PhotoScape.lnk . (...) -- C:\Program Files (x86)\PhotoScape\PhotoScape.exe O4 - Global Startup: C:\Users\Nanou\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - Global Startup: C:\Users\Nanou\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk . (...) -- C:\Program Files (x86)\PhotoScape\PhotoScape.exe ~ Scan Global Startup in 00mn 00s ---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8) O8 - Extra context menu item: Rechercher sur le Web - (.not file.) - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html ~ Scan IE Menu Contextuel in 00mn 00s ---\\ Enumération Active Desktop & MHTML Editor (O24) O24 - Default MHTML Editor: Last - .(...) - (.not file.) ~ Scan Desktop Component in 00mn 00s ---\\ Tâches planifiées en automatique (O39) O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Adobe Flash Player Updater.job O39 - APT:Automatic Planified Task - C:\Windows\Tasks\AWC Startup.job [MD5.B04CDA7A51B049A43CB7DBCC8FD0931C] [APT] [AWC Startup] (.IObit.) -- C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe [MD5.D412AC27FE3C9F8BC19741DAC0E0329D] [APT] [RealUpgradeLogonTaskS-1-5-21-2120234448-2191660484-2770733499-1000] (.RealNetworks, Inc..) -- C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [MD5.D412AC27FE3C9F8BC19741DAC0E0329D] [APT] [RealUpgradeScheduledTaskS-1-5-21-2120234448-2191660484-2770733499-1000] (.RealNetworks, Inc..) -- C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe ~ Scan Scheduled Task in 00mn 01s ---\\ Composants installés (ActiveSetup Installed Components) (O40) (None) ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 25/07/2012 - 19:10:57 - [0,827] ----D C:\Program Files (x86)\Accelerer PC O43 - CFD: 30/04/2012 - 14:55:47 - [113,513] ----D C:\Program Files (x86)\Adobe O43 - CFD: 24/04/2012 - 10:38:55 - [0] ----D C:\Program Files (x86)\ASUS O43 - CFD: 23/07/2012 - 17:12:52 - [0,005] ----D C:\Program Files (x86)\BrowserCompanion O43 - CFD: 08/05/2012 - 00:58:30 - [12,770] ----D C:\Program Files (x86)\CDBurnerXP O43 - CFD: 22/06/2012 - 20:15:56 - [77,706] ----D C:\Program Files (x86)\Common Files O43 - CFD: 24/04/2012 - 12:09:19 - [14,375] ----D C:\Program Files (x86)\epson O43 - CFD: 24/04/2012 - 12:12:11 - [160,417] ----D C:\Program Files (x86)\Epson Software O43 - CFD: 05/06/2012 - 08:57:58 - [10,294] ----D C:\Program Files (x86)\GameSpy Arcade O43 - CFD: 23/07/2012 - 09:19:33 - [8,440] ----D C:\Program Files (x86)\Gulliland O43 - CFD: 24/04/2012 - 12:12:10 - [15,928] --H-D C:\Program Files (x86)\InstallShield Installation Information O43 - CFD: 25/06/2012 - 04:33:36 - [4,917] ----D C:\Program Files (x86)\Internet Explorer O43 - CFD: 05/06/2012 - 08:42:38 - [22,321] ----D C:\Program Files (x86)\IObit O43 - CFD: 18/05/2012 - 14:59:22 - [84,573] ----D C:\Program Files (x86)\Java O43 - CFD: 24/07/2012 - 11:49:29 - [4,447] ----D C:\Program Files (x86)\LogMeIn Hamachi O43 - CFD: 25/07/2012 - 19:04:09 - [11,720] ----D C:\Program Files (x86)\Malwarebytes' Anti-Malware O43 - CFD: 25/06/2012 - 04:32:30 - [36,641] ----D C:\Program Files (x86)\Microsoft Silverlight O43 - CFD: 29/06/2012 - 03:02:39 - [0,015] ----D C:\Program Files (x86)\Microsoft.NET O43 - CFD: 08/05/2012 - 21:31:47 - [102,539] ----D C:\Program Files (x86)\Mobile Action O43 - CFD: 05/06/2012 - 08:57:59 - [37,551] ----D C:\Program Files (x86)\Mozilla Firefox O43 - CFD: 14/07/2009 - 07:38:15 - [0,025] ----D C:\Program Files (x86)\MSBuild O43 - CFD: 13/05/2012 - 18:50:37 - [0] ----D C:\Program Files (x86)\MSXML 4.0 O43 - CFD: 24/04/2012 - 10:36:33 - [99,891] ----D C:\Program Files (x86)\NVIDIA Corporation O43 - CFD: 20/07/2012 - 21:03:20 - [0,001] ----D C:\Program Files (x86)\OApps O43 - CFD: 18/05/2012 - 14:45:38 - [0] ----D C:\Program Files (x86)\OpenOffice.org 3 O43 - CFD: 24/06/2012 - 21:34:14 - [23,494] ----D C:\Program Files (x86)\PhotoScape O43 - CFD: 04/05/2012 - 09:22:12 - [94,434] ----D C:\Program Files (x86)\Real O43 - CFD: 24/04/2012 - 10:19:55 - [2,563] ----D C:\Program Files (x86)\Realtek O43 - CFD: 14/07/2009 - 07:38:15 - [36,809] ----D C:\Program Files (x86)\Reference Assemblies O43 - CFD: 20/07/2012 - 21:38:02 - [0] ----D C:\Program Files (x86)\Software O43 - CFD: 18/05/2012 - 14:47:05 - [0] ----D C:\Program Files (x86)\SweetIM O43 - CFD: 16/05/2012 - 19:09:33 - [16,100] ----D C:\Program Files (x86)\TeamViewer O43 - CFD: 20/07/2012 - 19:20:41 - [3,153] --H-D C:\Program Files (x86)\Uninstall Information O43 - CFD: 20/07/2012 - 18:30:04 - [48,373] ----D C:\Program Files (x86)\v-Grabber O43 - CFD: 08/05/2012 - 00:57:18 - [80,949] ----D C:\Program Files (x86)\VideoLAN O43 - CFD: 01/09/2009 - 02:54:30 - [0,500] ----D C:\Program Files (x86)\Windows Defender O43 - CFD: 24/06/2012 - 21:40:28 - [59,478] ----D C:\Program Files (x86)\Windows Live O43 - CFD: 25/06/2012 - 04:34:38 - [5,895] ----D C:\Program Files (x86)\Windows Mail O43 - CFD: 14/07/2009 - 07:38:15 - [11,632] ----D C:\Program Files (x86)\Windows NT O43 - CFD: 01/09/2009 - 02:54:30 - [4,213] ----D C:\Program Files (x86)\Windows Photo Viewer O43 - CFD: 01/09/2009 - 02:54:30 - [5,716] ----D C:\Program Files (x86)\Windows Sidebar O43 - CFD: 13/05/2012 - 20:45:49 - [3,881] ----D C:\Program Files (x86)\WinRAR O43 - CFD: 26/07/2012 - 13:14:15 - [12,788] ----D C:\Program Files (x86)\ZHPDiag O43 - CFD: 30/04/2012 - 14:55:51 - [3,652] ----D C:\Program Files (x86)\Common Files\Adobe O43 - CFD: 24/04/2012 - 10:27:53 - [3,200] ----D C:\Program Files (x86)\Common Files\InstallShield O43 - CFD: 18/05/2012 - 15:00:14 - [1,201] ----D C:\Program Files (x86)\Common Files\Java O43 - CFD: 24/06/2012 - 21:35:25 - [20,481] ----D C:\Program Files (x86)\Common Files\microsoft shared O43 - CFD: 14/07/2009 - 05:20:08 - [0,003] ----D C:\Program Files (x86)\Common Files\Services O43 - CFD: 14/07/2009 - 05:20:08 - [39,200] ----D C:\Program Files (x86)\Common Files\SpeechEngines O43 - CFD: 25/06/2012 - 04:35:01 - [9,634] ----D C:\Program Files (x86)\Common Files\System O43 - CFD: 22/06/2012 - 20:15:56 - [0] ----D C:\Program Files (x86)\Common Files\Windows Live O43 - CFD: 04/05/2012 - 09:22:01 - [0,336] ----D C:\Program Files (x86)\Common Files\xing shared O43 - CFD: 20/06/2012 - 08:06:33 - [0,001] ----D C:\ProgramData\ABBYY O43 - CFD: 30/04/2012 - 14:58:54 - [137,377] ----D C:\ProgramData\Adobe O43 - CFD: 14/07/2009 - 07:08:10 - [0] --H-D C:\ProgramData\Application Data O43 - CFD: 23/07/2012 - 17:05:11 - [0] ----D C:\ProgramData\Babylon O43 - CFD: 23/07/2012 - 09:20:04 - [0] ----D C:\ProgramData\Big Fish Games O43 - CFD: 24/04/2012 - 10:00:27 - [0] --H-D C:\ProgramData\Bureau O43 - CFD: 08/05/2012 - 00:58:35 - [0] ----D C:\ProgramData\Canneverbe Limited O43 - CFD: 14/07/2009 - 07:08:10 - [0] --H-D C:\ProgramData\Desktop O43 - CFD: 14/07/2009 - 07:08:10 - [0] --H-D C:\ProgramData\Documents O43 - CFD: 26/06/2012 - 18:12:34 - [8,233] ----D C:\ProgramData\EPSON O43 - CFD: 24/04/2012 - 10:00:27 - [0] --H-D C:\ProgramData\Favoris O43 - CFD: 14/07/2009 - 07:08:10 - [0] --H-D C:\ProgramData\Favorites O43 - CFD: 25/07/2012 - 19:04:07 - [8,489] ----D C:\ProgramData\Malwarebytes O43 - CFD: 24/04/2012 - 10:00:27 - [0] --H-D C:\ProgramData\Menu Démarrer O43 - CFD: 24/06/2012 - 21:38:54 - [12,139] -S--D C:\ProgramData\Microsoft O43 - CFD: 24/04/2012 - 10:00:27 - [0] --H-D C:\ProgramData\Modèles O43 - CFD: 05/05/2012 - 18:16:15 - [0] ----D C:\ProgramData\Mozilla O43 - CFD: 26/07/2012 - 12:03:01 - [1,982] ----D C:\ProgramData\NVIDIA O43 - CFD: 24/04/2012 - 10:31:09 - [0,547] ----D C:\ProgramData\NVIDIA Corporation O43 - CFD: 04/05/2012 - 09:22:51 - [1,580] ----D C:\ProgramData\Real O43 - CFD: 20/07/2012 - 21:38:02 - [0] ----D C:\ProgramData\Software O43 - CFD: 14/07/2009 - 07:08:10 - [0] --H-D C:\ProgramData\Start Menu O43 - CFD: 14/05/2012 - 19:41:49 - [0,000] ----D C:\ProgramData\Sun O43 - CFD: 23/07/2012 - 09:19:01 - [0,280] ----D C:\ProgramData\Tarma Installer O43 - CFD: 20/07/2012 - 20:11:16 - [0] ---AD C:\ProgramData\TEMP O43 - CFD: 14/07/2009 - 07:08:10 - [0] --H-D C:\ProgramData\Templates O43 - CFD: 24/04/2012 - 12:13:01 - [0,003] ----D C:\ProgramData\UDL O43 - CFD: 23/07/2012 - 17:25:22 - [103,225] ----D C:\Users\Nanou\AppData\Roaming\.minecraft O43 - CFD: 30/04/2012 - 14:58:12 - [2,227] ----D C:\Users\Nanou\AppData\Roaming\Adobe O43 - CFD: 23/07/2012 - 17:05:11 - [0,007] ----D C:\Users\Nanou\AppData\Roaming\Babylon O43 - CFD: 23/07/2012 - 17:12:52 - [0] ----D C:\Users\Nanou\AppData\Roaming\BrowserCompanion O43 - CFD: 08/05/2012 - 00:58:35 - [0,001] ----D C:\Users\Nanou\AppData\Roaming\Canneverbe Limited O43 - CFD: 18/07/2012 - 16:46:10 - [0,000] ----D C:\Users\Nanou\AppData\Roaming\Download Manager O43 - CFD: 26/06/2012 - 18:12:34 - [0,008] ----D C:\Users\Nanou\AppData\Roaming\Epson O43 - CFD: 19/07/2012 - 11:47:36 - [0,341] ----D C:\Users\Nanou\AppData\Roaming\ERS Game Studios O43 - CFD: 20/07/2012 - 21:01:09 - [0,269] ----D C:\Users\Nanou\AppData\Roaming\eType O43 - CFD: 24/04/2012 - 10:02:01 - [0] ----D C:\Users\Nanou\AppData\Roaming\Identities O43 - CFD: 24/04/2012 - 12:11:32 - [0] ----D C:\Users\Nanou\AppData\Roaming\InstallShield O43 - CFD: 25/07/2012 - 19:08:35 - [2,437] ----D C:\Users\Nanou\AppData\Roaming\IObit O43 - CFD: 24/04/2012 - 13:49:28 - [0,002] ----D C:\Users\Nanou\AppData\Roaming\Macromedia O43 - CFD: 25/07/2012 - 19:04:15 - [0,012] ----D C:\Users\Nanou\AppData\Roaming\Malwarebytes O43 - CFD: 22/06/2012 - 20:32:35 - [3,696] -S--D C:\Users\Nanou\AppData\Roaming\Microsoft O43 - CFD: 08/05/2012 - 21:31:47 - [0,232] ----D C:\Users\Nanou\AppData\Roaming\Mobile Action O43 - CFD: 24/04/2012 - 10:04:59 - [43,780] ----D C:\Users\Nanou\AppData\Roaming\Mozilla O43 - CFD: 18/05/2012 - 14:47:18 - [0,809] ----D C:\Users\Nanou\AppData\Roaming\OfferBox O43 - CFD: 14/05/2012 - 19:49:20 - [1,432] ----D C:\Users\Nanou\AppData\Roaming\OpenOffice.org O43 - CFD: 23/07/2012 - 09:18:18 - [0] ----D C:\Users\Nanou\AppData\Roaming\PerformerSoft O43 - CFD: 03/05/2012 - 18:31:36 - [0,011] ----D C:\Users\Nanou\AppData\Roaming\Phantasmat_bf_se1 O43 - CFD: 19/05/2012 - 22:05:52 - [0,044] ----D C:\Users\Nanou\AppData\Roaming\PhotoScape O43 - CFD: 04/05/2012 - 09:27:24 - [1,200] ----D C:\Users\Nanou\AppData\Roaming\Real O43 - CFD: 14/07/2012 - 00:00:52 - [0,013] ----D C:\Users\Nanou\AppData\Roaming\Realore_Whiterra Roads Of Rome 2 O43 - CFD: 16/05/2012 - 19:58:09 - [0,000] ----D C:\Users\Nanou\AppData\Roaming\TeamViewer O43 - CFD: 08/06/2012 - 17:47:30 - [2,270] ----D C:\Users\Nanou\AppData\Roaming\vlc O43 - CFD: 13/05/2012 - 20:45:56 - [0,000] ----D C:\Users\Nanou\AppData\Roaming\WinRAR O43 - CFD: 24/04/2012 - 12:07:47 - [0] ----D C:\Users\Nanou\AppData\Local\ABBYY O43 - CFD: 30/04/2012 - 14:58:12 - [14,749] ----D C:\Users\Nanou\AppData\Local\Adobe O43 - CFD: 24/04/2012 - 10:00:46 - [0] ----D C:\Users\Nanou\AppData\Local\Application Data O43 - CFD: 26/07/2012 - 11:20:11 - [0,360] ----D C:\Users\Nanou\AppData\Local\Diagnostics O43 - CFD: 26/07/2012 - 11:19:02 - [0] ----D C:\Users\Nanou\AppData\Local\ElevatedDiagnostics O43 - CFD: 24/04/2012 - 10:23:19 - [224,829] ----D C:\Users\Nanou\AppData\Local\Google O43 - CFD: 24/04/2012 - 10:00:46 - [0] ----D C:\Users\Nanou\AppData\Local\Historique O43 - CFD: 26/07/2012 - 10:53:42 - [0,830] ----D C:\Users\Nanou\AppData\Local\LogMeIn Hamachi O43 - CFD: 24/06/2012 - 08:58:03 - [0] ----D C:\Users\Nanou\AppData\Local\Macromedia O43 - CFD: 23/07/2012 - 17:01:48 - [0,001] ----D C:\Users\Nanou\AppData\Local\Messenger_Plus_Live O43 - CFD: 20/07/2012 - 19:34:24 - [148,554] ----D C:\Users\Nanou\AppData\Local\Microsoft O43 - CFD: 14/07/2012 - 14:57:07 - [0,899] ----D C:\Users\Nanou\AppData\Local\Microsoft Games O43 - CFD: 24/04/2012 - 10:04:56 - [145,719] ----D C:\Users\Nanou\AppData\Local\Mozilla O43 - CFD: 27/06/2012 - 16:35:47 - [0,035] ----D C:\Users\Nanou\AppData\Local\SKIDROW O43 - CFD: 20/07/2012 - 18:27:52 - [0] ----D C:\Users\Nanou\AppData\Local\Software O43 - CFD: 26/07/2012 - 13:12:23 - [89,592] ----D C:\Users\Nanou\AppData\Local\Temp O43 - CFD: 24/04/2012 - 10:00:46 - [0] ----D C:\Users\Nanou\AppData\Local\Temporary Internet Files O43 - CFD: 13/05/2012 - 21:33:19 - [5,086] ----D C:\Users\Nanou\AppData\Local\VirtualStore O43 - CFD: 26/07/2012 - 09:39:51 - [0,027] ----D C:\Users\Nanou\AppData\Local\Windows Live O43 - CFD: 15/07/2012 - 11:24:09 - [0] ----D C:\Users\Nanou\AppData\Local\{0C3F3C0F-F0EA-4651-BD5E-7DE6CED8631F} O43 - CFD: 17/07/2012 - 21:29:09 - [0] ----D C:\Users\Nanou\AppData\Local\{0EC2B41C-3A97-4D20-A596-9B5B75E46077} O43 - CFD: 26/07/2012 - 09:39:48 - [0] ----D C:\Users\Nanou\AppData\Local\{125C5584-0834-4194-A0E1-BD88BE7BFBAD} O43 - CFD: 15/07/2012 - 11:24:20 - [0] ----D C:\Users\Nanou\AppData\Local\{19E06608-3DCC-4067-BF7D-F31547AD4E2C} O43 - CFD: 03/07/2012 - 10:37:25 - [0] ----D C:\Users\Nanou\AppData\Local\{1CC2090A-4D82-4834-B446-A5F606365FB5} O43 - CFD: 14/07/2012 - 10:34:24 - [0] ----D C:\Users\Nanou\AppData\Local\{224A892E-9571-442E-8A41-37F3FD7C20AC} O43 - CFD: 14/07/2012 - 10:34:34 - [0] ----D C:\Users\Nanou\AppData\Local\{24ED1FB9-6683-4F4B-9CDD-69F2FE87F99A} O43 - CFD: 11/07/2012 - 20:33:56 - [0] ----D C:\Users\Nanou\AppData\Local\{29339076-9335-4AAD-BC49-B653777AA8D4} O43 - CFD: 24/06/2012 - 21:44:05 - [0] ----D C:\Users\Nanou\AppData\Local\{2CC5A591-34DE-4600-A70E-ECF07CC9A486} O43 - CFD: 24/06/2012 - 21:43:55 - [0] ----D C:\Users\Nanou\AppData\Local\{2CFA4460-6E02-4A46-BDE7-E7BFFD4CE460} O43 - CFD: 10/07/2012 - 16:31:42 - [0] ----D C:\Users\Nanou\AppData\Local\{30B8D537-E715-49F5-9A0A-FD696E57BFDF} O43 - CFD: 30/06/2012 - 11:41:54 - [0] ----D C:\Users\Nanou\AppData\Local\{3925E8B6-7F6A-4689-83FD-F397245C4893} O43 - CFD: 24/06/2012 - 12:02:52 - [0] ----D C:\Users\Nanou\AppData\Local\{3A527BF0-1033-4556-AF22-986F61EDB602} O43 - CFD: 26/06/2012 - 20:14:40 - [0] ----D C:\Users\Nanou\AppData\Local\{3FBB5F57-EFF2-45B3-AB42-8A6C850718F8} O43 - CFD: 28/06/2012 - 21:42:56 - [0] ----D C:\Users\Nanou\AppData\Local\{4CD58552-2EB4-4A4B-A9B2-F5B201533D8E} O43 - CFD: 16/07/2012 - 18:09:29 - [0] ----D C:\Users\Nanou\AppData\Local\{50A5EB6D-BF8B-493C-8CCA-AC53B77CB5AE} O43 - CFD: 12/07/2012 - 12:26:41 - [0] ----D C:\Users\Nanou\AppData\Local\{608C3A14-62EA-479C-8246-A7284517981C} O43 - CFD: 03/07/2012 - 10:37:14 - [0] ----D C:\Users\Nanou\AppData\Local\{644A3998-1609-473E-A1D3-C15BCB69B89A} O43 - CFD: 30/06/2012 - 11:41:44 - [0] ----D C:\Users\Nanou\AppData\Local\{6F4F24C0-7786-4D1C-A2ED-C15107BE183A} O43 - CFD: 27/06/2012 - 15:40:53 - [0] ----D C:\Users\Nanou\AppData\Local\{766FCC81-86F0-44CC-98A8-8006F85B1E6C} O43 - CFD: 26/06/2012 - 20:14:51 - [0] ----D C:\Users\Nanou\AppData\Local\{7929D23B-F6D4-4AE4-9F7C-48CF79D02944} O43 - CFD: 18/07/2012 - 16:42:41 - [0] ----D C:\Users\Nanou\AppData\Local\{7D366AE6-1B40-4BEC-AFEA-24E4245BE97F} O43 - CFD: 17/07/2012 - 21:28:58 - [0] ----D C:\Users\Nanou\AppData\Local\{7F5DC8C0-E7E1-4C6A-8BD5-E52B94F0D744} O43 - CFD: 28/06/2012 - 21:42:45 - [0] ----D C:\Users\Nanou\AppData\Local\{8AC2FF55-C774-49B5-8DFA-71C845D1BF4A} O43 - CFD: 22/06/2012 - 20:39:20 - [0] ----D C:\Users\Nanou\AppData\Local\{9111D2A7-A2C4-481D-97F8-F68D5513ECFC} O43 - CFD: 25/06/2012 - 21:49:21 - [0] ----D C:\Users\Nanou\AppData\Local\{92257BEC-3493-4AB8-83F0-6E1D8DEC37EE} O43 - CFD: 13/07/2012 - 22:34:01 - [0] ----D C:\Users\Nanou\AppData\Local\{9633B22A-5C5F-4A08-9DC2-9A05B1FB498A} O43 - CFD: 25/06/2012 - 21:49:10 - [0] ----D C:\Users\Nanou\AppData\Local\{9D80CC5E-5F24-4468-AA90-D51B1D1F67C3} O43 - CFD: 22/06/2012 - 20:38:24 - [0] ----D C:\Users\Nanou\AppData\Local\{A268B4AE-1013-41B2-B88F-4C02C8F8946B} O43 - CFD: 28/06/2012 - 03:41:29 - [0] ----D C:\Users\Nanou\AppData\Local\{A642162F-A050-4F60-9A76-D8C0BA36910C} O43 - CFD: 11/07/2012 - 20:33:46 - [0] ----D C:\Users\Nanou\AppData\Local\{ABD7D49C-A46C-4D4F-9654-906D485DED5C} O43 - CFD: 24/06/2012 - 12:02:39 - [0] ----D C:\Users\Nanou\AppData\Local\{B1D1D9C3-BB20-48B2-A434-BB2482D2BC3B} O43 - CFD: 10/07/2012 - 16:31:52 - [0] ----D C:\Users\Nanou\AppData\Local\{B663F096-D1BB-4DC3-8957-8D0240153BFF} O43 - CFD: 28/06/2012 - 03:41:39 - [0] ----D C:\Users\Nanou\AppData\Local\{CCCADFEC-07CB-4F13-811A-6213B2BDA3C2} O43 - CFD: 27/06/2012 - 15:42:08 - [0] ----D C:\Users\Nanou\AppData\Local\{D738E0E2-7299-4EA9-A17B-4A7FCC1E671D} O43 - CFD: 12/07/2012 - 12:26:51 - [0] ----D C:\Users\Nanou\AppData\Local\{D7CA0707-803D-4068-8017-2C5749677F21} O43 - CFD: 18/07/2012 - 16:42:31 - [0] ----D C:\Users\Nanou\AppData\Local\{DAB85920-0E6E-41D4-985F-33E3A73896D7} O43 - CFD: 16/07/2012 - 18:09:19 - [0] ----D C:\Users\Nanou\AppData\Local\{EE74BFC9-A2E8-46FF-A16C-E568EE57D243} O43 - CFD: 26/07/2012 - 09:39:39 - [0] ----D C:\Users\Nanou\AppData\Local\{F49DBDDB-97D7-4D4D-B5EF-F3E5488D46F1} O43 - CFD: 27/06/2012 - 15:40:43 - [0] ----D C:\Users\Nanou\AppData\Local\{F83940ED-2873-43C0-AC6B-6A19084FB5F4} O43 - CFD: 26/07/2012 - 09:38:32 - [0,184] -SH-D C:\Users\Nanou\AppData\Local\{fe09ce2e-23ef-c6be-b551-13ec0a9986aa} O43 - CFD: 14/07/2009 - 06:59:41 - [0,014] R---D C:\Users\Nanou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories O43 - CFD: 25/06/2012 - 04:43:20 - [0,000] R---D C:\Users\Nanou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools O43 - CFD: 14/07/2012 - 14:54:43 - [0,000] ----D C:\Users\Nanou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games O43 - CFD: 13/05/2012 - 18:50:56 - [0,001] ----D C:\Users\Nanou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade O43 - CFD: 24/04/2012 - 10:23:35 - [0,005] ----D C:\Users\Nanou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome O43 - CFD: 24/07/2012 - 11:55:43 - [0,003] ----D C:\Users\Nanou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi O43 - CFD: 14/07/2009 - 06:54:45 - [0,001] R---D C:\Users\Nanou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance O43 - CFD: 23/07/2012 - 17:12:52 - [0,000] R---D C:\Users\Nanou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup O43 - CFD: 20/07/2012 - 18:30:05 - [0,003] ----D C:\Users\Nanou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\vGrabber O43 - CFD: 13/05/2012 - 20:45:49 - [0,003] ----D C:\Users\Nanou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR O43 - CFD: 25/07/2012 - 19:10:57 - [0,827] ----D C:\Program Files (x86)\Accelerer PC O43 - CFD: 30/04/2012 - 14:55:47 - [113,513] ----D C:\Program Files (x86)\Adobe O43 - CFD: 24/04/2012 - 10:38:55 - [0] ----D C:\Program Files (x86)\ASUS O43 - CFD: 23/07/2012 - 17:12:52 - [0,005] ----D C:\Program Files (x86)\BrowserCompanion O43 - CFD: 08/05/2012 - 00:58:30 - [12,770] ----D C:\Program Files (x86)\CDBurnerXP O43 - CFD: 22/06/2012 - 20:15:56 - [77,706] ----D C:\Program Files (x86)\Common Files O43 - CFD: 24/04/2012 - 12:09:19 - [14,375] ----D C:\Program Files (x86)\epson O43 - CFD: 24/04/2012 - 12:12:11 - [160,417] ----D C:\Program Files (x86)\Epson Software O43 - CFD: 05/06/2012 - 08:57:58 - [10,294] ----D C:\Program Files (x86)\GameSpy Arcade O43 - CFD: 23/07/2012 - 09:19:33 - [8,440] ----D C:\Program Files (x86)\Gulliland O43 - CFD: 24/04/2012 - 12:12:10 - [15,928] --H-D C:\Program Files (x86)\InstallShield Installation Information O43 - CFD: 25/06/2012 - 04:33:36 - [4,917] ----D C:\Program Files (x86)\Internet Explorer O43 - CFD: 05/06/2012 - 08:42:38 - [22,321] ----D C:\Program Files (x86)\IObit O43 - CFD: 18/05/2012 - 14:59:22 - [84,573] ----D C:\Program Files (x86)\Java O43 - CFD: 24/07/2012 - 11:49:29 - [4,447] ----D C:\Program Files (x86)\LogMeIn Hamachi O43 - CFD: 25/07/2012 - 19:04:09 - [11,720] ----D C:\Program Files (x86)\Malwarebytes' Anti-Malware O43 - CFD: 25/06/2012 - 04:32:30 - [36,641] ----D C:\Program Files (x86)\Microsoft Silverlight O43 - CFD: 29/06/2012 - 03:02:39 - [0,015] ----D C:\Program Files (x86)\Microsoft.NET O43 - CFD: 08/05/2012 - 21:31:47 - [102,539] ----D C:\Program Files (x86)\Mobile Action O43 - CFD: 05/06/2012 - 08:57:59 - [37,551] ----D C:\Program Files (x86)\Mozilla Firefox O43 - CFD: 14/07/2009 - 07:38:15 - [0,025] ----D C:\Program Files (x86)\MSBuild O43 - CFD: 13/05/2012 - 18:50:37 - [0] ----D C:\Program Files (x86)\MSXML 4.0 O43 - CFD: 24/04/2012 - 10:36:33 - [99,891] ----D C:\Program Files (x86)\NVIDIA Corporation O43 - CFD: 20/07/2012 - 21:03:20 - [0,001] ----D C:\Program Files (x86)\OApps O43 - CFD: 18/05/2012 - 14:45:38 - [0] ----D C:\Program Files (x86)\OpenOffice.org 3 O43 - CFD: 24/06/2012 - 21:34:14 - [23,494] ----D C:\Program Files (x86)\PhotoScape O43 - CFD: 04/05/2012 - 09:22:12 - [94,434] ----D C:\Program Files (x86)\Real O43 - CFD: 24/04/2012 - 10:19:55 - [2,563] ----D C:\Program Files (x86)\Realtek O43 - CFD: 14/07/2009 - 07:38:15 - [36,809] ----D C:\Program Files (x86)\Reference Assemblies O43 - CFD: 20/07/2012 - 21:38:02 - [0] ----D C:\Program Files (x86)\Software O43 - CFD: 18/05/2012 - 14:47:05 - [0] ----D C:\Program Files (x86)\SweetIM O43 - CFD: 16/05/2012 - 19:09:33 - [16,100] ----D C:\Program Files (x86)\TeamViewer O43 - CFD: 20/07/2012 - 19:20:41 - [3,153] --H-D C:\Program Files (x86)\Uninstall Information O43 - CFD: 20/07/2012 - 18:30:04 - [48,373] ----D C:\Program Files (x86)\v-Grabber O43 - CFD: 08/05/2012 - 00:57:18 - [80,949] ----D C:\Program Files (x86)\VideoLAN O43 - CFD: 01/09/2009 - 02:54:30 - [0,500] ----D C:\Program Files (x86)\Windows Defender O43 - CFD: 24/06/2012 - 21:40:28 - [59,478] ----D C:\Program Files (x86)\Windows Live O43 - CFD: 25/06/2012 - 04:34:38 - [5,895] ----D C:\Program Files (x86)\Windows Mail O43 - CFD: 14/07/2009 - 07:38:15 - [11,632] ----D C:\Program Files (x86)\Windows NT O43 - CFD: 01/09/2009 - 02:54:30 - [4,213] ----D C:\Program Files (x86)\Windows Photo Viewer O43 - CFD: 01/09/2009 - 02:54:30 - [5,716] ----D C:\Program Files (x86)\Windows Sidebar O43 - CFD: 13/05/2012 - 20:45:49 - [3,881] ----D C:\Program Files (x86)\WinRAR O43 - CFD: 26/07/2012 - 13:14:15 - [12,788] ----D C:\Program Files (x86)\ZHPDiag O43 - CFD: 30/04/2012 - 14:55:51 - [3,652] ----D C:\Program Files (x86)\Common Files\Adobe O43 - CFD: 24/04/2012 - 10:27:53 - [3,200] ----D C:\Program Files (x86)\Common Files\InstallShield O43 - CFD: 18/05/2012 - 15:00:14 - [1,201] ----D C:\Program Files (x86)\Common Files\Java O43 - CFD: 24/06/2012 - 21:35:25 - [20,481] ----D C:\Program Files (x86)\Common Files\microsoft shared O43 - CFD: 14/07/2009 - 05:20:08 - [0,003] ----D C:\Program Files (x86)\Common Files\Services O43 - CFD: 14/07/2009 - 05:20:08 - [39,200] ----D C:\Program Files (x86)\Common Files\SpeechEngines O43 - CFD: 25/06/2012 - 04:35:01 - [9,634] ----D C:\Program Files (x86)\Common Files\System O43 - CFD: 22/06/2012 - 20:15:56 - [0] ----D C:\Program Files (x86)\Common Files\Windows Live O43 - CFD: 04/05/2012 - 09:22:01 - [0,336] ----D C:\Program Files (x86)\Common Files\xing shared ~ Scan Program Folder in 00mn 00s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.986A291242F634EED37D9A9E3D576C50] - 26/07/2012 - 11:07:13 ---A- . (...) -- C:\Windows\SysNative\PerfStringBackup.INI [1549526] O44 - LFC:[MD5.06AB44F1644F0B0E49D4704345F3C804] - 26/07/2012 - 11:07:13 ---A- . (...) -- C:\Windows\SysNative\perfc009.dat [106190] O44 - LFC:[MD5.F06E2FCE65BC1DDBFDF25DB996A03565] - 26/07/2012 - 11:07:13 ---A- . (...) -- C:\Windows\SysNative\perfc00C.dat [130548] O44 - LFC:[MD5.D57E927B0D7BA7EE51A16AD469D5C707] - 26/07/2012 - 11:07:13 ---A- . (...) -- C:\Windows\SysNative\perfh009.dat [615810] O44 - LFC:[MD5.6FD641D943B278C046D93855EAAEF5A9] - 26/07/2012 - 11:07:13 ---A- . (...) -- C:\Windows\SysNative\perfh00C.dat [704242] O44 - LFC:[MD5.9982DE5B241F4776F71698EB4D4FC7E9] - 26/07/2012 - 11:02:55 ---A- . (...) -- C:\Windows\setupact.log [168] O44 - LFC:[MD5.299DC5AFDE609653B1A23F9E38AE0DEB] - 26/07/2012 - 11:02:54 -S-A- . (...) -- C:\Windows\bootstat.dat [67584] O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 26/07/2012 - 08:38:41 ---A- . (...) -- C:\Windows\setuperr.log [0] O44 - LFC:[MD5.DB37B66F46F771F51428A820DC26409F] - 26/07/2012 - 08:38:32 ---A- . (...) -- C:\Windows\PFRO.log [10654] O44 - LFC:[MD5.1E6438D4EA6E1174A3B3B1EDC4DE660B] - 23/07/2012 - 16:18:55 --HA- . (.LogMeIn, Inc. - Hamachi Virtual Network Interface Driver.) -- C:\Windows\SysNative\hamachi.sys [33856] O44 - LFC:[MD5.9BCFA7EC15C3F7B03EBAB59FA81BE0A5] - 23/07/2012 - 16:05:26 ---A- . (...) -- C:\user.js [565] O44 - LFC:[MD5.AD7A19248DD62AD012ADB913B2EAB441] - 21/07/2012 - 15:58:34 ---A- . (...) -- C:\Windows\SysNative\lvcoinst.log [5604] O44 - LFC:[MD5.76CD91CB704607A554F777F16869F345] - 20/07/2012 - 18:20:28 ---A- . (.PerformerSoft LLC - PC Performer.) -- C:\Windows\SysNative\roboot64.exe [19000] ~ Scan Files in 00mn 01s ---\\ Contrôle du Safe Boot (CSB) (O49) (None) ---\\ MountPoints2 Shell Key (O51) (None) ---\\ ShareTools MSconfig StartupReg (O53) (None) ---\\ Microsoft Windows Policies Explorer (O56) O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveTypeAutoRun"=145 ~ Scan Keys in 00mn 00s ---\\ Liste des Drivers Système (O58) O58 - SDL:[MD5.2F6B34B83843F0C5118B63AC634F5BF4] - 14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [491088] O58 - SDL:[MD5.1E6438D4EA6E1174A3B3B1EDC4DE660B] - 30/12/1899 - 16:35:42 --HA- . (.LogMeIn, Inc. - Hamachi Virtual Network Interface Driver.) -- C:\Windows\System32\hamachi.sys [33856] ~ Scan Drivers in 00mn 00s ---\\ File Associations Shell Spawning (O67) O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCU\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCR\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe ~ Scan Keys in 00mn 00s ---\\ Start Menu Internet (O68) (None) ---\\ Search Browser Infection (O69) O69 - SBI: prefs.js [Nanou - 082mlq3d.default] user_pref("browser.babylon.HPOnNewTab", "search.babylon.com"); O69 - SBI: prefs.js [Nanou - 082mlq3d.default] user_pref("browser.newtab.url", "http://search.babylon.com/?affID=114347&tt=190712_n_mont_3012_4&babsrc=NT_ss&mntrId=901951aa00000'>http://search.babylon.com/?affID=114347&tt=190712_n_mont_3012_4&babsrc=NT_ss&mntrId=901951aa00000[...] O69 - SBI: prefs.js [Nanou - 082mlq3d.default] user_pref("browser.search.defaultenginename", "Search the web (Babylon)"); O69 - SBI: prefs.js [Nanou - 082mlq3d.default] user_pref("browser.search.order.1", "Search the web (Babylon)"); O69 - SBI: prefs.js [Nanou - 082mlq3d.default] user_pref("browser.startup.homepage", "http://search.babylon.com/?affID=114347&tt=190712_n_mont_3012_4&babsrc=HP_ss&mntrId=901951a[...] O69 - SBI: prefs.js [Nanou - 082mlq3d.default] user_pref("extensions.BabylonToolbar.admin", false); O69 - SBI: prefs.js [Nanou - 082mlq3d.default] user_pref("extensions.BabylonToolbar.aflt", "babsst"); O69 - SBI: prefs.js [Nanou - 082mlq3d.default] user_pref("extensions.BabylonToolbar.babExt", ""); O69 - SBI: prefs.js [Nanou - 082mlq3d.default] user_pref("extensions.BabylonToolbar.babTrack", "affID=114347&tt=190712_n_mont_3012_4"); O69 - SBI: prefs.js [Nanou - 082mlq3d.default] user_pref("extensions.BabylonToolbar.bbDpng", 23); O69 - SBI: prefs.js [Nanou - 082mlq3d.default] user_pref("extensions.BabylonToolbar.cntry", "FR"); O69 - SBI: prefs.js [Nanou - 082mlq3d.default] user_pref("extensions.BabylonToolbar.dfltLng", "en"); O69 - SBI: prefs.js [Nanou - 082mlq3d.default] user_pref("extensions.BabylonToolbar.dfltSrch", true); O69 - SBI: prefs.js [Nanou - 082mlq3d.default] user_pref("extensions.BabylonToolbar.excTlbr", false); O69 - SBI: prefs.js [Nanou - 082mlq3d.default] user_pref("extensions.BabylonToolbar.hdrMd5", "DD61B63DDB32C6A4D7E3BA6C6B851193"); O69 - SBI: prefs.js [Nanou - 082mlq3d.default] user_pref("extensions.BabylonToolbar.hmpg", true); O69 - SBI: prefs.js [Nanou - 082mlq3d.default] user_pref("extensions.BabylonToolbar.id", "901951aa000000000000bc5ff4354e96"); O69 - SBI: prefs.js [Nanou - 082mlq3d.default] user_pref("extensions.BabylonToolbar.instlDay", "15544"); O69 - SBI: prefs.js [Nanou - 082mlq3d.default] user_pref("extensions.BabylonToolbar.instlRef", "sst"); O69 - SBI: prefs.js [Nanou - 082mlq3d.default] user_pref("extensions.BabylonToolbar.keyWordUrl", "http://search.babylon.com/?affID=114347&tt=190712_n_mont_3012_4&babsrc=KW_ss&mn[...] O69 - SBI: prefs.js [Nanou - 082mlq3d.default] user_pref("extensions.BabylonToolbar.lastDP", 23); O69 - SBI: prefs.js [Nanou - 082mlq3d.default] user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.29.117:05:24"); O69 - SBI: prefs.js [Nanou - 082mlq3d.default] user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "12.0"); O69 - SBI: prefs.js [Nanou - 082mlq3d.default] user_pref("extensions.BabylonToolbar.newTab", true); O69 - SBI: prefs.js [Nanou - 082mlq3d.default] user_pref("extensions.BabylonToolbar.newTabUrl", "http://search.babylon.com/?affID=114347&tt=190712_n_mont_3012_4&babsrc=NT_ss&mnt[...] O69 - SBI: prefs.js [Nanou - 082mlq3d.default] user_pref("extensions.BabylonToolbar.noFFXTlbr", false); O69 - SBI: prefs.js [Nanou - 082mlq3d.default] user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar"); O69 - SBI: prefs.js [Nanou - 082mlq3d.default] user_pref("extensions.BabylonToolbar.propectorlck", 81616355); O69 - SBI: prefs.js [Nanou - 082mlq3d.default] user_pref("extensions.BabylonToolbar.prtkDS", 1); O69 - SBI: prefs.js [Nanou - 082mlq3d.default] user_pref("extensions.BabylonToolbar.prtkHmpg", 1); O69 - SBI: prefs.js [Nanou - 082mlq3d.default] user_pref("extensions.BabylonToolbar.prtnrId", "babylon"); O69 - SBI: prefs.js [Nanou - 082mlq3d.default] user_pref("extensions.BabylonToolbar.ptch_0717", true); O69 - SBI: prefs.js [Nanou - 082mlq3d.default] user_pref("extensions.BabylonToolbar.sg", "none"); O69 - SBI: prefs.js [Nanou - 082mlq3d.default] user_pref("extensions.BabylonToolbar.smplGrp", "none"); O69 - SBI: prefs.js [Nanou - 082mlq3d.default] user_pref("extensions.BabylonToolbar.srcExt", "ss"); O69 - SBI: prefs.js [Nanou - 082mlq3d.default] user_pref("extensions.BabylonToolbar.tlbrId", "base"); O69 - SBI: prefs.js [Nanou - 082mlq3d.default] user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "http://www.google.com/search?babsrc=TB_ggl&q="); O69 - SBI: prefs.js [Nanou - 082mlq3d.default] user_pref("extensions.BabylonToolbar.vrsn", "1.5.29.1"); O69 - SBI: prefs.js [Nanou - 082mlq3d.default] user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.29.117:05:24"); O69 - SBI: prefs.js [Nanou - 082mlq3d.default] user_pref("extensions.BabylonToolbar.vrsni", "1.5.29.1"); O69 - SBI: prefs.js [Nanou - 082mlq3d.default] user_pref("extensions.BabylonToolbar_i.aflt", "babsst"); O69 - SBI: prefs.js [Nanou - 082mlq3d.default] user_pref("extensions.BabylonToolbar_i.babExt", ""); O69 - SBI: prefs.js [Nanou - 082mlq3d.default] user_pref("extensions.BabylonToolbar_i.babTrack", "affID=114347&tt=190712_n_mont_3012_4"); O69 - SBI: prefs.js [Nanou - 082mlq3d.default] user_pref("extensions.BabylonToolbar_i.hardId", "901951aa000000000000bc5ff4354e96"); O69 - SBI: prefs.js [Nanou - 082mlq3d.default] user_pref("extensions.BabylonToolbar_i.id", "901951aa000000000000bc5ff4354e96"); O69 - SBI: prefs.js [Nanou - 082mlq3d.default] user_pref("extensions.BabylonToolbar_i.instlDay", "15541"); O69 - SBI: prefs.js [Nanou - 082mlq3d.default] user_pref("extensions.BabylonToolbar_i.instlRef", "sst"); O69 - SBI: prefs.js [Nanou - 082mlq3d.default] user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar"); O69 - SBI: prefs.js [Nanou - 082mlq3d.default] user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon"); O69 - SBI: prefs.js [Nanou - 082mlq3d.default] user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); O69 - SBI: prefs.js [Nanou - 082mlq3d.default] user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); O69 - SBI: prefs.js [Nanou - 082mlq3d.default] user_pref("extensions.BabylonToolbar_i.tlbrId", "base"); O69 - SBI: prefs.js [Nanou - 082mlq3d.default] user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17"); O69 - SBI: prefs.js [Nanou - 082mlq3d.default] user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.29.117:05:24"); O69 - SBI: prefs.js [Nanou - 082mlq3d.default] user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17"); O69 - SBI: prefs.js [Nanou - 082mlq3d.default] user_pref("keyword.URL", "http://search.babylon.com/?affID=114347&tt=190712_n_mont_3012_4&babsrc=KW_ss&mntrId=901951aa000000000000[...] O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - Bing O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Search the web (Babylon)) - Babylon Search O69 - SBI: SearchScopes [HKCU] {4327FABE-3C22-4689-8DBF-D226CF777FE9} [DefaultScope] - (Plus! Network) - http://www.searchplusnetwork.com ~ Scan Keys in 00mn 00s ---\\ Internet Feature Controls (O81) O81 - IFC: Internet Feature Controls [HKCU] [FEATURE_BROWSER_EMULATION] -- svchost.exe ~ Scan Keys in 00mn 00s ---\\ Recherche des services démarrés par Svchost (O83) (None) ---\\ Recherche particuliere à la racine de certains dossiers (O84) [MD5.680F3A14C54CE0A34F5D23950E5269F9] [sPRF][23/07/2012] (.Yuna Software - Plus! Network.) -- C:\Users\Nanou\AppData\Local\Temp\Browser_Helper_Companion_FR.exe [1750528] [MD5.24F6D923EF6956ABD0449C879F36D7C7] [sPRF][25/07/2012] (...) -- C:\Users\Nanou\AppData\Local\Temp\i4jdel0.exe [27411] [MD5.05FECA1B4B1F7F9D924191716AD3F0BA] [sPRF][23/07/2012] (.Pas de propriétaire - IncrediMail Installer.) -- C:\Users\Nanou\AppData\Local\Temp\increBibar_install1003.exe [463184] [MD5.920E73C4E9426A0571C430174B2764DE] [sPRF][21/07/2012] (...) -- C:\Users\Nanou\AppData\Local\Temp\qc_a402013b_7656_4f6f_b57f_5a8ef69f5fc4_32.exe [44809728] [MD5.FEC17D5FB09A03376D3AA204C65562A7] [sPRF][23/07/2012] (...) -- C:\Users\Nanou\AppData\Local\Temp\sqlite3.dll [362029] [MD5.995B1541FF7E5495BC1E73F1ADD21892] [sPRF][20/07/2012] (...) -- C:\Users\Nanou\AppData\Local\Temp\wajam_install.exe [401832] ~ Scan Files in 00mn 00s ---\\ Scan Additionnel (O88) Database Version : 9170 - (21/07/2012) Clés trouvées (Keys found) : 7 Valeurs trouvées (Values found) : 0 Dossiers trouvés (Folders found) : 11 Fichiers trouvés (Files found) : 1 [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>Adware.MyWebSearch [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}] =>Toolbar.Agent [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}] =>Toolbar.Agent [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4a99-B4B6-146BF802613B}] =>Toolbar.Babylon [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4a99-B4B6-146BF802613B}] =>Toolbar.Babylon [HKCU\Software\OfferBox] =>PUP.OfferBox [HKCU\Software\SweetIM] =>Toolbar.SweetIM C:\Program Files (x86)\SweetIM =>Toolbar.SweetIM C:\ProgramData\Babylon =>Toolbar.Babylon C:\Users\Nanou\AppData\Roaming\Babylon =>Toolbar.Babylon C:\Users\Nanou\AppData\Roaming\eType =>Adware.Zugo C:\Users\Nanou\AppData\Roaming\OfferBox =>PUP.OfferBox C:\Users\Nanou\AppData\LocalLow\BabylonToolbar =>Toolbar.Babylon C:\Users\Nanou\AppData\LocalLow\Toolbar4 =>Toolbar.Conduit C:\Users\Nanou\AppData\Local\Temp\Iminent =>Adware.IMBooster C:\Users\Nanou\AppData\Roaming\Mozilla\Firefox\Profiles\082mlq3d.default\Extensions\ffxtlbr@babylon.com =>Toolbar.Babylon C:\Users\Nanou\AppData\Roaming\Mozilla\Firefox\Profiles\082mlq3d.default\SearchPlugins\sweetim.xml =>Toolbar.SweetIM ~ Scan Additionnel in 00mn 04s End of the scan (600 lines in 00mn 19s)(0) Pouvez vous m'aidez s'il vous plait .