[Résolu] PC infecté

angelus1717 · le 26 juillet 2012

Bonjour à tous,

Voilà plusieurs jours que mon pc est infecté par Trojan.Dropper.BCMiner Je suis sous XP j'ai lancer un scan et un nettoyage par MBAM je l'ai suprimer de la quarantaine mais quand je relance le scan il réaparait :outch:

voici le rapport

Elément(s) de données du Registre détecté(s): 0

(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 0

(Aucun élément nuisible détecté)

Fichier(s) détecté(s): 1

C:\Windows\Installer\{fe09ce2e-23ef-c6be-b551-13ec0a9986aa}\U\00000008.@ (Malwarebytes Anti-Malware (Essai) 1.62.0.1300

www.malwarebytes.org

Version de la base de données: v2012.07.25.08

Windows 7 x64 NTFS

Internet Explorer 9.0.8112.16421

Nanou :: NANOU-PC [administrateur]

Protection: Désactivé

26/07/2012 12:09:10

mbam-log-2012-07-26 (12-09-10).txt

Type d'examen: Examen complet (C:\|D:\|E:\|)

Options d'examen désactivées: P2P

Elément(s) analysé(s): 313239

Temps écoulé: 23 minute(s), 41 seconde(s)

Processus mémoire détecté(s): 0

(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0

(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 0

(Aucun élément nuisible détecté)

Valeur(s) du Registre détectée(s): 0

(Aucun élément nuisible détecté)

Elément(s) de données du Registre détecté(s): 0

(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 0

(Aucun élément nuisible détecté)

Fichier(s) détecté(s): 1

C:\Windows\Installer\{fe09ce2e-23ef-c6be-b551-13ec0a9986aa}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Mis en quarantaine et supprimé avec succès) -> Mis en quarantaine et supprimé avec succès.

J'ai ensuite lancer ZHPDIAG dont voici le rapport :bigglasses:

apport de ZHPDiag v1.31.11 par Nicolas Coolman, Update du 21/07/2012

Run by Nanou at 26/07/2012 13:14:06

Web site : ZHPDiag Outil de diagnostic

Web site : Blog de NicolasCoolman - ZebHelpProcess - Skyrock.com

State : Version à jour.

---\\ Web Browser

MSIE: Internet Explorer v

---\\ Windows Product Information

~ Langage: Français

Windows 7 Ultimate Edition, 64-bit (Build 7600)

Windows Server License Manager Script : OK

~ Windows® 7, OEM_SLP channel

System Locked Preinstallation (OEM_SLP) : OK

Windows ID Activation : OK

~ Windows Partial Key : HYRR2

Windows License : OK

~ Windows Remaining Initializations Number : 3

Software Protection Service (Protection logicielle) : KO

Windows Automatic Updates : OK

Windows Activation Technologies : OK

---\\ System Information

~ Processor: AMD64 Family 16 Model 4 Stepping 3, AuthenticAMD

~ Operating System: 64 Bits

Boot mode: Normal (Normal boot)

Total RAM: 4095 MB (57% free)

System Restore: Inconnu (Unknown)

System drive C: has 436 GB (92%) free of 471 GB

---\\ Logged in mode

~ Computer Name: NANOU-PC

~ User Name: Nanou

~ All Users Names: Nanou, HomeGroupUser$, Administrateur,

~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89

Logged in as Administrator

---\\ Environnement Variables

~ System Unit : C:\

~ %AppData% : C:\Users\Nanou\AppData\Roaming\

~ %Desktop% : C:\Users\Nanou\Desktop\

~ %Favorites% : C:\Users\Nanou\Favorites\

~ %LocalAppData% : C:\Users\Nanou\AppData\Local\

~ %StartMenu% : C:\Users\Nanou\AppData\Roaming\Microsoft\Windows\Start Menu\

~ %Windir% : C:\Windows\

~ %System% : C:\Windows\System32\

---\\ DOS/Devices

C:\ Hard drive, Flash drive, Thumb drive (Free 436 Go of 471 Go)

D:\ Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)

E:\ Hard drive, Flash drive, Thumb drive (Free 206 Go of 222 Go)

F:\ CD-ROM drive (Not Inserted)

G:\ Floppy drive, Flash card reader, USB Key (Not Inserted)

H:\ Floppy drive, Flash card reader, USB Key (Not Inserted)

I:\ Floppy drive, Flash card reader, USB Key (Not Inserted)

J:\ Floppy drive, Flash card reader, USB Key (Not Inserted)

K:\ Floppy drive, Flash card reader, USB Key (Not Inserted)

---\\ Security Center & Tools Informations

~ Scan Security Center in 00mn 00s

---\\ Recherche particulière de fichiers génériques

[MD5.0862495E0C825893DB75EF44FAEA8E93] - (.Microsoft Corporation - Explorateur Windows.) (.26/02/2011 - 07:23:14.) -- C:\Windows\Explorer.exe [2870272]

[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]

[MD5.870ECFEBD41C7B8F9C6777748368D51F] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.25/06/2012 - 02:22:51.) -- C:\Windows\System32\wininet.dll [1392128]

[MD5.DA3E2A6FA9660CC75B471530CE88453A] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.28/10/2009 - 07:24:40.) -- C:\Windows\System32\Winlogon.exe [389632]

[MD5.75341574F21E766748732BDF530C74BD] - (.Microsoft Corporation - Bibliothèque de licences.) (.14/07/2009 - 02:41:54.) -- C:\Windows\System32\sppcomapi.dll [231936]

[MD5.DB9D6C6B2CD95A9CA414D045B627422E] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 04:59:11.) -- C:\Windows\system32\Drivers\AFD.sys [499200]

[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]

[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]

[MD5.83D2D75E1EFB81B3450C18131443F7DB] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.14/07/2009 - 00:19:54.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]

[MD5.9C253CE7311CA60FC11C774692A13208] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.27/04/2011 - 03:57:40.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]

[MD5.0A49913402747A0B67DE940FB42CBDBB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.14/07/2009 - 01:06:13.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]

[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]

[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]

[MD5.040D62A9D8AD28922632137ACDD984F2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.04/05/2011 - 03:51:08.) -- C:\Windows\system32\Drivers\MRxSmb.sys [157696]

[MD5.9162B273A44AB9DCE5B44362731D062A] - (.Microsoft Corporation - MBT Transport driver.) (.14/07/2009 - 00:21:29.) -- C:\Windows\system32\Drivers\netBT.sys [259072]

[MD5.378E0E0DFEA67D98AE6EA53ADBBD76BC] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.11/03/2011 - 07:23:06.) -- C:\Windows\system32\Drivers\ntfs.sys [1657216]

[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]

[MD5.87A6E852A22991580D6D39ADC4790463] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 01:10:12.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [130048]

[MD5.9706B84DBABFC4B4CA46C5A82B14DFA3] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.14/07/2009 - 01:18:02.) -- C:\Windows\system32\Drivers\rdpdr.sys [165376]

[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]

[MD5.079125C4B17B01FCAEEBCE0BCB290C0F] - (.Microsoft Corporation - TDI Translation Driver.) (.14/07/2009 - 00:21:15.) -- C:\Windows\system32\Drivers\tdx.sys [99840]

[MD5.58F82EED8CA24B461441F9C3E4F0BF5C] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.14/07/2009 - 02:45:55.) -- C:\Windows\system32\Drivers\volsnap.sys [294992]

~ Scan Generic Processes in 00mn 00s

---\\ Etat des fichiers cachés (Caché/Total)

~ Mes images (My Pictures) : 2/35

~ Mes Videos (My Videos) : 1/6

~ Mes Favoris (My Favorites) : 1/25

~ Mes Documents (My Documents) : 1/549

~ Mon Bureau (My Desktop) : 1/256

~ Menu demarrer (Programs) : 1/38

~ Scan Hidden Files in 00mn 00s

---\\ Processus lancés

[MD5.4F69AABB5D82AA4EF6DFF7871212ADF6] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [924600] [PID.2660]

[MD5.A7B6857B7503D9CA4F40D17A7EBB67FB] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [16824] [PID.2100]

[MD5.7E55EB324D283979E450F71C973110B9] - (.Adobe Systems, Inc. - Adobe Flash Player 11.3 r300.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe [1536712] [PID.1956]

[MD5.72AE847EB2B526CC0551C88B9A2970C1] - (...) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [3763200] [PID.2028]

~ Scan Processes Running in 00mn 00s

---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)

C:\Users\Nanou\AppData\Local\Google\Chrome\User Data\Default\Preferences

G0 - GCSP: Preference [user Data\Default][HomePage] Babylon Search

G1 - GCS: Preference [user Data\Default] None

G0 - GCSP: Preference [user Data\Default][HomePage] http://www.s earchplu s networ k .com

~ Scan Google Browser in 00mn 00s

---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)

C:\Users\Nanou\AppData\Roaming\Mozilla\Firefox\Profiles\082mlq3d.default\prefs.js

C:\Users\Nanou\AppData\Roaming\Mozilla\Firefox\Profiles\082mlq3d.default\user.js

M3 - MFPP: Plugins - [Nanou] -- C:\Users\Nanou\AppData\Roaming\Mozilla\Firefox\Profiles\082mlq3d.default\searchplugins\Plusnetwork.xml

M3 - MFPP: Plugins - [Nanou] -- C:\Users\Nanou\AppData\Roaming\Mozilla\Firefox\Profiles\082mlq3d.default\searchplugins\sweetim.xml

M3 - MFPP: Plugins - [Nanou] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\amazon-france.xml

M3 - MFPP: Plugins - [Nanou] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\babylon.xml

M3 - MFPP: Plugins - [Nanou] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\bing.xml

M3 - MFPP: Plugins - [Nanou] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\cnrtl-tlfi-fr.xml

M3 - MFPP: Plugins - [Nanou] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\eBay-france.xml

M3 - MFPP: Plugins - [Nanou] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\google.xml

M3 - MFPP: Plugins - [Nanou] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\wikipedia-fr.xml

M3 - MFPP: Plugins - [Nanou] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\yahoo-france.xml

M0 - MFSP: prefs.js [Nanou - 082mlq3d.default] Babylon Search

M2 - MFEP: prefs.js [Nanou - 082mlq3d.default\ffxtlbr@babylon.com] [] Babylon v1.1.9 (.Babylon.)

M2 - MFEP: prefs.js [Nanou - 082mlq3d.default\plugin@videofiledownload.com] [] VideoFileDownload - Download YouTube Videos v1.5 (.VideoFileDownload.)

M2 - MFEP: prefs.js [Nanou - 082mlq3d.default\{C9B68337-E93A-44EA-94DC-CB300EC06444}] [] IMinent Toolbar v4.51.0 (.IMinent.)

~ Scan Firefox Browser in 00mn 00s

---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)

R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Babylon Search

R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Search Microsoft.com

R3 - URLSearchHook: (no name) [64Bits] - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Interpréteur de commandes Windows.) (No version) -- (.not file.)

~ Scan IE Browser in 00mn 00s

---\\ Internet Explorer, Proxy Management (R5)

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll

~ Scan Proxy management in 00mn 00s

---\\ Redirection du fichier Hosts (O1)

~ Le fichier hosts est sain (The hosts file is clean).

~ Scan Hosts File in 00mn 00s

~ Nombre de lignes (Lines number): 21

---\\ Applications démarrées par registre & par dossier (O4)

O4 - HKCU\..\Run: [EPSON SX218 Series] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGDE.exe

~ Scan Application in 00mn 00s

---\\ Autres liens utilisateurs (O4)

O4 - Global Startup: C:\Users\Nanou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

O4 - Global Startup: C:\Users\Nanou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

O4 - Global Startup: C:\Users\Nanou\Desktop\Google Chrome.lnk . (.Google Inc..) -- C:\Users\Nanou\AppData\Local\Google\Chrome\Application\chrome.exe

O4 - Global Startup: C:\Users\Nanou\Desktop\PhotoScape.lnk . (...) -- C:\Program Files (x86)\PhotoScape\PhotoScape.exe

O4 - Global Startup: C:\Users\Nanou\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

O4 - Global Startup: C:\Users\Nanou\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk . (...) -- C:\Program Files (x86)\PhotoScape\PhotoScape.exe

~ Scan Global Startup in 00mn 00s

---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)

O8 - Extra context menu item: Rechercher sur le Web - (.not file.) - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html

~ Scan IE Menu Contextuel in 00mn 00s

---\\ Enumération Active Desktop & MHTML Editor (O24)

O24 - Default MHTML Editor: Last - .(...) - (.not file.)

~ Scan Desktop Component in 00mn 00s

---\\ Tâches planifiées en automatique (O39)

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Adobe Flash Player Updater.job

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\AWC Startup.job

[MD5.B04CDA7A51B049A43CB7DBCC8FD0931C] [APT] [AWC Startup] (.IObit.) -- C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe

[MD5.D412AC27FE3C9F8BC19741DAC0E0329D] [APT] [RealUpgradeLogonTaskS-1-5-21-2120234448-2191660484-2770733499-1000] (.RealNetworks, Inc..) -- C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe

[MD5.D412AC27FE3C9F8BC19741DAC0E0329D] [APT] [RealUpgradeScheduledTaskS-1-5-21-2120234448-2191660484-2770733499-1000] (.RealNetworks, Inc..) -- C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe

~ Scan Scheduled Task in 00mn 01s

---\\ Composants installés (ActiveSetup Installed Components) (O40) (None)

---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)

O43 - CFD: 25/07/2012 - 19:10:57 - [0,827] ----D C:\Program Files (x86)\Accelerer PC

O43 - CFD: 30/04/2012 - 14:55:47 - [113,513] ----D C:\Program Files (x86)\Adobe

O43 - CFD: 24/04/2012 - 10:38:55 - [0] ----D C:\Program Files (x86)\ASUS

O43 - CFD: 23/07/2012 - 17:12:52 - [0,005] ----D C:\Program Files (x86)\BrowserCompanion

O43 - CFD: 08/05/2012 - 00:58:30 - [12,770] ----D C:\Program Files (x86)\CDBurnerXP

O43 - CFD: 22/06/2012 - 20:15:56 - [77,706] ----D C:\Program Files (x86)\Common Files

O43 - CFD: 24/04/2012 - 12:09:19 - [14,375] ----D C:\Program Files (x86)\epson

O43 - CFD: 24/04/2012 - 12:12:11 - [160,417] ----D C:\Program Files (x86)\Epson Software

O43 - CFD: 05/06/2012 - 08:57:58 - [10,294] ----D C:\Program Files (x86)\GameSpy Arcade

O43 - CFD: 23/07/2012 - 09:19:33 - [8,440] ----D C:\Program Files (x86)\Gulliland

O43 - CFD: 24/04/2012 - 12:12:10 - [15,928] --H-D C:\Program Files (x86)\InstallShield Installation Information

O43 - CFD: 25/06/2012 - 04:33:36 - [4,917] ----D C:\Program Files (x86)\Internet Explorer

O43 - CFD: 05/06/2012 - 08:42:38 - [22,321] ----D C:\Program Files (x86)\IObit

O43 - CFD: 18/05/2012 - 14:59:22 - [84,573] ----D C:\Program Files (x86)\Java

O43 - CFD: 24/07/2012 - 11:49:29 - [4,447] ----D C:\Program Files (x86)\LogMeIn Hamachi

O43 - CFD: 25/07/2012 - 19:04:09 - [11,720] ----D C:\Program Files (x86)\Malwarebytes' Anti-Malware

O43 - CFD: 25/06/2012 - 04:32:30 - [36,641] ----D C:\Program Files (x86)\Microsoft Silverlight

O43 - CFD: 29/06/2012 - 03:02:39 - [0,015] ----D C:\Program Files (x86)\Microsoft.NET

O43 - CFD: 08/05/2012 - 21:31:47 - [102,539] ----D C:\Program Files (x86)\Mobile Action

O43 - CFD: 05/06/2012 - 08:57:59 - [37,551] ----D C:\Program Files (x86)\Mozilla Firefox

O43 - CFD: 14/07/2009 - 07:38:15 - [0,025] ----D C:\Program Files (x86)\MSBuild

O43 - CFD: 13/05/2012 - 18:50:37 - [0] ----D C:\Program Files (x86)\MSXML 4.0

O43 - CFD: 24/04/2012 - 10:36:33 - [99,891] ----D C:\Program Files (x86)\NVIDIA Corporation

O43 - CFD: 20/07/2012 - 21:03:20 - [0,001] ----D C:\Program Files (x86)\OApps

O43 - CFD: 18/05/2012 - 14:45:38 - [0] ----D C:\Program Files (x86)\OpenOffice.org 3

O43 - CFD: 24/06/2012 - 21:34:14 - [23,494] ----D C:\Program Files (x86)\PhotoScape

O43 - CFD: 04/05/2012 - 09:22:12 - [94,434] ----D C:\Program Files (x86)\Real

O43 - CFD: 24/04/2012 - 10:19:55 - [2,563] ----D C:\Program Files (x86)\Realtek

O43 - CFD: 14/07/2009 - 07:38:15 - [36,809] ----D C:\Program Files (x86)\Reference Assemblies

O43 - CFD: 20/07/2012 - 21:38:02 - [0] ----D C:\Program Files (x86)\Software

O43 - CFD: 18/05/2012 - 14:47:05 - [0] ----D C:\Program Files (x86)\SweetIM

O43 - CFD: 16/05/2012 - 19:09:33 - [16,100] ----D C:\Program Files (x86)\TeamViewer

O43 - CFD: 20/07/2012 - 19:20:41 - [3,153] --H-D C:\Program Files (x86)\Uninstall Information

O43 - CFD: 20/07/2012 - 18:30:04 - [48,373] ----D C:\Program Files (x86)\v-Grabber

O43 - CFD: 08/05/2012 - 00:57:18 - [80,949] ----D C:\Program Files (x86)\VideoLAN

O43 - CFD: 01/09/2009 - 02:54:30 - [0,500] ----D C:\Program Files (x86)\Windows Defender

O43 - CFD: 24/06/2012 - 21:40:28 - [59,478] ----D C:\Program Files (x86)\Windows Live

O43 - CFD: 25/06/2012 - 04:34:38 - [5,895] ----D C:\Program Files (x86)\Windows Mail

O43 - CFD: 14/07/2009 - 07:38:15 - [11,632] ----D C:\Program Files (x86)\Windows NT

O43 - CFD: 01/09/2009 - 02:54:30 - [4,213] ----D C:\Program Files (x86)\Windows Photo Viewer

O43 - CFD: 01/09/2009 - 02:54:30 - [5,716] ----D C:\Program Files (x86)\Windows Sidebar

O43 - CFD: 13/05/2012 - 20:45:49 - [3,881] ----D C:\Program Files (x86)\WinRAR

O43 - CFD: 26/07/2012 - 13:14:15 - [12,788] ----D C:\Program Files (x86)\ZHPDiag

O43 - CFD: 30/04/2012 - 14:55:51 - [3,652] ----D C:\Program Files (x86)\Common Files\Adobe

O43 - CFD: 24/04/2012 - 10:27:53 - [3,200] ----D C:\Program Files (x86)\Common Files\InstallShield

O43 - CFD: 18/05/2012 - 15:00:14 - [1,201] ----D C:\Program Files (x86)\Common Files\Java

O43 - CFD: 24/06/2012 - 21:35:25 - [20,481] ----D C:\Program Files (x86)\Common Files\microsoft shared

O43 - CFD: 14/07/2009 - 05:20:08 - [0,003] ----D C:\Program Files (x86)\Common Files\Services

O43 - CFD: 14/07/2009 - 05:20:08 - [39,200] ----D C:\Program Files (x86)\Common Files\SpeechEngines

O43 - CFD: 25/06/2012 - 04:35:01 - [9,634] ----D C:\Program Files (x86)\Common Files\System

O43 - CFD: 22/06/2012 - 20:15:56 - [0] ----D C:\Program Files (x86)\Common Files\Windows Live

O43 - CFD: 04/05/2012 - 09:22:01 - [0,336] ----D C:\Program Files (x86)\Common Files\xing shared

O43 - CFD: 20/06/2012 - 08:06:33 - [0,001] ----D C:\ProgramData\ABBYY

O43 - CFD: 30/04/2012 - 14:58:54 - [137,377] ----D C:\ProgramData\Adobe

O43 - CFD: 14/07/2009 - 07:08:10 - [0] --H-D C:\ProgramData\Application Data

O43 - CFD: 23/07/2012 - 17:05:11 - [0] ----D C:\ProgramData\Babylon

O43 - CFD: 23/07/2012 - 09:20:04 - [0] ----D C:\ProgramData\Big Fish Games

O43 - CFD: 24/04/2012 - 10:00:27 - [0] --H-D C:\ProgramData\Bureau

O43 - CFD: 08/05/2012 - 00:58:35 - [0] ----D C:\ProgramData\Canneverbe Limited

O43 - CFD: 14/07/2009 - 07:08:10 - [0] --H-D C:\ProgramData\Desktop

O43 - CFD: 14/07/2009 - 07:08:10 - [0] --H-D C:\ProgramData\Documents

O43 - CFD: 26/06/2012 - 18:12:34 - [8,233] ----D C:\ProgramData\EPSON

O43 - CFD: 24/04/2012 - 10:00:27 - [0] --H-D C:\ProgramData\Favoris

O43 - CFD: 14/07/2009 - 07:08:10 - [0] --H-D C:\ProgramData\Favorites

O43 - CFD: 25/07/2012 - 19:04:07 - [8,489] ----D C:\ProgramData\Malwarebytes

O43 - CFD: 24/04/2012 - 10:00:27 - [0] --H-D C:\ProgramData\Menu Démarrer

O43 - CFD: 24/06/2012 - 21:38:54 - [12,139] -S--D C:\ProgramData\Microsoft

O43 - CFD: 24/04/2012 - 10:00:27 - [0] --H-D C:\ProgramData\Modèles

O43 - CFD: 05/05/2012 - 18:16:15 - [0] ----D C:\ProgramData\Mozilla

O43 - CFD: 26/07/2012 - 12:03:01 - [1,982] ----D C:\ProgramData\NVIDIA

O43 - CFD: 24/04/2012 - 10:31:09 - [0,547] ----D C:\ProgramData\NVIDIA Corporation

O43 - CFD: 04/05/2012 - 09:22:51 - [1,580] ----D C:\ProgramData\Real

O43 - CFD: 20/07/2012 - 21:38:02 - [0] ----D C:\ProgramData\Software

O43 - CFD: 14/07/2009 - 07:08:10 - [0] --H-D C:\ProgramData\Start Menu

O43 - CFD: 14/05/2012 - 19:41:49 - [0,000] ----D C:\ProgramData\Sun

O43 - CFD: 23/07/2012 - 09:19:01 - [0,280] ----D C:\ProgramData\Tarma Installer

O43 - CFD: 20/07/2012 - 20:11:16 - [0] ---AD C:\ProgramData\TEMP

O43 - CFD: 14/07/2009 - 07:08:10 - [0] --H-D C:\ProgramData\Templates

O43 - CFD: 24/04/2012 - 12:13:01 - [0,003] ----D C:\ProgramData\UDL

O43 - CFD: 23/07/2012 - 17:25:22 - [103,225] ----D C:\Users\Nanou\AppData\Roaming\.minecraft

O43 - CFD: 30/04/2012 - 14:58:12 - [2,227] ----D C:\Users\Nanou\AppData\Roaming\Adobe

O43 - CFD: 23/07/2012 - 17:05:11 - [0,007] ----D C:\Users\Nanou\AppData\Roaming\Babylon

O43 - CFD: 23/07/2012 - 17:12:52 - [0] ----D C:\Users\Nanou\AppData\Roaming\BrowserCompanion

O43 - CFD: 08/05/2012 - 00:58:35 - [0,001] ----D C:\Users\Nanou\AppData\Roaming\Canneverbe Limited

O43 - CFD: 18/07/2012 - 16:46:10 - [0,000] ----D C:\Users\Nanou\AppData\Roaming\Download Manager

O43 - CFD: 26/06/2012 - 18:12:34 - [0,008] ----D C:\Users\Nanou\AppData\Roaming\Epson

O43 - CFD: 19/07/2012 - 11:47:36 - [0,341] ----D C:\Users\Nanou\AppData\Roaming\ERS Game Studios

O43 - CFD: 20/07/2012 - 21:01:09 - [0,269] ----D C:\Users\Nanou\AppData\Roaming\eType

O43 - CFD: 24/04/2012 - 10:02:01 - [0] ----D C:\Users\Nanou\AppData\Roaming\Identities

O43 - CFD: 24/04/2012 - 12:11:32 - [0] ----D C:\Users\Nanou\AppData\Roaming\InstallShield

O43 - CFD: 25/07/2012 - 19:08:35 - [2,437] ----D C:\Users\Nanou\AppData\Roaming\IObit

O43 - CFD: 24/04/2012 - 13:49:28 - [0,002] ----D C:\Users\Nanou\AppData\Roaming\Macromedia

O43 - CFD: 25/07/2012 - 19:04:15 - [0,012] ----D C:\Users\Nanou\AppData\Roaming\Malwarebytes

O43 - CFD: 22/06/2012 - 20:32:35 - [3,696] -S--D C:\Users\Nanou\AppData\Roaming\Microsoft

O43 - CFD: 08/05/2012 - 21:31:47 - [0,232] ----D C:\Users\Nanou\AppData\Roaming\Mobile Action

O43 - CFD: 24/04/2012 - 10:04:59 - [43,780] ----D C:\Users\Nanou\AppData\Roaming\Mozilla

O43 - CFD: 18/05/2012 - 14:47:18 - [0,809] ----D C:\Users\Nanou\AppData\Roaming\OfferBox

O43 - CFD: 14/05/2012 - 19:49:20 - [1,432] ----D C:\Users\Nanou\AppData\Roaming\OpenOffice.org

O43 - CFD: 23/07/2012 - 09:18:18 - [0] ----D C:\Users\Nanou\AppData\Roaming\PerformerSoft

O43 - CFD: 03/05/2012 - 18:31:36 - [0,011] ----D C:\Users\Nanou\AppData\Roaming\Phantasmat_bf_se1

O43 - CFD: 19/05/2012 - 22:05:52 - [0,044] ----D C:\Users\Nanou\AppData\Roaming\PhotoScape

O43 - CFD: 04/05/2012 - 09:27:24 - [1,200] ----D C:\Users\Nanou\AppData\Roaming\Real

O43 - CFD: 14/07/2012 - 00:00:52 - [0,013] ----D C:\Users\Nanou\AppData\Roaming\Realore_Whiterra Roads Of Rome 2

O43 - CFD: 16/05/2012 - 19:58:09 - [0,000] ----D C:\Users\Nanou\AppData\Roaming\TeamViewer

O43 - CFD: 08/06/2012 - 17:47:30 - [2,270] ----D C:\Users\Nanou\AppData\Roaming\vlc

O43 - CFD: 13/05/2012 - 20:45:56 - [0,000] ----D C:\Users\Nanou\AppData\Roaming\WinRAR

O43 - CFD: 24/04/2012 - 12:07:47 - [0] ----D C:\Users\Nanou\AppData\Local\ABBYY

O43 - CFD: 30/04/2012 - 14:58:12 - [14,749] ----D C:\Users\Nanou\AppData\Local\Adobe

O43 - CFD: 24/04/2012 - 10:00:46 - [0] ----D C:\Users\Nanou\AppData\Local\Application Data

O43 - CFD: 26/07/2012 - 11:20:11 - [0,360] ----D C:\Users\Nanou\AppData\Local\Diagnostics

O43 - CFD: 26/07/2012 - 11:19:02 - [0] ----D C:\Users\Nanou\AppData\Local\ElevatedDiagnostics

O43 - CFD: 24/04/2012 - 10:23:19 - [224,829] ----D C:\Users\Nanou\AppData\Local\Google

O43 - CFD: 24/04/2012 - 10:00:46 - [0] ----D C:\Users\Nanou\AppData\Local\Historique

O43 - CFD: 26/07/2012 - 10:53:42 - [0,830] ----D C:\Users\Nanou\AppData\Local\LogMeIn Hamachi

O43 - CFD: 24/06/2012 - 08:58:03 - [0] ----D C:\Users\Nanou\AppData\Local\Macromedia

O43 - CFD: 23/07/2012 - 17:01:48 - [0,001] ----D C:\Users\Nanou\AppData\Local\Messenger_Plus_Live

O43 - CFD: 20/07/2012 - 19:34:24 - [148,554] ----D C:\Users\Nanou\AppData\Local\Microsoft

O43 - CFD: 14/07/2012 - 14:57:07 - [0,899] ----D C:\Users\Nanou\AppData\Local\Microsoft Games

O43 - CFD: 24/04/2012 - 10:04:56 - [145,719] ----D C:\Users\Nanou\AppData\Local\Mozilla

O43 - CFD: 27/06/2012 - 16:35:47 - [0,035] ----D C:\Users\Nanou\AppData\Local\SKIDROW

O43 - CFD: 20/07/2012 - 18:27:52 - [0] ----D C:\Users\Nanou\AppData\Local\Software

O43 - CFD: 26/07/2012 - 13:12:23 - [89,592] ----D C:\Users\Nanou\AppData\Local\Temp

O43 - CFD: 24/04/2012 - 10:00:46 - [0] ----D C:\Users\Nanou\AppData\Local\Temporary Internet Files

O43 - CFD: 13/05/2012 - 21:33:19 - [5,086] ----D C:\Users\Nanou\AppData\Local\VirtualStore

O43 - CFD: 26/07/2012 - 09:39:51 - [0,027] ----D C:\Users\Nanou\AppData\Local\Windows Live

O43 - CFD: 15/07/2012 - 11:24:09 - [0] ----D C:\Users\Nanou\AppData\Local\{0C3F3C0F-F0EA-4651-BD5E-7DE6CED8631F}

O43 - CFD: 17/07/2012 - 21:29:09 - [0] ----D C:\Users\Nanou\AppData\Local\{0EC2B41C-3A97-4D20-A596-9B5B75E46077}

O43 - CFD: 26/07/2012 - 09:39:48 - [0] ----D C:\Users\Nanou\AppData\Local\{125C5584-0834-4194-A0E1-BD88BE7BFBAD}

O43 - CFD: 15/07/2012 - 11:24:20 - [0] ----D C:\Users\Nanou\AppData\Local\{19E06608-3DCC-4067-BF7D-F31547AD4E2C}

O43 - CFD: 03/07/2012 - 10:37:25 - [0] ----D C:\Users\Nanou\AppData\Local\{1CC2090A-4D82-4834-B446-A5F606365FB5}

O43 - CFD: 14/07/2012 - 10:34:24 - [0] ----D C:\Users\Nanou\AppData\Local\{224A892E-9571-442E-8A41-37F3FD7C20AC}

O43 - CFD: 14/07/2012 - 10:34:34 - [0] ----D C:\Users\Nanou\AppData\Local\{24ED1FB9-6683-4F4B-9CDD-69F2FE87F99A}

O43 - CFD: 11/07/2012 - 20:33:56 - [0] ----D C:\Users\Nanou\AppData\Local\{29339076-9335-4AAD-BC49-B653777AA8D4}

O43 - CFD: 24/06/2012 - 21:44:05 - [0] ----D C:\Users\Nanou\AppData\Local\{2CC5A591-34DE-4600-A70E-ECF07CC9A486}

O43 - CFD: 24/06/2012 - 21:43:55 - [0] ----D C:\Users\Nanou\AppData\Local\{2CFA4460-6E02-4A46-BDE7-E7BFFD4CE460}

O43 - CFD: 10/07/2012 - 16:31:42 - [0] ----D C:\Users\Nanou\AppData\Local\{30B8D537-E715-49F5-9A0A-FD696E57BFDF}

O43 - CFD: 30/06/2012 - 11:41:54 - [0] ----D C:\Users\Nanou\AppData\Local\{3925E8B6-7F6A-4689-83FD-F397245C4893}

O43 - CFD: 24/06/2012 - 12:02:52 - [0] ----D C:\Users\Nanou\AppData\Local\{3A527BF0-1033-4556-AF22-986F61EDB602}

O43 - CFD: 26/06/2012 - 20:14:40 - [0] ----D C:\Users\Nanou\AppData\Local\{3FBB5F57-EFF2-45B3-AB42-8A6C850718F8}

O43 - CFD: 28/06/2012 - 21:42:56 - [0] ----D C:\Users\Nanou\AppData\Local\{4CD58552-2EB4-4A4B-A9B2-F5B201533D8E}

O43 - CFD: 16/07/2012 - 18:09:29 - [0] ----D C:\Users\Nanou\AppData\Local\{50A5EB6D-BF8B-493C-8CCA-AC53B77CB5AE}

O43 - CFD: 12/07/2012 - 12:26:41 - [0] ----D C:\Users\Nanou\AppData\Local\{608C3A14-62EA-479C-8246-A7284517981C}

O43 - CFD: 03/07/2012 - 10:37:14 - [0] ----D C:\Users\Nanou\AppData\Local\{644A3998-1609-473E-A1D3-C15BCB69B89A}

O43 - CFD: 30/06/2012 - 11:41:44 - [0] ----D C:\Users\Nanou\AppData\Local\{6F4F24C0-7786-4D1C-A2ED-C15107BE183A}

O43 - CFD: 27/06/2012 - 15:40:53 - [0] ----D C:\Users\Nanou\AppData\Local\{766FCC81-86F0-44CC-98A8-8006F85B1E6C}

O43 - CFD: 26/06/2012 - 20:14:51 - [0] ----D C:\Users\Nanou\AppData\Local\{7929D23B-F6D4-4AE4-9F7C-48CF79D02944}

O43 - CFD: 18/07/2012 - 16:42:41 - [0] ----D C:\Users\Nanou\AppData\Local\{7D366AE6-1B40-4BEC-AFEA-24E4245BE97F}

O43 - CFD: 17/07/2012 - 21:28:58 - [0] ----D C:\Users\Nanou\AppData\Local\{7F5DC8C0-E7E1-4C6A-8BD5-E52B94F0D744}

O43 - CFD: 28/06/2012 - 21:42:45 - [0] ----D C:\Users\Nanou\AppData\Local\{8AC2FF55-C774-49B5-8DFA-71C845D1BF4A}

O43 - CFD: 22/06/2012 - 20:39:20 - [0] ----D C:\Users\Nanou\AppData\Local\{9111D2A7-A2C4-481D-97F8-F68D5513ECFC}

O43 - CFD: 25/06/2012 - 21:49:21 - [0] ----D C:\Users\Nanou\AppData\Local\{92257BEC-3493-4AB8-83F0-6E1D8DEC37EE}

O43 - CFD: 13/07/2012 - 22:34:01 - [0] ----D C:\Users\Nanou\AppData\Local\{9633B22A-5C5F-4A08-9DC2-9A05B1FB498A}

O43 - CFD: 25/06/2012 - 21:49:10 - [0] ----D C:\Users\Nanou\AppData\Local\{9D80CC5E-5F24-4468-AA90-D51B1D1F67C3}

O43 - CFD: 22/06/2012 - 20:38:24 - [0] ----D C:\Users\Nanou\AppData\Local\{A268B4AE-1013-41B2-B88F-4C02C8F8946B}

O43 - CFD: 28/06/2012 - 03:41:29 - [0] ----D C:\Users\Nanou\AppData\Local\{A642162F-A050-4F60-9A76-D8C0BA36910C}

O43 - CFD: 11/07/2012 - 20:33:46 - [0] ----D C:\Users\Nanou\AppData\Local\{ABD7D49C-A46C-4D4F-9654-906D485DED5C}

O43 - CFD: 24/06/2012 - 12:02:39 - [0] ----D C:\Users\Nanou\AppData\Local\{B1D1D9C3-BB20-48B2-A434-BB2482D2BC3B}

O43 - CFD: 10/07/2012 - 16:31:52 - [0] ----D C:\Users\Nanou\AppData\Local\{B663F096-D1BB-4DC3-8957-8D0240153BFF}

O43 - CFD: 28/06/2012 - 03:41:39 - [0] ----D C:\Users\Nanou\AppData\Local\{CCCADFEC-07CB-4F13-811A-6213B2BDA3C2}

O43 - CFD: 27/06/2012 - 15:42:08 - [0] ----D C:\Users\Nanou\AppData\Local\{D738E0E2-7299-4EA9-A17B-4A7FCC1E671D}

O43 - CFD: 12/07/2012 - 12:26:51 - [0] ----D C:\Users\Nanou\AppData\Local\{D7CA0707-803D-4068-8017-2C5749677F21}

O43 - CFD: 18/07/2012 - 16:42:31 - [0] ----D C:\Users\Nanou\AppData\Local\{DAB85920-0E6E-41D4-985F-33E3A73896D7}

O43 - CFD: 16/07/2012 - 18:09:19 - [0] ----D C:\Users\Nanou\AppData\Local\{EE74BFC9-A2E8-46FF-A16C-E568EE57D243}

O43 - CFD: 26/07/2012 - 09:39:39 - [0] ----D C:\Users\Nanou\AppData\Local\{F49DBDDB-97D7-4D4D-B5EF-F3E5488D46F1}

O43 - CFD: 27/06/2012 - 15:40:43 - [0] ----D C:\Users\Nanou\AppData\Local\{F83940ED-2873-43C0-AC6B-6A19084FB5F4}

O43 - CFD: 26/07/2012 - 09:38:32 - [0,184] -SH-D C:\Users\Nanou\AppData\Local\{fe09ce2e-23ef-c6be-b551-13ec0a9986aa}

O43 - CFD: 14/07/2009 - 06:59:41 - [0,014] R---D C:\Users\Nanou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

O43 - CFD: 25/06/2012 - 04:43:20 - [0,000] R---D C:\Users\Nanou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

O43 - CFD: 14/07/2012 - 14:54:43 - [0,000] ----D C:\Users\Nanou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games

O43 - CFD: 13/05/2012 - 18:50:56 - [0,001] ----D C:\Users\Nanou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade

O43 - CFD: 24/04/2012 - 10:23:35 - [0,005] ----D C:\Users\Nanou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome

O43 - CFD: 24/07/2012 - 11:55:43 - [0,003] ----D C:\Users\Nanou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi

O43 - CFD: 14/07/2009 - 06:54:45 - [0,001] R---D C:\Users\Nanou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

O43 - CFD: 23/07/2012 - 17:12:52 - [0,000] R---D C:\Users\Nanou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

O43 - CFD: 20/07/2012 - 18:30:05 - [0,003] ----D C:\Users\Nanou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\vGrabber

O43 - CFD: 13/05/2012 - 20:45:49 - [0,003] ----D C:\Users\Nanou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR