Il y a actuellement 244 visiteurs
Mardi 05 Novembre 2024
accueilactualitésdossierscomparer les prixtélécharger gratuitement vos logicielsoffres d'emploiforum informatique
Connexion
Créer un compte

Infecté par Worm/AuoRun.hc [Résolu]

Un ordinateur qui ralentit, des écrans publicitaires qui apparaissent, des applications qui refusent de démarrer ou encore votre navigateur qui s'obstine à ouvrir une page douteuse sont autant d'éléments qui indiquent que l'intégrité de votre ordinateur est menacée par un virus. Vous trouverez dans ce forum quelques conseils et logiciels pour surfer tranquillement.
Règles du forum
Pour afficher un rapport d'analyse ou un rapport d'infection (HijackThis, OTL, AdwCleaner etc...)‎, veuillez utiliser le système de fichiers joints interne au forum. Seuls les formats les .txt et .log de moins de 1Mo sont acceptés. Pour obtenir de l'aide pour insérer vos fichiers joints, veuillez consulter ce tutoriel

Infecté par Worm/AuoRun.hc [Résolu]

Message le 30 Mai 2010 16:53

Bonjour,
A chaque fois que j'insère ma clé usb dans mon pc, mon antivirus (AVG 9 free edition) me signale que C:\Windows\BackUp\autorun.inf est infecté par Worm/AutoRun.HC. Mais impossible de réparer ou de supprimer les fichiers infectés à partir d'AVG. En plus, je ne trouve pas le dossier BackUp sur mon pc même en activant la visibilité des dossiers cachés. Je me demande vraiment à quoi sert AVG s'il n'est pas capable de détruire ce worm. Je n'ai pas l'impression qu'il soit méchant mais qu'en même il me fait bien chier.

Ci-joint le rapport HijackThis
Code: Tout sélectionner
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:34:11, on 30/05/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\Net4Switch\Net4Switch.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
G:\MemS.exe
G:\MemS.exe
G:\MemS.exe
G:\MemS.exe
G:\MemS.exe
G:\MemS.exe
G:\MemS.exe
G:\MemS.exe
G:\MemS.exe
G:\MemS.exe
G:\MemS.exe
G:\MemS.exe
G:\MemS.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
G:\MemS.exe
G:\MemS.exe
G:\MemS.exe
G:\MemS.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Partner BHO Class - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [Boingo Wi-Fi] "C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [explorer] C:\Windows\BackUp\explorer.exe
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-1519220938-3604924548-360206279-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1519220938-3604924548-360206279-1000\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Global Startup: FancyStart daemon.lnk = ?
O4 - Global Startup: SRS Premium Sound.lnk = ?
O8 - Extra context menu item: &Envoyer à OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Download with Rapget - C:\Users\Mem'S\Downloads\RapGet [Wawa-Mania][By i_love_sexe]\rapget.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: ADSM Service (ADSMService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: Partner Service - Google Inc. - C:\ProgramData\Partner\Partner.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TurboBoost - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12710 bytes


Mes compétences en médecine informatique sont très limitées donc si vous pouviez m'aider à éradiquer cette vermine qui prolifère sur mon PC et mes DD externes je vous en serai très reconnaissant.

PS: je suis sous Windows 7 64 bit
Mems
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 11
Inscription: 30 Mai 2010 15:47
 


Re: Infecté par Worm/AuoRun.hc

Message le 30 Mai 2010 17:12

Salut Mems,

Tu as une infection qui se propage par support amovible ( disque dure externe, clef USB, carte photo, lecteur MP3 bref tous ce qui se branche à ton pc et qui peut stoker des fichiers).Si on désinfecte ton PC sans désinfecter ces périphériques, à la prochaine utilisation, ton pc sera réinfecté :oops:

Donc, branche tous les périphériques de ce genre que tu possède ( en les allumant si nécessaire ).

ensuite...

>> Télécharge USBFix sur ton bureau,et installe le en faisant un double-clic dessus...cela créera un raccourcie de lancement du tool.


>> Fait le choix N°2 (suppression),cela entrainera un redémarrage de ton PC,laisse travailler USBFix et poste le rapport qui sera générer en fin de scan.
Avatar de l'utilisateur
jeanmimigab
PC-Infopraticien
PC-Infopraticien
 
Messages: 2986
Inscription: 29 Nov 2009 12:05
 

Re: Infecté par Worm/AuoRun.hc

Message le 30 Mai 2010 17:44

Merci pour ta réponse et ta rapidité. Mais le lien que tu as mis est mort. Même sur internet j'ai pas trouver un site pour le télécharger.
Mems
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 11
Inscription: 30 Mai 2010 15:47
 

Re: Infecté par Worm/AuoRun.hc

Message le 30 Mai 2010 18:20

oops,

le serveur a changé :-?
voilà

http://chiquitine.changelog.fr/UsbFix.exe
Avatar de l'utilisateur
jeanmimigab
PC-Infopraticien
PC-Infopraticien
 
Messages: 2986
Inscription: 29 Nov 2009 12:05
 

Re: Infecté par Worm/AuoRun.hc

Message le 30 Mai 2010 18:37

Alors voici le fameux rapport:
Code: Tout sélectionner
############################## | UsbFix 7.001 |

Utilisateur: Mem'S (Administrateur) # MEMS-PC [ASUSTeK Computer Inc. K52Jc]
Mis à jour le 28/05/10 par El Desaparecido & C_XX
Lancé à 19:26:30 | 30/05/2010
Site Web: http://pagesperso-orange.fr/NosTools/index.html
Contact: FindyKill.Contact@gmail.com

CPU: Intel(R) Core(TM) i5 CPU M 430 @ 2.27GHz
CPU 2: Intel(R) Core(TM) i5 CPU M 430 @ 2.27GHz
Microsoft Windows 7 Édition Familiale Premium  (6.1.7600 64-Bit) #
Internet Explorer 8.0.7600.16385

Pare-feu Windows: Activé

RAM -> 3884 Mo
C:\ (%systemdrive%) -> Disque fixe # 116 Go (73 Go libre(s) - 63%) [OS] # NTFS
D:\ -> Disque fixe # 333 Go (333 Go libre(s) - 100%) [DATA] # NTFS
E:\ -> CD-ROM
F:\ -> CD-ROM
G:\ -> Disque amovible # 7 Go (781 Mo libre(s) - 10%) [] # FAT32

################## | Éléments infectieux |

Supprimé! C:\$Recycle.Bin\S-1-5-21-1519220938-3604924548-360206279-1002
Supprimé! D:\$Recycle.Bin\S-1-5-21-1519220938-3604924548-360206279-1002

################## | Registre |


################## | Mountpoints2 |


################## | Listing |

[18/05/2010 - 13:21:23 | HD ]    C:\$AVG
[30/05/2010 - 19:27:45 | SHD ]    C:\$Recycle.Bin
[15/06/2009 - 13:11:59 | A | 54]    C:\AdobeReader.log
[15/05/2010 - 16:58:33 | HD ]    C:\ASUS.DAT
[30/05/2010 - 19:23:21 | RASHD ]    C:\Autorun.inf
[29/07/2009 - 08:03:34 | SHD ]    C:\Boot
[14/07/2009 - 03:38:58 | RASH | 383562]    C:\bootmgr
[29/07/2009 - 08:03:37 | RASH | 8192]    C:\BOOTSECT.BAK
[23/05/2010 - 20:15:56 | SHD ]    C:\Config.Msi
[24/04/2010 - 16:18:24 | A | 14619]    C:\devlist.txt
[14/07/2009 - 07:08:56 | SHD ]    C:\Documents and Settings
[24/04/2010 - 15:16:40 | D ]    C:\eSupport
[24/04/2010 - 16:18:24 | A | 9]    C:\Finish.log
[30/05/2010 - 19:10:48 | ASH | 3054882816]    C:\hiberfil.sys
[24/04/2010 - 15:47:14 | A | 3145410]    C:\inject.log.txt
[24/04/2010 - 15:50:19 | D ]    C:\Intel
[16/03/2010 - 13:11:15 | AH | 2097152]    C:\K52Jc.BIN
[22/03/2010 - 10:15:58 | A | 18]    C:\K52JC_WIN7.10
[23/05/2010 - 16:55:20 | RHD ]    C:\MSOCache
[12/06/2009 - 03:32:00 | A | 57]    C:\OFFICE2007_L.TXT
[30/05/2010 - 19:10:50 | ASH | 4073177088]    C:\pagefile.sys
[24/04/2010 - 03:35:59 | A | 146]    C:\Pass.txt
[24/02/2010 - 03:41:55 | A | 512]    C:\Patch_Win7.log
[14/07/2009 - 05:20:08 | D ]    C:\PerfLogs
[30/05/2010 - 19:23:18 | RD ]    C:\Program Files
[30/05/2010 - 16:01:21 | RD ]    C:\Program Files (x86)
[24/05/2010 - 15:13:27 | HD ]    C:\ProgramData
[15/05/2010 - 16:47:47 | SHD ]    C:\Recovery
[22/03/2010 - 10:15:58 | A | 7]    C:\RECOVERY.DAT
[14/05/2006 - 10:22:24 | A | 5]    C:\store.log
[24/04/2010 - 14:59:09 | A | 170]    C:\SumHidd.txt
[24/04/2010 - 14:57:49 | A | 98]    C:\SumOS.txt
[26/05/2010 - 19:56:55 | SHD ]    C:\System Volume Information
[30/05/2010 - 19:26:37 | D ]    C:\UsbFix
[30/05/2010 - 19:27:46 | A | 2810]    C:\UsbFix.txt
[15/05/2010 - 16:49:18 | RD ]    C:\Users
[16/09/2009 - 20:04:46 | A | 24]    C:\v82.txt
[30/05/2010 - 14:46:20 | D ]    C:\Windows
[30/05/2010 - 19:27:45 | SHD ]    D:\$RECYCLE.BIN
[30/05/2010 - 19:23:21 | RASHD ]    D:\Autorun.inf
[24/04/2010 - 14:49:23 | SHD ]    D:\System Volume Information
[22/05/2010 - 15:30:16 | HD ]    G:\MemS

################## | Vaccin |

G:\Autorun.inf -> Dossier créé par UsbFix (El Desaparecido & C_XX)

################## | Upload |

Veuillez envoyer le fichier: C:\UsbFix_Upload_Me_MEMS-PC.zip
http://chiquitine.changelog.fr/Sample/Upload.php
Merci de votre contribution.

################## | E.O.F |

J'attends la suite avec impatience...
Mems
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 11
Inscription: 30 Mai 2010 15:47
 

Re: Infecté par Worm/AuoRun.hc

Message le 30 Mai 2010 19:03

re,

Je vois à peu prêt ce qu'il y a...

Laisse bien la clef USB de 8GB branchée sur ton pc pendant toute la procédure :wink:

* Télécharge >> OTL <<sur ton bureau.

* Fait un double-clic sur l'icône d'OTL pour le lancer

* Assure toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case "rapport minimal " soit cochée.

* Coches les case situées devant "Tous les utilisateurs", " Recherche LOP" et "Recherche Purity".

* Copier et colle le contenue de cette citation dans la partie inférieure d'OTL "personnalisation"


netsvcs
%SYSTEMDRIVE%\*.exe
%SYSTEMDRIVE%\*.exe
G:\*.inf /s /md5
G:\*.exe /s /md5
/md5start
Sfloppy.sys
Changer.sys
cdrom.sys
disk.sys
ndis.sys
usbscan.sys
usbprint.sys
tdtcp.sys
tdpipe.sys
swmidi.sys
splitter.sys
rdpwd.sys
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
RASACD.SYS
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles


* Cliques sur l'icône "Analyse" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan un ou deux rapports vont s'ouvrir "OTL.Txt" et ( ou ) "Extras.Txt"( dans certains cas).
* Copie et colle le ou les rapports dans ta réponse stp...
* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés
Avatar de l'utilisateur
jeanmimigab
PC-Infopraticien
PC-Infopraticien
 
Messages: 2986
Inscription: 29 Nov 2009 12:05
 

Re: Infecté par Worm/AuoRun.hc

Message le 30 Mai 2010 21:30

Le rapport OTL:


Code: Tout sélectionner
OTL logfile created on: 30/05/2010 22:08:24 - Run 1
OTL by OldTimer - Version 3.2.5.1     Folder = C:\Users\Mem'S\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 65,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116,44 Gb Total Space | 72,93 Gb Free Space | 62,63% Space Free | Partition Type: NTFS
Drive D: | 332,72 Gb Total Space | 332,67 Gb Free Space | 99,98% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 7,47 Gb Total Space | 0,76 Gb Free Space | 10,18% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: MEMS-PC
Current User Name: Mem'S
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - C:\Users\Mem'S\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Windows\KMService.exe ()
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Windows\SysWOW64\srvany.exe ()
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - C:\Users\Mem'S\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV:[b]64bit:[/b] - (WatAdminSvc) -- C:\Windows\SysNative\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV:[b]64bit:[/b] - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV:[b]64bit:[/b] - (osppsvc) -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV:[b]64bit:[/b] - (ose64) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV:[b]64bit:[/b] - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.)
SRV:[b]64bit:[/b] - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
SRV:[b]64bit:[/b] - (WwanSvc) -- C:\Windows\SysNative\wwansvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (WbioSrvc) -- C:\Windows\SysNative\wbiosrvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (Power) -- C:\Windows\SysNative\umpo.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (Themes) -- C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (sppuinotify) -- C:\Windows\SysNative\sppuinotify.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (SensrSvc) -- C:\Windows\SysNative\sensrsvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (PNRPsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (p2pimsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (HomeGroupProvider) -- C:\Windows\SysNative\provsvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (RpcEptMapper) -- C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (PNRPAutoReg) -- C:\Windows\SysNative\pnrpauto.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (HomeGroupListener) -- C:\Windows\SysNative\ListSvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (Dhcp) -- C:\Windows\SysNative\dhcpcore.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (defragsvc) -- C:\Windows\SysNative\defragsvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (bthserv) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (BDESVC) -- C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (AxInstSV) -- C:\Windows\SysNative\AxInstSv.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (AppIDSvc) -- C:\Windows\SysNative\appidsvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation)
SRV:[b]64bit:[/b] - (sppsvc) -- C:\Windows\SysNative\sppsvc.exe (Microsoft Corporation)
SRV:[b]64bit:[/b] - (Fax) -- C:\Windows\SysNative\FXSSVC.exe (Microsoft Corporation)
SRV:[b]64bit:[/b] - (spmgr) -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe ()
SRV - (avg9wd) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Partner Service) -- C:\ProgramData\Partner\Partner.exe (Google Inc.)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (DfSdkS) -- C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe (mst software GmbH, Germany)
SRV - (VSS) -- C:\Windows\Vss [2009/07/14 05:20:14 | 000,000,000 | ---D | M]
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2009/07/14 05:20:14 | 000,000,000 | ---D | M]
SRV - (HomeGroupProvider) -- C:\Windows\SysWOW64\provsvc.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\SysWOW64\dhcpcore.dll (Microsoft Corporation)
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS)
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (fsssvc) -- C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (ADSMService) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)
SRV - (KMService) -- C:\Windows\SysWOW64\srvany.exe ()
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV:[b]64bit:[/b] - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:[b]64bit:[/b] - (AvgTdiA) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:[b]64bit:[/b] - (AvgLdx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:[b]64bit:[/b] - (AvgMfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:[b]64bit:[/b] - (AsDsm) -- C:\Windows\SysNative\drivers\AsDsm.sys (ASUSTek Computer Inc)
DRV:[b]64bit:[/b] - (JME) JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits) -- C:\Windows\SysNative\drivers\JME.sys (JMicron Technology Corp.)
DRV:[b]64bit:[/b] - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronic Corp.)
DRV:[b]64bit:[/b] - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:[b]64bit:[/b] - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:[b]64bit:[/b] - (KSecPkg) -- C:\Windows\SysNative\drivers\ksecpkg.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (IntcDAud) Intel(R) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:[b]64bit:[/b] - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:[b]64bit:[/b] - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:[b]64bit:[/b] - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:[b]64bit:[/b] - (fvevol) -- C:\Windows\SysNative\drivers\fvevol.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:[b]64bit:[/b] - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
DRV:[b]64bit:[/b] - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys ()
DRV:[b]64bit:[/b] - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( )
DRV:[b]64bit:[/b] - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:[b]64bit:[/b] - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:[b]64bit:[/b] - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:[b]64bit:[/b] - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:[b]64bit:[/b] - (hwpolicy) -- C:\Windows\SysNative\drivers\hwpolicy.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (FsDepends) -- C:\Windows\SysNative\drivers\fsdepends.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:[b]64bit:[/b] - (WIMMount) -- C:\Windows\SysNative\drivers\wimmount.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (vhdmp) -- C:\Windows\SysNative\drivers\vhdmp.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (vdrvroot) -- C:\Windows\SysNative\drivers\vdrvroot.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:[b]64bit:[/b] - (rdyboost) -- C:\Windows\SysNative\drivers\rdyboost.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (pcw) -- C:\Windows\SysNative\drivers\pcw.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (CNG) -- C:\Windows\SysNative\drivers\cng.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (rdpbus) -- C:\Windows\SysNative\drivers\rdpbus.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (RDPREFMP) -- C:\Windows\SysNative\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\SysNative\drivers\agilevpn.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (WfpLwf) -- C:\Windows\SysNative\drivers\wfplwf.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (NdisCap) -- C:\Windows\SysNative\drivers\ndiscap.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (vwififlt) -- C:\Windows\SysNative\drivers\vwififlt.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (vwifibus) -- C:\Windows\SysNative\drivers\vwifibus.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (1394ohci) -- C:\Windows\SysNative\drivers\1394ohci.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (usbvideo) USB Video Device (WDM) -- C:\Windows\SysNative\drivers\usbvideo.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (UmPass) -- C:\Windows\SysNative\drivers\umpass.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (mshidkmdf) -- C:\Windows\SysNative\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (WudfPf) -- C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (MTConfig) -- C:\Windows\SysNative\drivers\MTConfig.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (CompositeBus) -- C:\Windows\SysNative\drivers\CompositeBus.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (Beep) -- C:\Windows\SysNative\drivers\beep.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (AppID) -- C:\Windows\SysNative\drivers\appid.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (scfilter) -- C:\Windows\SysNative\drivers\scfilter.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (discache) -- C:\Windows\SysNative\drivers\discache.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (HidBatt) -- C:\Windows\SysNative\drivers\hidbatt.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (CmBatt) -- C:\Windows\SysNative\drivers\CmBatt.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (AcpiPmi) -- C:\Windows\SysNative\drivers\acpipmi.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (AmdPPM) -- C:\Windows\SysNative\drivers\amdppm.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (lullaby) -- C:\Windows\SysNative\drivers\lullaby.sys (Windows (R) Win 7 DDK provider)
DRV:[b]64bit:[/b] - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.)
DRV:[b]64bit:[/b] - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:[b]64bit:[/b] - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()
DRV:[b]64bit:[/b] - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys (ASUS)
DRV:[b]64bit:[/b] - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (ghaio) -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (NetBIOS) -- C:\Windows\SysWOW64\netbios.dll (Microsoft Corporation)
DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS)
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()
 
 
[color=#E56717]========== Standard Registry (All) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
 
IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
 
IE - HKU\S-1-5-21-1519220938-3604924548-360206279-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
IE - HKU\S-1-5-21-1519220938-3604924548-360206279-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_search_url = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-21-1519220938-3604924548-360206279-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-1519220938-3604924548-360206279-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-1519220938-3604924548-360206279-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKU\S-1-5-21-1519220938-3604924548-360206279-1002\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-1519220938-3604924548-360206279-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.startup.homepage: "http://www.google.fr/ig"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.80
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.812
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.3
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG9\Firefox [2010/05/18 11:00:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/05/15 18:13:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/05/23 11:59:41 | 000,000,000 | ---D | M]
 
[2010/05/15 18:13:53 | 000,000,000 | ---D | M] -- C:\Users\Mem'S\AppData\Roaming\mozilla\Extensions
[2010/05/15 18:13:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mem'S\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/05/30 19:43:15 | 000,000,000 | ---D | M] -- C:\Users\Mem'S\AppData\Roaming\mozilla\Firefox\Profiles\0wyklvs6.default\extensions
[2010/05/15 18:18:02 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\Mem'S\AppData\Roaming\mozilla\Firefox\Profiles\0wyklvs6.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2010/05/15 18:16:34 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Mem'S\AppData\Roaming\mozilla\Firefox\Profiles\0wyklvs6.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/05/15 18:13:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/05/15 18:13:32 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/04/01 20:01:50 | 000,023,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browserdirprovider.dll
[2010/04/01 20:01:50 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\brwsrcmp.dll
[2010/04/01 20:01:50 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll
[2010/04/04 01:43:36 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
[2010/04/01 19:07:29 | 000,001,516 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/04/01 19:07:29 | 000,001,822 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/04/01 19:07:29 | 000,000,757 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/04/01 19:07:29 | 000,002,371 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google.xml
[2010/04/01 19:07:29 | 000,001,426 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/04/01 19:07:29 | 000,000,956 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-france.xml
 
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit:[/b] - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:[b]64bit:[/b] - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:[b]64bit:[/b] - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:[b]64bit:[/b] - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.)
O2:[b]64bit:[/b] - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:[b]64bit:[/b] - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O2:[b]64bit:[/b] - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll (Google Inc.)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1519220938-3604924548-360206279-1002\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe ()
O4:[b]64bit:[/b] - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found
O4:[b]64bit:[/b] - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Boingo Wi-Fi] C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk ()
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1519220938-3604924548-360206279-1002..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - HKLM..\RunOnce: []  File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\S-1-5-21-1519220938-3604924548-360206279-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-21-1519220938-3604924548-360206279-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-21-1519220938-3604924548-360206279-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 0
O8:[b]64bit:[/b] - Extra context menu item: Download with Rapget - C:\Users\Mem'S\Downloads\RapGet [Wawa-Mania][By i_love_sexe]\rapget.htm ()
O8 - Extra context menu item: Download with Rapget - C:\Users\Mem'S\Downloads\RapGet [Wawa-Mania][By i_love_sexe]\rapget.htm ()
O9:[b]64bit:[/b] - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra Button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra 'Tools' menuitem : Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:[b]64bit:[/b] - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:[b]64bit:[/b] - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:[b]64bit:[/b] - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20:[b]64bit:[/b] - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\SysWOW64\Userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28:[b]64bit:[/b] - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O29:[b]64bit:[/b] - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:[b]64bit:[/b] - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:[b]64bit:[/b] - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:[b]64bit:[/b] - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:[b]64bit:[/b] - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:[b]64bit:[/b] - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:[b]64bit:[/b] - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:[b]64bit:[/b] - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/30 19:27:46 | 000,000,000 | ---D | M] - C:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/05/30 19:27:46 | 000,000,000 | ---D | M] - D:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/05/30 19:28:22 | 000,000,000 | RHSD | M] - G:\Autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Code: Tout sélectionner
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2010/05/30 21:58:48 | 000,571,392 | ---- | C] (OldTimer Tools) -- C:\Users\Mem'S\Desktop\OTL.exe
[2010/05/30 19:44:14 | 000,000,000 | ---D | C] -- C:\Users\Mem'S\AppData\Local\ElevatedDiagnostics
[2010/05/30 19:23:21 | 000,000,000 | ---D | C] -- C:\Autorun.inf
[2010/05/30 18:59:17 | 001,166,415 | ---- | C] (C_XX & El Desaparecido) -- C:\Users\Mem'S\Desktop\Usbfix.exe
[2010/05/30 18:28:20 | 000,000,000 | ---D | C] -- C:\UsbFix
[2010/05/30 16:01:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/05/30 14:46:20 | 000,000,000 | -HSD | C] -- C:\Windows\BackUp
[2010/05/24 15:13:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Uniblue
[2010/05/24 15:13:21 | 000,000,000 | ---D | C] -- C:\Users\Mem'S\AppData\Roaming\Uniblue
[2010/05/24 15:06:07 | 000,034,304 | ---- | C] (mst software GmbH, Germany) -- C:\Windows\SysNative\DfSdkBt.exe
[2010/05/24 14:57:01 | 000,028,160 | ---- | C] (mst software GmbH, Germany) -- C:\Windows\SysWow64\DfSdkBt32.exe
[2010/05/24 14:56:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ashampoo
[2010/05/23 17:00:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/05/23 16:59:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2010/05/23 16:58:57 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/05/23 16:58:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2010/05/23 16:58:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/05/23 16:58:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2010/05/23 16:57:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2010/05/23 16:56:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2010/05/23 16:56:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2010/05/23 16:55:43 | 000,000,000 | ---D | C] -- C:\Users\Mem'S\AppData\Local\Microsoft Help
[2010/05/23 16:55:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/05/23 16:55:20 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/05/23 16:52:06 | 000,000,000 | ---D | C] -- C:\Users\Mem'S\AppData\Local\Seven Zip
[2010/05/23 16:49:43 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/05/23 15:59:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2010/05/23 15:19:59 | 000,000,000 | ---D | C] -- C:\Users\Mem'S\AppData\Roaming\DAEMON Tools Lite
[2010/05/23 15:19:53 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2010/05/23 12:07:54 | 000,000,000 | ---D | C] -- C:\Users\Mem'S\AppData\Roaming\vlc
[2010/05/23 12:07:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2010/05/23 11:55:05 | 000,000,000 | ---D | C] -- C:\Users\Mem'S\AppData\Local\Adobe
[2010/05/23 11:52:31 | 000,000,000 | ---D | C] -- C:\Users\Mem'S\AppData\Roaming\WinRAR
[2010/05/23 11:51:53 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/05/23 11:13:42 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010/05/22 15:17:29 | 000,000,000 | ---D | C] -- C:\Users\Mem'S\Documents\Set Up
[2010/05/21 12:07:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2010/05/21 12:07:29 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2010/05/20 21:34:31 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/05/18 13:21:23 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/05/18 11:00:41 | 000,012,976 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll
[2010/05/18 11:00:39 | 000,317,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2010/05/18 11:00:36 | 000,269,320 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2010/05/18 11:00:34 | 000,035,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2010/05/18 11:00:34 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\Avg
[2010/05/18 11:00:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2010/05/18 11:00:26 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9
[2010/05/16 19:00:58 | 000,017,542 | ---- | C] () -- C:\Program Files\Common Files\Net4Switch.ico
[2010/05/16 19:00:58 | 000,017,542 | ---- | C] () -- C:\Program Files (x86)\Common Files\Net4Switch.ico
[2010/05/16 18:52:11 | 000,000,000 | ---D | C] -- C:\ProgramData\GoBoingo
[2010/05/16 18:52:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Boingo
[2010/05/16 18:34:40 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe
[2010/05/16 15:55:29 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2010/05/16 15:55:29 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbscript.dll
[2010/05/16 15:55:18 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2010/05/16 15:55:18 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2010/05/16 15:55:18 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2010/05/16 15:55:18 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2010/05/16 15:55:18 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2010/05/16 15:55:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2010/05/16 15:55:10 | 001,192,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll
[2010/05/16 15:55:10 | 001,026,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstime.dll
[2010/05/16 15:55:10 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstime.dll
[2010/05/16 15:55:09 | 000,977,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2010/05/16 15:55:09 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iedkcs32.dll
[2010/05/16 15:55:09 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2010/05/16 15:55:09 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll
[2010/05/16 15:55:09 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
[2010/05/16 15:55:06 | 000,223,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fvevol.sys
[2010/05/16 15:54:42 | 005,509,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010/05/16 15:54:41 | 003,899,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2010/05/16 15:54:40 | 003,954,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2010/05/16 15:54:39 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2010/05/16 15:54:39 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2010/05/16 15:54:34 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2010/05/16 15:54:34 | 000,153,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ksecpkg.sys
[2010/05/16 15:53:23 | 000,960,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2010/05/16 15:53:23 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2010/05/16 15:53:22 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2010/05/16 15:53:22 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2010/05/16 15:53:22 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2010/05/16 15:53:22 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2010/05/16 15:53:22 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2010/05/15 21:31:31 | 000,000,000 | ---D | C] -- C:\Users\Mem'S\Documents\ASUS
[2010/05/15 21:31:12 | 000,000,000 | ---D | C] -- C:\ProgramData\ASUS
[2010/05/15 21:31:10 | 000,000,000 | ---D | C] -- C:\Users\Mem'S\AppData\Local\ASUS
[2010/05/15 18:58:41 | 002,571,278 | -H-- | C] () -- C:\Users\Mem'S\AppData\Local\IconCache.db
[2010/05/15 18:37:16 | 000,000,000 | ---D | C] -- C:\Users\Mem'S\dwhelper
[2010/05/15 18:13:40 | 000,000,000 | ---D | C] -- C:\Users\Mem'S\AppData\Roaming\Mozilla
[2010/05/15 18:13:40 | 000,000,000 | ---D | C] -- C:\Users\Mem'S\AppData\Local\Mozilla
[2010/05/15 18:13:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2010/05/15 17:07:56 | 000,000,000 | ---D | C] -- C:\Users\Mem'S\AppData\Roaming\Windows Live Writer
[2010/05/15 17:07:56 | 000,000,000 | ---D | C] -- C:\Users\Mem'S\AppData\Local\Windows Live Writer
[2010/05/15 17:07:56 | 000,000,000 | ---D | C] -- C:\Users\Mem'S\Documents\My Weblog Posts
[2010/05/15 17:02:40 | 000,000,000 | ---D | C] -- C:\Users\Mem'S\AppData\Roaming\Macromedia
[2010/05/15 17:02:39 | 000,000,000 | ---D | C] -- C:\Users\Mem'S\AppData\Roaming\Adobe
[2010/05/15 17:02:33 | 000,000,000 | ---D | C] -- C:\Users\Mem'S\AppData\Local\Google
[2010/05/15 16:59:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\log
[2010/05/15 16:58:42 | 000,000,000 | ---D | C] -- C:\Users\Mem'S\Documents\ASUS WebStorage
[2010/05/15 16:58:42 | 000,000,000 | ---D | C] -- C:\Users\Mem'S\AppData\Roaming\Asus WebStorage
[2010/05/15 16:58:36 | 000,000,000 | ---D | C] -- C:\Users\Mem'S\AppData\Local\SRS Labs
[2010/05/15 16:58:30 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2010/05/15 16:58:30 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll
[2010/05/15 16:58:29 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabview.dll
[2010/05/15 16:58:29 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll
[2010/05/15 16:58:02 | 000,000,000 | R--D | C] -- C:\Users\Mem'S\Searches
[2010/05/15 16:57:53 | 000,000,000 | ---D | C] -- C:\Users\Mem'S\AppData\Roaming\Identities
[2010/05/15 16:57:38 | 000,000,000 | R--D | C] -- C:\Users\Mem'S\Contacts
[2010/05/15 16:57:22 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\eBay
[2010/05/15 16:56:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2010/05/15 16:55:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office Outlook Connector
[2010/05/15 16:55:10 | 000,061,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fssfltr.sys
[2010/05/15 16:55:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2010/05/15 16:55:09 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/05/15 16:54:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Sync Framework
[2010/05/15 16:53:53 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2010/05/15 16:53:53 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2010/05/15 16:53:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2010/05/15 16:52:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2010/05/15 16:52:15 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010/05/15 16:52:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive
[2010/05/15 16:51:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2010/05/15 16:50:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2010/05/15 16:49:53 | 000,122,704 | ---- | C] () -- C:\Users\Mem'S\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/05/15 16:49:52 | 000,000,000 | -H-D | C] -- C:\ASUS.DAT
[2010/05/15 16:49:33 | 000,000,000 | ---D | C] -- C:\Users\Mem'S\AppData\Local\Power2Go
[2010/05/15 16:49:28 | 000,000,000 | ---D | C] -- C:\Users\Mem'S\AppData\Local\VirtualStore
[2010/05/15 16:49:19 | 000,524,288 | -HS- | C] () -- C:\Users\Mem'S\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010/05/15 16:49:19 | 000,524,288 | -HS- | C] () -- C:\Users\Mem'S\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010/05/15 16:49:19 | 000,262,144 | -HS- | C] () -- C:\Users\Mem'S\ntuser.dat.LOG1
[2010/05/15 16:49:19 | 000,065,536 | -HS- | C] () -- C:\Users\Mem'S\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010/05/15 16:49:19 | 000,000,020 | -HS- | C] () -- C:\Users\Mem'S\ntuser.ini
[2010/05/15 16:49:19 | 000,000,000 | -HSD | C] -- C:\Users\Mem'S\Voisinage réseau
[2010/05/15 16:49:19 | 000,000,000 | -HSD | C] -- C:\Users\Mem'S\Voisinage d'impression
[2010/05/15 16:49:19 | 000,000,000 | -HSD | C] -- C:\Users\Mem'S\AppData\Local\Temporary Internet Files
[2010/05/15 16:49:19 | 000,000,000 | -HSD | C] -- C:\Users\Mem'S\SendTo
[2010/05/15 16:49:19 | 000,000,000 | -HSD | C] -- C:\Users\Mem'S\Recent
[2010/05/15 16:49:19 | 000,000,000 | -HSD | C] -- C:\Users\Mem'S\Modèles
[2010/05/15 16:49:19 | 000,000,000 | -HSD | C] -- C:\Users\Mem'S\Documents\Mes vidéos
[2010/05/15 16:49:19 | 000,000,000 | -HSD | C] -- C:\Users\Mem'S\Documents\Mes images
[2010/05/15 16:49:19 | 000,000,000 | -HSD | C] -- C:\Users\Mem'S\Mes documents
[2010/05/15 16:49:19 | 000,000,000 | -HSD | C] -- C:\Users\Mem'S\Menu Démarrer
[2010/05/15 16:49:19 | 000,000,000 | -HSD | C] -- C:\Users\Mem'S\Documents\Ma musique
[2010/05/15 16:49:19 | 000,000,000 | -HSD | C] -- C:\Users\Mem'S\Local Settings
[2010/05/15 16:49:19 | 000,000,000 | -HSD | C] -- C:\Users\Mem'S\AppData\Local\Historique
[2010/05/15 16:49:19 | 000,000,000 | -HSD | C] -- C:\Users\Mem'S\Cookies
[2010/05/15 16:49:19 | 000,000,000 | -HSD | C] -- C:\Users\Mem'S\Application Data
[2010/05/15 16:49:19 | 000,000,000 | -HSD | C] -- C:\Users\Mem'S\AppData\Local\Application Data
[2010/05/15 16:49:19 | 000,000,000 | -HS- | C] () -- C:\Users\Mem'S\ntuser.dat.LOG2
[2010/05/15 16:49:18 | 001,310,720 | -HS- | C] () -- C:\Users\Mem'S\NTUSER.DAT
[2010/05/15 16:49:18 | 000,000,000 | --SD | C] -- C:\Users\Mem'S\AppData\Roaming\Microsoft
[2010/05/15 16:49:18 | 000,000,000 | R--D | C] -- C:\Users\Mem'S\Videos
[2010/05/15 16:49:18 | 000,000,000 | R--D | C] -- C:\Users\Mem'S\Saved Games
[2010/05/15 16:49:18 | 000,000,000 | R--D | C] -- C:\Users\Mem'S\Pictures
[2010/05/15 16:49:18 | 000,000,000 | R--D | C] -- C:\Users\Mem'S\Music
[2010/05/15 16:49:18 | 000,000,000 | R--D | C] -- C:\Users\Mem'S\Links
[2010/05/15 16:49:18 | 000,000,000 | R--D | C] -- C:\Users\Mem'S\Favorites
[2010/05/15 16:49:18 | 000,000,000 | R--D | C] -- C:\Users\Mem'S\Downloads
[2010/05/15 16:49:18 | 000,000,000 | R--D | C] -- C:\Users\Mem'S\Documents
[2010/05/15 16:49:18 | 000,000,000 | R--D | C] -- C:\Users\Mem'S\Desktop
[2010/05/15 16:49:18 | 000,000,000 | -H-D | C] -- C:\Users\Mem'S\AppData
[2010/05/15 16:49:18 | 000,000,000 | ---D | C] -- C:\Users\Mem'S\AppData\Local\Temp
[2010/05/15 16:49:18 | 000,000,000 | ---D | C] -- C:\Users\Mem'S\AppData\Local\Microsoft
[2010/05/15 16:49:18 | 000,000,000 | ---D | C] -- C:\Users\Mem'S\AppData\Roaming\Media Center Programs
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2010/05/30 22:05:43 | 001,310,720 | -HS- | M] () -- C:\Users\Mem'S\NTUSER.DAT
[2010/05/30 21:58:49 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Users\Mem'S\Desktop\OTL.exe
[2010/05/30 21:54:00 | 000,001,080 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/30 19:28:22 | 001,685,381 | ---- | M] () -- C:\UsbFix_Upload_Me_MEMS-PC.zip
[2010/05/30 19:26:10 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/30 19:22:09 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/30 19:22:09 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/30 19:11:18 | 000,001,740 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2010/05/30 19:11:00 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/30 19:10:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/30 19:10:48 | 3054,882,816 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/30 19:05:50 | 002,571,278 | -H-- | M] () -- C:\Users\Mem'S\AppData\Local\IconCache.db
[2010/05/30 19:02:03 | 001,166,415 | ---- | M] (C_XX & El Desaparecido) -- C:\Users\Mem'S\Desktop\Usbfix.exe
[2010/05/30 18:28:30 | 001,524,562 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/05/30 18:28:30 | 000,695,004 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2010/05/30 18:28:30 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/05/30 18:28:30 | 000,127,684 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2010/05/30 18:28:30 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/05/30 17:31:56 | 060,540,981 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/05/30 16:08:08 | 000,002,101 | ---- | M] () -- C:\Users\Mem'S\Desktop\Sniffle.lnk
[2010/05/30 14:24:52 | 000,000,024 | ---- | M] () -- C:\Windows\ATKPF.ini
[2010/05/24 23:02:59 | 000,001,138 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2010/05/23 20:17:11 | 000,122,704 | ---- | M] () -- C:\Users\Mem'S\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/05/23 20:16:13 | 000,451,328 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/05/23 16:56:29 | 000,000,478 | ---- | M] () -- C:\Windows\win.ini
[2010/05/23 15:21:31 | 000,834,544 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys
[2010/05/23 11:59:41 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/05/20 21:34:25 | 423,761,403 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/05/18 11:00:47 | 000,001,856 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010/05/18 11:00:41 | 000,012,976 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll
[2010/05/18 11:00:39 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2010/05/18 11:00:36 | 000,269,320 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2010/05/18 11:00:34 | 000,113,461 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\iavichjw.avm
[2010/05/18 11:00:34 | 000,035,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2010/05/18 10:28:50 | 000,000,824 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfud.bin
[2010/05/18 10:27:09 | 000,000,824 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfss.bin
[2010/05/17 13:24:10 | 000,002,286 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/05/16 07:44:22 | 000,053,560 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2010/05/16 07:44:22 | 000,053,560 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2010/05/15 18:58:43 | 000,524,288 | -HS- | M] () -- C:\Users\Mem'S\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010/05/15 18:58:43 | 000,524,288 | -HS- | M] () -- C:\Users\Mem'S\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010/05/15 18:58:43 | 000,065,536 | -HS- | M] () -- C:\Users\Mem'S\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010/05/15 18:13:34 | 000,001,941 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/05/15 16:53:01 | 000,000,020 | ---- | M] () -- C:\Windows\ˆøq
[2010/05/15 16:49:19 | 000,000,020 | -HS- | M] () -- C:\Users\Mem'S\ntuser.ini
[2010/05/15 16:48:53 | 000,000,080 | ---- | M] () -- C:\Windows\SysNative\Defrag.ini
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2010/05/30 19:28:22 | 001,685,381 | ---- | C] () -- C:\UsbFix_Upload_Me_MEMS-PC.zip
[2010/05/30 16:08:08 | 000,002,101 | ---- | C] () -- C:\Users\Mem'S\Desktop\Sniffle.lnk
[2010/05/23 17:06:57 | 000,077,824 | ---- | C] () -- C:\Windows\KMService.exe
[2010/05/23 17:06:57 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2010/05/23 15:21:31 | 000,834,544 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys
[2010/05/20 21:34:25 | 423,761,403 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/05/18 11:00:47 | 000,001,856 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010/05/18 11:00:34 | 060,540,981 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/05/18 11:00:34 | 000,113,461 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\iavichjw.avm
[2010/05/17 13:24:10 | 000,002,286 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/05/16 15:25:17 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2010/05/16 07:41:59 | 3054,882,816 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/15 18:13:34 | 000,001,941 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/05/15 16:53:00 | 000,000,020 | ---- | C] () -- C:\Windows\ˆøq
[2010/04/24 16:00:17 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\LogonStart.dll
[2010/01/08 05:19:07 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/01/08 05:19:07 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2009/08/19 10:33:09 | 000,000,232 | ---- | C] () -- C:\Windows\OOBEPlayer.ini
[2009/07/29 07:20:40 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2010/05/15 23:15:52 | 000,000,000 | ---D | M] -- C:\Users\Mem'S\AppData\Roaming\Asus WebStorage
[2010/05/23 15:39:24 | 000,000,000 | ---D | M] -- C:\Users\Mem'S\AppData\Roaming\DAEMON Tools Lite
[2010/05/24 15:13:21 | 000,000,000 | ---D | M] -- C:\Users\Mem'S\AppData\Roaming\Uniblue
[2010/05/15 17:07:56 | 000,000,000 | ---D | M] -- C:\Users\Mem'S\AppData\Roaming\Windows Live Writer
[2009/07/14 07:08:49 | 000,014,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Custom Scans ==========[/color]
 
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
 
[color=#A23BEC]< G:\*.inf /s /md5 >[/color]
[2004/09/09 16:18:08 | 000,000,050 | ---- | M] () MD5=00934DF711711BC0E1F068E581BB527D -- G:\MemS\ISEG\ISEG 2009-2010\negociation commerciale\colloque Etienne Thil Marketing\AUTORUN.INF
[2004/09/09 16:18:08 | 000,000,050 | ---- | M] () MD5=00934DF711711BC0E1F068E581BB527D -- G:\MemS\Nouveau dossier (2)\ISEG\ISEG 2009-2010\negociation commerciale\colloque Etienne Thil Marketing\AUTORUN.INF
[2005/03/05 16:13:14 | 000,002,511 | ---- | M] () MD5=EE72145E1112744DAA614CCE1D7BD733 -- G:\MemS\Nouveau dossier (2)\Setup Prog\SphinxME v5\Modules\Sphx\sphx.inf
[2006/10/28 03:01:12 | 000,000,175 | ---- | M] () MD5=4B7BFC85ABE1DB733A3383FE28A69831 -- G:\MemS\Office 2007\AUTORUN.INF
[2005/03/05 16:13:14 | 000,002,511 | ---- | M] () MD5=EE72145E1112744DAA614CCE1D7BD733 -- G:\MemS\Setup Prog\SphinxME v5\Modules\Sphx\sphx.inf
 
[color=#A23BEC]< G:\*.exe /s /md5 >[/color]
[2009/07/09 12:37:18 | 003,389,751 | ---- | M] () MD5=C05D1CA1E0FB20214344F37DEDF14976 -- G:\MemS\ir0462.exe
[1998/02/18 19:00:00 | 000,048,640 | ---- | M] () MD5=02D25C9A7FAC6B3FF1E3FFA3AA644C74 -- G:\MemS\ISEG\ISEG 2009-2010\negociation commerciale\colloque Etienne Thil Marketing\BIN\I386\SHELEX32.EXE
[1998/02/18 19:00:00 | 000,018,944 | ---- | M] () MD5=74047FEC87C64190D2FA073DEFA29061 -- G:\MemS\ISEG\ISEG 2009-2010\negociation commerciale\colloque Etienne Thil Marketing\BIN\I386\SHELEXEC.EXE
[1998/02/18 19:00:00 | 000,048,640 | ---- | M] () MD5=02D25C9A7FAC6B3FF1E3FFA3AA644C74 -- G:\MemS\Nouveau dossier (2)\ISEG\ISEG 2009-2010\negociation commerciale\colloque Etienne Thil Marketing\BIN\I386\SHELEX32.EXE
[1998/02/18 19:00:00 | 000,018,944 | ---- | M] () MD5=74047FEC87C64190D2FA073DEFA29061 -- G:\MemS\Nouveau dossier (2)\ISEG\ISEG 2009-2010\negociation commerciale\colloque Etienne Thil Marketing\BIN\I386\SHELEXEC.EXE
[2006/10/28 02:52:44 | 000,813,384 | ---- | M] (Microsoft Corporation) MD5=C6D0721E9156EB2A40A04BB38BE0B2A5 -- G:\MemS\Nouveau dossier (2)\Office 2007\OFFICE.FR-FR\DW20.EXE
[2006/10/28 02:53:34 | 000,434,528 | ---- | M] (Microsoft Corporation) MD5=29E177C7BB7343F365F12AD9A8AF4C48 -- G:\MemS\Nouveau dossier (2)\Office 2007\OFFICE.FR-FR\DWTRIG20.EXE
[2006/10/28 02:58:26 | 000,145,184 | ---- | M] (Microsoft Corporation) MD5=5A432A042DAE460ABE7199B758E8606C -- G:\MemS\Nouveau dossier (2)\Office 2007\PROPLUS.WW\OSE.EXE
[2009/06/25 23:46:12 | 013,916,672 | ---- | M] () MD5=E68A1139B2E80C585028A138D1297C87 -- G:\MemS\Nouveau dossier (2)\PokerTH\pokerth.exe
[2008/02/24 20:04:52 | 000,040,960 | ---- | M] () MD5=D9D08D874BD0CE3F35C7CA3990ED957B -- G:\MemS\Nouveau dossier (2)\Setup Prog\aircrack-ng-0.9.3-win\bin\Aircrack-ng GUI.exe
[2008/02/24 20:12:24 | 000,944,151 | ---- | M] () MD5=A16C86F5CFAC7EB420C2B795FCB616C8 -- G:\MemS\Nouveau dossier (2)\Setup Prog\aircrack-ng-0.9.3-win\bin\aircrack-ng.exe
[2008/02/24 20:12:30 | 000,500,870 | ---- | M] () MD5=C6DC42FD5FBD7E30511515104AD6CFE2 -- G:\MemS\Nouveau dossier (2)\Setup Prog\aircrack-ng-0.9.3-win\bin\airdecap-ng.exe
[2008/02/24 20:12:36 | 000,596,176 | ---- | M] () MD5=21B4E5F338913037C5A1806F2501A443 -- G:\MemS\Nouveau dossier (2)\Setup Prog\aircrack-ng-0.9.3-win\bin\aireplay-ng.exe
[2008/02/24 20:07:34 | 000,077,824 | ---- | M] () MD5=3761DD77BD772FC0624334369D89B516 -- G:\MemS\Nouveau dossier (2)\Setup Prog\aircrack-ng-0.9.3-win\bin\airodump-ng-airpcap.exe
[2008/02/24 20:06:02 | 000,077,824 | ---- | M] () MD5=2BD5F209E1AF9F60879843AB8EF7D011 -- G:\MemS\Nouveau dossier (2)\Setup Prog\aircrack-ng-0.9.3-win\bin\airodump-ng.exe
[2008/02/24 20:12:40 | 000,405,711 | ---- | M] () MD5=85B725D41E47B0D5DCF00D3C7D6E20C9 -- G:\MemS\Nouveau dossier (2)\Setup Prog\aircrack-ng-0.9.3-win\bin\ivstools.exe
[2008/02/24 20:12:40 | 000,031,844 | ---- | M] () MD5=D73E1485C839D89609F551F5C45D1FCD -- G:\MemS\Nouveau dossier (2)\Setup Prog\aircrack-ng-0.9.3-win\bin\kstats.exe
[2008/02/24 20:12:42 | 000,024,692 | ---- | M] () MD5=43F2B9470255902409515E6FBDA89995 -- G:\MemS\Nouveau dossier (2)\Setup Prog\aircrack-ng-0.9.3-win\bin\makeivs.exe
[2008/02/24 20:12:38 | 000,449,209 | ---- | M] () MD5=D45D404683986177121A0E6BEB173141 -- G:\MemS\Nouveau dossier (2)\Setup Prog\aircrack-ng-0.9.3-win\bin\packetforge-ng.exe
[2007/05/13 21:53:56 | 000,053,248 | ---- | M] () MD5=00E2BDE4FC4A5C4599E0004659CBBA65 -- G:\MemS\Nouveau dossier (2)\Setup Prog\aircrack-ng-0.9.3-win\bin\wzcook.exe
[2008/06/30 08:19:48 | 009,764,864 | ---- | M] (Sphinx Developpement) MD5=345B67044ED988C3C40BCED131187324 -- G:\MemS\Nouveau dossier (2)\Setup Prog\SphinxME v5\Eureka.exe
[2008/06/26 14:33:26 | 005,103,616 | ---- | M] (Sphinx Développement, France) MD5=BC62DEF9AF44BFB20D590F273C5DB69A -- G:\MemS\Nouveau dossier (2)\Setup Prog\SphinxME v5\Sphinx.exe
[2003/02/21 14:15:14 | 000,098,304 | ---- | M] (Ergole Informatique) MD5=F1E66F66E8B1EFD3C22FC3CE31ACF0DB -- G:\MemS\Nouveau dossier (2)\Setup Prog\SphinxME v5\ConvertEuro\ConvertEuro.exe
[2003/06/21 16:46:06 | 003,948,544 | ---- | M] (ERGOLE informatique) MD5=78597595E0364AC7FC9528159616EBE0 -- G:\MemS\Nouveau dossier (2)\Setup Prog\SphinxME v5\Eureka\Eureka.exe
[2003/06/10 10:54:54 | 000,118,784 | ---- | M] () MD5=ECB5CEC0C95CD0F37F4EF7E66EA2BC26 -- G:\MemS\Nouveau dossier (2)\Setup Prog\SphinxME v5\Eureka\Modules\FormScript.exe
[2003/03/31 09:33:58 | 000,393,216 | ---- | M] () MD5=B20F75B4D17CAB59C3D1A8B9182D89F0 -- G:\MemS\Nouveau dossier (2)\Setup Prog\SphinxME v5\Licence\Licence.exe
[1998/06/19 12:23:26 | 000,270,848 | ---- | M] () MD5=93A8A22711442A01E4B68E413ED7F7D9 -- G:\MemS\Nouveau dossier (2)\Setup Prog\SphinxME v5\Licence\UNWISE.EXE
[2003/06/10 10:54:54 | 000,118,784 | ---- | M] () MD5=ECB5CEC0C95CD0F37F4EF7E66EA2BC26 -- G:\MemS\Nouveau dossier (2)\Setup Prog\SphinxME v5\Modules\FormScript45.exe
[2006/02/20 10:04:00 | 000,131,072 | ---- | M] () MD5=5755AB4E2890E1761CFEBA4D39974CBF -- G:\MemS\Nouveau dossier (2)\Setup Prog\SphinxME v5\Modules\_Formscript.exe
[2005/11/03 15:49:22 | 000,024,576 | ---- | M] ( Ergole) MD5=8E1ADCAEFD995CB5446BFB8A46B5D157 -- G:\MemS\Nouveau dossier (2)\Setup Prog\SphinxME v5\Modules\SphinxIO\Exemples\Ex_COM_VB\Ex_Com_VB.exe
[2005/10/17 18:00:26 | 000,061,440 | ---- | M] () MD5=19770D0BBFB472104309987A37D8DF0C -- G:\MemS\Nouveau dossier (2)\Setup Prog\SphinxME v5\Modules\SphinxIO\Exemples\Ex_DLL_VC\Exemple.exe
[2005/09/15 09:52:12 | 000,512,000 | ---- | M] () MD5=339AAC3161F2B04D6F2B9AADD3B3058D -- G:\MemS\Nouveau dossier (2)\Setup Prog\SphinxME v5\Modules\SphList\SphList.exe
[2004/05/17 16:20:38 | 000,421,888 | ---- | M] (ERGOLE informatique) MD5=83F2A8729D6EC8EDA6CFE542B05016A1 -- G:\MemS\Nouveau dossier (2)\Setup Prog\SphinxME v5\Modules\SphMail\Emailing.exe
[2008/06/02 10:53:10 | 001,228,800 | ---- | M] (Le Sphinx-Developpement) MD5=2733405780EA85EAAC57F0EEB8077934 -- G:\MemS\Nouveau dossier (2)\Setup Prog\SphinxME v5\Modules\SphMerge\SphMerge.exe
[2002/05/29 12:44:40 | 000,086,016 | ---- | M] () MD5=53096E02CBF8C71F28579D491EBEEB2D -- G:\MemS\Nouveau dossier (2)\Setup Prog\SphinxME v5\Modules\SphMerge\sss2xml.exe
[2005/08/10 16:24:50 | 000,241,664 | ---- | M] () MD5=96129B69DDD9DED9D5386D8FB708C1AE -- G:\MemS\Nouveau dossier (2)\Setup Prog\SphinxME v5\Modules\SphOrtho\TestOrtho.exe
[2004/10/11 14:46:54 | 000,389,120 | ---- | M] (ERGOLE informatique) MD5=B37F8C49346A3DFE491C7881B55AE6E6 -- G:\MemS\Nouveau dossier (2)\Setup Prog\SphinxME v5\Modules\SphPrSc\SphPrSc.exe
[2006/02/17 16:53:46 | 000,040,960 | ---- | M] () MD5=3B60F4F318902D508AC81E2A1A99C1C7 -- G:\MemS\Nouveau dossier (2)\Setup Prog\SphinxME v5\Modules\SphPublish\SphPublish.exe
[2008/04/30 16:28:30 | 000,028,672 | ---- | M] (ERGOLE Informatique) MD5=8FDE68A938B11FA13DEC8846F8A22440 -- G:\MemS\Nouveau dossier (2)\Setup Prog\SphinxME v5\Modules\SphQueXml\SphQueXml.exe
[2001/10/24 11:09:06 | 000,225,280 | ---- | M] () MD5=B3F07A234CE8D34EEB04479A27CB2405 -- G:\MemS\Nouveau dossier (2)\Setup Prog\SphinxME v5\Modules\SphTools\RenommeFic.exe
[2002/02/14 17:39:08 | 000,147,456 | ---- | M] () MD5=4C7CA3419620ED9D87CD23E2A3602A0B -- G:\MemS\Nouveau dossier (2)\Setup Prog\SphinxME v5\Modules\SphTools\Sph2Office.exe
[2004/01/28 18:43:58 | 000,032,768 | ---- | M] () MD5=6F766E439C3FB0C521084EF094F516E2 -- G:\MemS\Nouveau dossier (2)\Setup Prog\SphinxME v5\Modules\SphTools\sphconcat.exe
[1997/01/20 16:17:36 | 000,115,200 | ---- | M] () MD5=213E41B32DE380C03190DBB18670979A -- G:\MemS\Nouveau dossier (2)\Setup Prog\SphinxME v5\Modules\SphTools\SW32.EXE
[2002/01/15 08:21:20 | 000,098,304 | ---- | M] (Ergole Informatique) MD5=5D7EA1DBB887BDE7AAC2C44ACC2DE240 -- G:\MemS\Nouveau dossier (2)\Setup Prog\SphinxME v5\Modules\SphTools\ConvertEuro\ConvertEuro.exe
[2002/02/14 17:39:08 | 000,147,456 | ---- | M] () MD5=4C7CA3419620ED9D87CD23E2A3602A0B -- G:\MemS\Nouveau dossier (2)\Setup Prog\SphinxME v5\Modules\SphTools\Sph2Office\Sph2Office.exe
[2004/01/07 17:23:20 | 000,144,896 | ---- | M] (Ergole Informatique) MD5=D8129BB59A32024A31A2DD6DC8FD1FA0 -- G:\MemS\Nouveau dossier (2)\Setup Prog\SphinxME v5\Modules\SphTools\SphAdminPDA\AdminSphinx_2002.exe
[2004/01/07 17:22:06 | 000,187,904 | ---- | M] (Ergole Informatique) MD5=39ED43F7CB2D6476983C6FBAFA0FA170 -- G:\MemS\Nouveau dossier (2)\Setup Prog\SphinxME v5\Modules\SphTools\SphAdminPDA\AdminSphinx_ARM.exe
[2004/01/07 17:22:00 | 000,129,536 | ---- | M] (Ergole Informatique) MD5=441CAD9CD8A1D570C4B2C987DCDBA8D1 -- G:\MemS\Nouveau dossier (2)\Setup Prog\SphinxME v5\Modules\SphTools\SphAdminPDA\AdminSphinx_MIPS.exe
[2004/01/07 17:22:04 | 000,101,376 | ---- | M] (Ergole Informatique) MD5=20B58D1EDDF0317D0FE087C8A151EF1A -- G:\MemS\Nouveau dossier (2)\Setup Prog\SphinxME v5\Modules\SphTools\SphAdminPDA\AdminSphinx_SH3.exe
[2004/01/07 17:22:02 | 000,101,376 | ---- | M] (Ergole Informatique) MD5=08A7B9E0CB1BD9C23AF2861A76BF8F1B -- G:\MemS\Nouveau dossier (2)\Setup Prog\SphinxME v5\Modules\SphTools\SphAdminPDA\AdminSphinx_SH4.exe
[2004/10/05 09:27:24 | 000,212,992 | ---- | M] () MD5=7047B5480EEA34841E0EE7A2B02DEC72 -- G:\MemS\Nouveau dossier (2)\Setup Prog\SphinxME v5\Modules\SphTools\SphFiltreLog\SphFiltreLog.exe
[2007/02/22 19:02:02 | 001,544,287 | ---- | M] () MD5=405CE922F1F3170A6F9471FA546CA337 -- G:\MemS\Nouveau dossier (2)\Setup Prog\SphinxME v5\Modules\SphTools\SphScan2Word\SphScan2Word.exe
[2002/04/29 02:11:00 | 000,285,184 | ---- | M] (Asselberghs) MD5=4327A35D312C35BCBE9469E42DD638A9 -- G:\MemS\Nouveau dossier (2)\Setup Prog\SphinxME v5\Modules\SphTools\ViewSav\ViewSav.exe
[2002/11/22 18:28:04 | 000,126,976 | ---- | M] (ERGOLE Informatique) MD5=D1B4048C4791B0DE6A7BB77ABE532B4A -- G:\MemS\Nouveau dossier (2)\Setup Prog\SphinxME v5\Modules\SphTrad\TraductionSphinx.exe
[2007/09/04 13:32:58 | 000,417,792 | ---- | M] (ERGOLE informatique) MD5=85AFA49A1FD1DB0D5EE837B733EE9A5E -- G:\MemS\Nouveau dossier (2)\Setup Prog\SphinxME v5\Serveur\compte.exe
[2003/08/22 17:11:08 | 003,354,624 | ---- | M] (Le Sphinx Développement) MD5=03832A3E1A962C20EC752B01F99A5718 -- G:\MemS\Nouveau dossier (2)\Setup Prog\SphinxME\Sphinx.exe
[2003/02/21 14:15:14 | 000,098,304 | ---- | M] (Ergole Informatique) MD5=F1E66F66E8B1EFD3C22FC3CE31ACF0DB -- G:\MemS\Nouveau dossier (2)\Setup Prog\SphinxME\ConvertEuro\ConvertEuro.exe
[2003/06/21 16:46:06 | 003,948,544 | ---- | M] (ERGOLE informatique) MD5=78597595E0364AC7FC9528159616EBE0 -- G:\MemS\Nouveau dossier (2)\Setup Prog\SphinxME\Eureka\Eureka.exe
[2003/06/10 10:54:54 | 000,118,784 | ---- | M] () MD5=ECB5CEC0C95CD0F37F4EF7E66EA2BC26 -- G:\MemS\Nouveau dossier (2)\Setup Prog\SphinxME\Eureka\Modules\FormScript.exe
[2003/03/31 09:33:58 | 000,393,216 | ---- | M] () MD5=B20F75B4D17CAB59C3D1A8B9182D89F0 -- G:\MemS\Nouveau dossier (2)\Setup Prog\SphinxME\Licence\Licence.exe
[1998/06/19 12:23:26 | 000,270,848 | ---- | M] () MD5=93A8A22711442A01E4B68E413ED7F7D9 -- G:\MemS\Nouveau dossier (2)\Setup Prog\SphinxME\Licence\UNWISE.EXE
[2003/04/02 12:03:54 | 000,438,272 | ---- | M] () MD5=9B27E56BEFC542841C973142B56632D6 -- G:\MemS\Nouveau dossier (2)\Setup Prog\SphinxME\Modules\SphList\SphList.exe
[2003/05/15 10:22:40 | 000,540,672 | ---- | M] () MD5=4463B0954AF7CEC72CF07BE102F4ADAF -- G:\MemS\Nouveau dossier (2)\Setup Prog\SphinxME\Modules\SphMerge\SphMerge.exe
[2003/07/09 09:56:48 | 000,389,120 | ---- | M] (ERGOLE informatique) MD5=60010AC50A37E80E8151A26E8F3D66AB -- G:\MemS\Nouveau dossier (2)\Setup Prog\SphinxME\Modules\SphPrSc\SphPrSc.exe
[2001/10/24 11:09:06 | 000,225,280 | ---- | M] () MD5=B3F07A234CE8D34EEB04479A27CB2405 -- G:\MemS\Nouveau dossier (2)\Setup Prog\SphinxME\Modules\SphTools\RenommeFic.exe
[2002/02/14 17:39:08 | 000,147,456 | ---- | M] () MD5=4C7CA3419620ED9D87CD23E2A3602A0B -- G:\MemS\Nouveau dossier (2)\Setup Prog\SphinxME\Modules\SphTools\Sph2Office.exe
[2002/02/20 11:35:40 | 000,032,768 | ---- | M] () MD5=A611A90A9A0AAFEB0942EB572472A76F -- G:\MemS\Nouveau dossier (2)\Setup Prog\SphinxME\Modules\SphTools\sphconcat.exe
[1997/01/20 16:17:36 | 000,115,200 | ---- | M] () MD5=213E41B32DE380C03190DBB18670979A -- G:\MemS\Nouveau dossier (2)\Setup Prog\SphinxME\Modules\SphTools\SW32.EXE
[2002/11/22 18:28:04 | 000,126,976 | ---- | M] (ERGOLE Informatique) MD5=D1B4048C4791B0DE6A7BB77ABE532B4A -- G:\MemS\Nouveau dossier (2)\Setup Prog\SphinxME\Modules\SphTrad\TraductionSphinx.exe
[2003/06/26 12:47:10 | 000,409,600 | ---- | M] (ERGOLE informatique) MD5=7C5D6D0F151978DD486EE1B2733B2650 -- G:\MemS\Nouveau dossier (2)\Setup Prog\SphinxME\Serveur\Compte.exe
[2006/08/28 08:55:56 | 000,713,288 | ---- | M] (Microsoft Corporation) MD5=F26E76E2D7B0794A70C95D04C03998D6 -- G:\MemS\Office 2007\SaveAsPDFandXPS.exe
[2006/10/28 03:01:12 | 000,463,152 | ---- | M] (Microsoft Corporation) MD5=95B8A4245A6CD37D36E56FAE5A23E2B1 -- G:\MemS\Office 2007\SETUP.EXE
[2006/10/28 02:52:44 | 000,813,384 | ---- | M] (Microsoft Corporation) MD5=C6D0721E9156EB2A40A04BB38BE0B2A5 -- G:\MemS\Office 2007\OFFICE.FR-FR\DW20.EXE
[2006/10/28 02:53:34 | 000,434,528 | ---- | M] (Microsoft Corporation) MD5=29E177C7BB7343F365F12AD9A8AF4C48 -- G:\MemS\Office 2007\OFFICE.FR-FR\DWTRIG20.EXE
[2006/10/28 02:58:26 | 000,145,184 | ---- | M] (Microsoft Corporation) MD5=5A432A042DAE460ABE7199B758E8606C -- G:\MemS\Office 2007\PROPLUS.WW\OSE.EXE
[2009/06/25 23:46:12 | 013,916,672 | ---- | M] () MD5=E68A1139B2E80C585028A138D1297C87 -- G:\MemS\PokerTH\pokerth.exe
[2008/02/24 20:04:52 | 000,040,960 | ---- | M] () MD5=D9D08D874BD0CE3F35C7CA3990ED957B -- G:\MemS\Setup Prog\aircrack-ng-0.9.3-win\bin\Aircrack-ng GUI.exe
[2008/02/24 20:12:24 | 000,944,151 | ---- | M] () MD5=A16C86F5CFAC7EB420C2B795FCB616C8 -- G:\MemS\Setup Prog\aircrack-ng-0.9.3-win\bin\aircrack-ng.exe
[2008/02/24 20:12:30 | 000,500,870 | ---- | M] () MD5=C6DC42FD5FBD7E30511515104AD6CFE2 -- G:\MemS\Setup Prog\aircrack-ng-0.9.3-win\bin\airdecap-ng.exe
[2008/02/24 20:12:36 | 000,596,176 | ---- | M] () MD5=21B4E5F338913037C5A1806F2501A443 -- G:\MemS\Setup Prog\aircrack-ng-0.9.3-win\bin\aireplay-ng.exe
[2008/02/24 20:07:34 | 000,077,824 | ---- | M] () MD5=3761DD77BD772FC0624334369D89B516 -- G:\MemS\Setup Prog\aircrack-ng-0.9.3-win\bin\airodump-ng-airpcap.exe
[2008/02/24 20:06:02 | 000,077,824 | ---- | M] () MD5=2BD5F209E1AF9F60879843AB8EF7D011 -- G:\MemS\Setup Prog\aircrack-ng-0.9.3-win\bin\airodump-ng.exe
[2008/02/24 20:12:40 | 000,405,711 | ---- | M] () MD5=85B725D41E47B0D5DCF00D3C7D6E20C9 -- G:\MemS\Setup Prog\aircrack-ng-0.9.3-win\bin\ivstools.exe
[2008/02/24 20:12:40 | 000,031,844 | ---- | M] () MD5=D73E1485C839D89609F551F5C45D1FCD -- G:\MemS\Setup Prog\aircrack-ng-0.9.3-win\bin\kstats.exe
[2008/02/24 20:12:42 | 000,024,692 | ---- | M] () MD5=43F2B9470255902409515E6FBDA89995 -- G:\MemS\Setup Prog\aircrack-ng-0.9.3-win\bin\makeivs.exe
[2008/02/24 20:12:38 | 000,449,209 | ---- | M] () MD5=D45D404683986177121A0E6BEB173141 -- G:\MemS\Setup Prog\aircrack-ng-0.9.3-win\bin\packetforge-ng.exe
[2007/05/13 21:53:56 | 000,053,248 | ---- | M] () MD5=00E2BDE4FC4A5C4599E0004659CBBA65 -- G:\MemS\Setup Prog\aircrack-ng-0.9.3-win\bin\wzcook.exe
[2008/06/30 08:19:48 | 009,764,864 | ---- | M] (Sphinx Developpement) MD5=345B67044ED988C3C40BCED131187324 -- G:\MemS\Setup Prog\SphinxME v5\Eureka.exe
[2008/06/26 14:33:26 | 005,103,616 | ---- | M] (Sphinx Développement, France) MD5=BC62DEF9AF44BFB20D590F273C5DB69A -- G:\MemS\Setup Prog\SphinxME v5\Sphinx.exe
[2003/02/21 14:15:14 | 000,098,304 | ---- | M] (Ergole Informatique) MD5=F1E66F66E8B1EFD3C22FC3CE31ACF0DB -- G:\MemS\Setup Prog\SphinxME v5\ConvertEuro\ConvertEuro.exe
[2003/06/21 16:46:06 | 003,948,544 | ---- | M] (ERGOLE informatique) MD5=78597595E0364AC7FC9528159616EBE0 -- G:\MemS\Setup Prog\SphinxME v5\Eureka\Eureka.exe
[2003/06/10 10:54:54 | 000,118,784 | ---- | M] () MD5=ECB5CEC0C95CD0F37F4EF7E66EA2BC26 -- G:\MemS\Setup Prog\SphinxME v5\Eureka\Modules\FormScript.exe
[2003/03/31 09:33:58 | 000,393,216 | ---- | M] () MD5=B20F75B4D17CAB59C3D1A8B9182D89F0 -- G:\MemS\Setup Prog\SphinxME v5\Licence\Licence.exe
[1998/06/19 12:23:26 | 000,270,848 | ---- | M] () MD5=93A8A22711442A01E4B68E413ED7F7D9 -- G:\MemS\Setup Prog\SphinxME v5\Licence\UNWISE.EXE
[2003/06/10 10:54:54 | 000,118,784 | ---- | M] () MD5=ECB5CEC0C95CD0F37F4EF7E66EA2BC26 -- G:\MemS\Setup Prog\SphinxME v5\Modules\FormScript45.exe
[2006/02/20 10:04:00 | 000,131,072 | ---- | M] () MD5=5755AB4E2890E1761CFEBA4D39974CBF -- G:\MemS\Setup Prog\SphinxME v5\Modules\_Formscript.exe
[2005/11/03 15:49:22 | 000,024,576 | ---- | M] ( Ergole) MD5=8E1ADCAEFD995CB5446BFB8A46B5D157 -- G:\MemS\Setup Prog\SphinxME v5\Modules\SphinxIO\Exemples\Ex_COM_VB\Ex_Com_VB.exe
[2005/10/17 18:00:26 | 000,061,440 | ---- | M] () MD5=19770D0BBFB472104309987A37D8DF0C -- G:\MemS\Setup Prog\SphinxME v5\Modules\SphinxIO\Exemples\Ex_DLL_VC\Exemple.exe
[2005/09/15 09:52:12 | 000,512,000 | ---- | M] () MD5=339AAC3161F2B04D6F2B9AADD3B3058D -- G:\MemS\Setup Prog\SphinxME v5\Modules\SphList\SphList.exe
[2004/05/17 16:20:38 | 000,421,888 | ---- | M] (ERGOLE informatique) MD5=83F2A8729D6EC8EDA6CFE542B05016A1 -- G:\MemS\Setup Prog\SphinxME v5\Modules\SphMail\Emailing.exe
[2008/06/02 10:53:10 | 001,228,800 | ---- | M] (Le Sphinx-Developpement) MD5=2733405780EA85EAAC57F0EEB8077934 -- G:\MemS\Setup Prog\SphinxME v5\Modules\SphMerge\SphMerge.exe
[2002/05/29 12:44:40 | 000,086,016 | ---- | M] () MD5=53096E02CBF8C71F28579D491EBEEB2D -- G:\MemS\Setup Prog\SphinxME v5\Modules\SphMerge\sss2xml.exe
[2005/08/10 16:24:50 | 000,241,664 | ---- | M] () MD5=96129B69DDD9DED9D5386D8FB708C1AE -- G:\MemS\Setup Prog\SphinxME v5\Modules\SphOrtho\TestOrtho.exe
[2004/10/11 14:46:54 | 000,389,120 | ---- | M] (ERGOLE informatique) MD5=B37F8C49346A3DFE491C7881B55AE6E6 -- G:\MemS\Setup Prog\SphinxME v5\Modules\SphPrSc\SphPrSc.exe
[2006/02/17 16:53:46 | 000,040,960 | ---- | M] () MD5=3B60F4F318902D508AC81E2A1A99C1C7 -- G:\MemS\Setup Prog\SphinxME v5\Modules\SphPublish\SphPublish.exe
[2008/04/30 16:28:30 | 000,028,672 | ---- | M] (ERGOLE Informatique) MD5=8FDE68A938B11FA13DEC8846F8A22440 -- G:\MemS\Setup Prog\SphinxME v5\Modules\SphQueXml\SphQueXml.exe
[2001/10/24 11:09:06 | 000,225,280 | ---- | M] () MD5=B3F07A234CE8D34EEB04479A27CB2405 -- G:\MemS\Setup Prog\SphinxME v5\Modules\SphTools\RenommeFic.exe
[2002/02/14 17:39:08 | 000,147,456 | ---- | M] () MD5=4C7CA3419620ED9D87CD23E2A3602A0B -- G:\MemS\Setup Prog\SphinxME v5\Modules\SphTools\Sph2Office.exe
[2004/01/28 18:43:58 | 000,032,768 | ---- | M] () MD5=6F766E439C3FB0C521084EF094F516E2 -- G:\MemS\Setup Prog\SphinxME v5\Modules\SphTools\sphconcat.exe
[1997/01/20 16:17:36 | 000,115,200 | ---- | M] () MD5=213E41B32DE380C03190DBB18670979A -- G:\MemS\Setup Prog\SphinxME v5\Modules\SphTools\SW32.EXE
[2002/01/15 08:21:20 | 000,098,304 | ---- | M] (Ergole Informatique) MD5=5D7EA1DBB887BDE7AAC2C44ACC2DE240 -- G:\MemS\Setup Prog\SphinxME v5\Modules\SphTools\ConvertEuro\ConvertEuro.exe
[2002/02/14 17:39:08 | 000,147,456 | ---- | M] () MD5=4C7CA3419620ED9D87CD23E2A3602A0B -- G:\MemS\Setup Prog\SphinxME v5\Modules\SphTools\Sph2Office\Sph2Office.exe
[2004/01/07 17:23:20 | 000,144,896 | ---- | M] (Ergole Informatique) MD5=D8129BB59A32024A31A2DD6DC8FD1FA0 -- G:\MemS\Setup Prog\SphinxME v5\Modules\SphTools\SphAdminPDA\AdminSphinx_2002.exe
[2004/01/07 17:22:06 | 000,187,904 | ---- | M] (Ergole Informatique) MD5=39ED43F7CB2D6476983C6FBAFA0FA170 -- G:\MemS\Setup Prog\SphinxME v5\Modules\SphTools\SphAdminPDA\AdminSphinx_ARM.exe
[2004/01/07 17:22:00 | 000,129,536 | ---- | M] (Ergole Informatique) MD5=441CAD9CD8A1D570C4B2C987DCDBA8D1 -- G:\MemS\Setup Prog\SphinxME v5\Modules\SphTools\SphAdminPDA\AdminSphinx_MIPS.exe
[2004/01/07 17:22:04 | 000,101,376 | ---- | M] (Ergole Informatique) MD5=20B58D1EDDF0317D0FE087C8A151EF1A -- G:\MemS\Setup Prog\SphinxME v5\Modules\SphTools\SphAdminPDA\AdminSphinx_SH3.exe
[2004/01/07 17:22:02 | 000,101,376 | ---- | M] (Ergole Informatique) MD5=08A7B9E0CB1BD9C23AF2861A76BF8F1B -- G:\MemS\Setup Prog\SphinxME v5\Modules\SphTools\SphAdminPDA\AdminSphinx_SH4.exe
[2004/10/05 09:27:24 | 000,212,992 | ---- | M] () MD5=7047B5480EEA34841E0EE7A2B02DEC72 -- G:\MemS\Setup Prog\SphinxME v5\Modules\SphTools\SphFiltreLog\SphFiltreLog.exe
[2007/02/22 19:02:02 | 001,544,287 | ---- | M] () MD5=405CE922F1F3170A6F9471FA546CA337 -- G:\MemS\Setup Prog\SphinxME v5\Modules\SphTools\SphScan2Word\SphScan2Word.exe
[2002/04/29 02:11:00 | 000,285,184 | ---- | M] (Asselberghs) MD5=4327A35D312C35BCBE9469E42DD638A9 -- G:\MemS\Setup Prog\SphinxME v5\Modules\SphTools\ViewSav\ViewSav.exe
[2002/11/22 18:28:04 | 000,126,976 | ---- | M] (ERGOLE Informatique) MD5=D1B4048C4791B0DE6A7BB77ABE532B4A -- G:\MemS\Setup Prog\SphinxME v5\Modules\SphTrad\TraductionSphinx.exe
[2007/09/04 13:32:58 | 000,417,792 | ---- | M] (ERGOLE informatique) MD5=85AFA49A1FD1DB0D5EE837B733EE9A5E -- G:\MemS\Setup Prog\SphinxME v5\Serveur\compte.exe
[2003/08/22 17:11:08 | 003,354,624 | ---- | M] (Le Sphinx Développement) MD5=03832A3E1A962C20EC752B01F99A5718 -- G:\MemS\Setup Prog\SphinxME\Sphinx.exe
[2003/02/21 14:15:14 | 000,098,304 | ---- | M] (Ergole Informatique) MD5=F1E66F66E8B1EFD3C22FC3CE31ACF0DB -- G:\MemS\Setup Prog\SphinxME\ConvertEuro\ConvertEuro.exe
[2003/06/21 16:46:06 | 003,948,544 | ---- | M] (ERGOLE informatique) MD5=78597595E0364AC7FC9528159616EBE0 -- G:\MemS\Setup Prog\SphinxME\Eureka\Eureka.exe
[2003/06/10 10:54:54 | 000,118,784 | ---- | M] () MD5=ECB5CEC0C95CD0F37F4EF7E66EA2BC26 -- G:\MemS\Setup Prog\SphinxME\Eureka\Modules\FormScript.exe
[2003/03/31 09:33:58 | 000,393,216 | ---- | M] () MD5=B20F75B4D17CAB59C3D1A8B9182D89F0 -- G:\MemS\Setup Prog\SphinxME\Licence\Licence.exe
[1998/06/19 12:23:26 | 000,270,848 | ---- | M] () MD5=93A8A22711442A01E4B68E413ED7F7D9 -- G:\MemS\Setup Prog\SphinxME\Licence\UNWISE.EXE
[2003/04/02 12:03:54 | 000,438,272 | ---- | M] () MD5=9B27E56BEFC542841C973142B56632D6 -- G:\MemS\Setup Prog\SphinxME\Modules\SphList\SphList.exe
[2003/05/15 10:22:40 | 000,540,672 | ---- | M] () MD5=4463B0954AF7CEC72CF07BE102F4ADAF -- G:\MemS\Setup Prog\SphinxME\Modules\SphMerge\SphMerge.exe
[2003/07/09 09:56:48 | 000,389,120 | ---- | M] (ERGOLE informatique) MD5=60010AC50A37E80E8151A26E8F3D66AB -- G:\MemS\Setup Prog\SphinxME\Modules\SphPrSc\SphPrSc.exe
[2001/10/24 11:09:06 | 000,225,280 | ---- | M] () MD5=B3F07A234CE8D34EEB04479A27CB2405 -- G:\MemS\Setup Prog\SphinxME\Modules\SphTools\RenommeFic.exe
[2002/02/14 17:39:08 | 000,147,456 | ---- | M] () MD5=4C7CA3419620ED9D87CD23E2A3602A0B -- G:\MemS\Setup Prog\SphinxME\Modules\SphTools\Sph2Office.exe
[2002/02/20 11:35:40 | 000,032,768 | ---- | M] () MD5=A611A90A9A0AAFEB0942EB572472A76F -- G:\MemS\Setup Prog\SphinxME\Modules\SphTools\sphconcat.exe
[1997/01/20 16:17:36 | 000,115,200 | ---- | M] () MD5=213E41B32DE380C03190DBB18670979A -- G:\MemS\Setup Prog\SphinxME\Modules\SphTools\SW32.EXE
[2002/11/22 18:28:04 | 000,126,976 | ---- | M] (ERGOLE Informatique) MD5=D1B4048C4791B0DE6A7BB77ABE532B4A -- G:\MemS\Setup Prog\SphinxME\Modules\SphTrad\TraductionSphinx.exe
[2003/06/26 12:47:10 | 000,409,600 | ---- | M] (ERGOLE informatique) MD5=7C5D6D0F151978DD486EE1B2733B2650 -- G:\MemS\Setup Prog\SphinxME\Serveur\Compte.exe
 
 
[color=#A23BEC]< MD5 for: AGP440.SYS  >[/color]
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
 
[color=#A23BEC]< MD5 for: ATAPI.SYS  >[/color]
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
 
[color=#A23BEC]< MD5 for: CDROM.SYS  >[/color]
[2009/07/14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysWow64\DriverStore\FileRepository\cdrom.inf_amd64_neutral_8363d00ecae4322d\cdrom.sys
[2009/07/14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys
 
[color=#A23BEC]< MD5 for: CNGAUDIT.DLL  >[/color]
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
[color=#A23BEC]< MD5 for: DISK.SYS  >[/color]
[2009/07/14 03:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysWow64\DriverStore\FileRepository\disk.inf_amd64_neutral_10ce25bbc5a9cc43\disk.sys
[2009/07/14 03:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_55bb738b8ddd8a01\disk.sys
 
[color=#A23BEC]< MD5 for: IASTOR.SYS  >[/color]
[2009/12/17 04:42:07 | 000,538,136 | ---- | M] (Intel Corporation) MD5=42E00996DFC13C46366689C0EA8ABC5E -- C:\eSupport\eDriver\Software\Others\Intel\IRST\Vista64_Win7_64_9.5.6.1001\iaStor.sys
[2009/12/17 04:42:07 | 000,538,136 | ---- | M] (Intel Corporation) MD5=42E00996DFC13C46366689C0EA8ABC5E -- C:\Windows\SysWow64\DriverStore\FileRepository\iaahci.inf_amd64_neutral_f26ae7769ab43067\iaStor.sys
[2009/12/17 04:25:25 | 000,433,176 | ---- | M] (Intel Corporation) MD5=8CDACD4AD63D49834C6B59DB102E7CD7 -- C:\eSupport\eDriver\Software\Others\Intel\IRST\Vista32_Win7_32_9.5.6.1001\iaStor.sys
 
[color=#A23BEC]< MD5 for: IASTORV.SYS  >[/color]
[2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
[color=#A23BEC]< MD5 for: NDIS.SYS  >[/color]
[2009/07/14 03:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys
 
[color=#A23BEC]< MD5 for: NETLOGON.DLL  >[/color]
[2009/07/14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
[color=#A23BEC]< MD5 for: NVSTOR.SYS  >[/color]
[2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
 
[color=#A23BEC]< MD5 for: RASACD.SYS  >[/color]
[2009/07/14 02:10:09 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=5A0DA8AD5762FA2D91678A8A01311704 -- C:\Windows\winsxs\amd64_microsoft-windows-rasautodial_31bf3856ad364e35_6.1.7600.16385_none_6bcef05d7f04260a\rasacd.sys
 
[color=#A23BEC]< MD5 for: RDPWD.SYS  >[/color]
[2009/07/14 02:16:48 | 000,204,800 | ---- | M] (Microsoft Corporation) MD5=8A3E6BEA1C53EA6177FE2B6EBA2C80D7 -- C:\Windows\winsxs\amd64_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7600.16385_none_a76a79eeeeb38f01\rdpwd.sys
 
[color=#A23BEC]< MD5 for: SCECLI.DLL  >[/color]
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
 
[color=#A23BEC]< MD5 for: SFLOPPY.SYS  >[/color]
[2009/07/14 02:01:02 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=A9D601643A1647211A1EE2EC4E433FF4 -- C:\Windows\SysWow64\DriverStore\FileRepository\flpydisk.inf_amd64_neutral_f54222cc59267e1e\sfloppy.sys
[2009/07/14 02:01:02 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=A9D601643A1647211A1EE2EC4E433FF4 -- C:\Windows\winsxs\amd64_flpydisk.inf_31bf3856ad364e35_6.1.7600.16385_none_42ff01d4942cc5ea\sfloppy.sys
 
[color=#A23BEC]< MD5 for: TDPIPE.SYS  >[/color]
[2009/07/14 02:16:32 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=3371D21011695B16333A3934340C4E7C -- C:\Windows\winsxs\amd64_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.1.7600.16385_none_37a129135e68497e\tdpipe.sys
 
[color=#A23BEC]< MD5 for: TDTCP.SYS  >[/color]
[2009/07/14 02:16:32 | 000,023,552 | ---- | M] (Microsoft Corporation) MD5=E4245BDA3190A582D55ED09E137401A9 -- C:\Windows\winsxs\amd64_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.1.7600.16385_none_37a129135e68497e\tdtcp.sys
 
[color=#A23BEC]< MD5 for: USBPRINT.SYS  >[/color]
[2009/07/14 02:38:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=73188F58FB384E75C4063D29413CEE3D -- C:\Windows\SysWow64\DriverStore\FileRepository\usbprint.inf_amd64_neutral_54948be2bc4bcdd1\usbprint.sys
[2009/07/14 02:38:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=73188F58FB384E75C4063D29413CEE3D -- C:\Windows\winsxs\amd64_usbprint.inf_31bf3856ad364e35_6.1.7600.16385_none_8eeeb411db1b01c5\usbprint.sys
 
[color=#A23BEC]< MD5 for: USBSCAN.SYS  >[/color]
[2009/07/14 02:35:32 | 000,041,984 | ---- | M] (Microsoft Corporation) MD5=AAA2513C8AED8B54B189FD0C6B1634C0 -- C:\Windows\SysWow64\DriverStore\FileRepository\sti.inf_amd64_neutral_9d9a7113099a28a2\usbscan.sys
[2009/07/14 02:35:32 | 000,041,984 | ---- | M] (Microsoft Corporation) MD5=AAA2513C8AED8B54B189FD0C6B1634C0 -- C:\Windows\winsxs\amd64_sti.inf_31bf3856ad364e35_6.1.7600.16385_none_b5d3c30ffa77a77a\usbscan.sys
 
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
 
[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
 
[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles  >[/color]
< End of report >

OTL n'a sorti qu'un seul rapport

EDIT Skynet : Rapport trop long pour être supporté par le forum, je viens de le diviser en deux ;).
Mems
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 11
Inscription: 30 Mai 2010 15:47
 

Re: Infecté par Worm/AuoRun.hc

Message le 30 Mai 2010 21:38

Oops, je viens de m'apercevoir qu'en fait il y a bien un second rapport (Extras.txt). Le voici:
Code: Tout sélectionner
OTL Extras logfile created on: 30/05/2010 22:08:24 - Run 1
OTL by OldTimer - Version 3.2.5.1     Folder = C:\Users\Mem'S\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 65,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116,44 Gb Total Space | 72,93 Gb Free Space | 62,63% Space Free | Partition Type: NTFS
Drive D: | 332,72 Gb Total Space | 332,67 Gb Free Space | 99,98% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 7,47 Gb Total Space | 0,76 Gb Free Space | 10,18% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: MEMS-PC
Current User Name: Mem'S
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1519220938-3604924548-360206279-1002\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-040C-1000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2010
"{90140000-0016-040C-1000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2010
"{90140000-0018-040C-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2010
"{90140000-0019-040C-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2010
"{90140000-001A-040C-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2010
"{90140000-001B-040C-1000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2010
"{90140000-001F-0401-1000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2010
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0413-1000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-040C-1000-0000000FF1CE}" = Microsoft Office Proofing (French) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-040C-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (French) 2010
"{90140000-0044-040C-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2010
"{90140000-006E-040C-1000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2010
"{90140000-00A1-040C-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2010
"{90140000-00BA-040C-1000-0000000FF1CE}" = Microsoft Office Groove MUI (French) 2010
"{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}" = ASUS Power4Gear Hybrid
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{CE50C1E2-10AF-400F-A53A-4A3E0AD486B2}" = Windows Live Contrôle parental
"ASUS WebStorage" = ASUS WebStorage
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Elantech" = ETDWare PS/2-x64 7.0.5.10_WHQL
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUS" = Microsoft Office Professionnel Plus 2010
"USB 2.0 VGA UVC WebCam" = USB 2.0 VGA UVC WebCam
"WinRAR archiver" = WinRAR archiver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01523985-2098-43AF-9C97-12B07BE02A9B}" = Windows Live Call
"{059C042E-796A-4ACC-A81A-ECC2010BB78C}" = Windows Live Messenger
"{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{2231CE39-B963-4B9D-823A-F412ECA637B1}" = Windows Live Writer
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3CCB732A-E472-4CF9-B1EE-F18365341FE0}" = Installation Windows Live
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{43563ACB-371B-4C58-8979-B192B390424C}" = Galerie de photos Windows Live
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{63DC2DA0-2A6C-4C38-9249-B75395458657}" = Windows Live Mail
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{67D0313C-4F15-437D-9A2D-C1564088A26A}" = Windows Live Sync
"{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115233673}" = Dream Day Wedding Married in Manhattan
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-1173957}" = Piggly FREE
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117396510}" = Smileyville FREE
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{915809D6-1F93-45F2-9699-5F1DA64DC24B}" = Windows Live Toolbar
"{95120000-0120-040C-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}" = JMicron Ethernet Adapter NDIS Driver
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{9D6D7811-43B3-463C-BC79-5D1755269989}" = Net4Switch
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.3.2 MUI
"{B653A2EC-D816-4498-A4FD-651047AB9DC9}" = Boingo Wi-Fi
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C9991C9B-0783-452E-8954-AB93E2AB3B80}_is1" = Game Park Console
"{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}" = Assistant de connexion Windows Live
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FA2092C5-7979-412D-A962-6485274AE1EE}" = ASUS Data Security Manager
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ashampoo WinOptimizer 6_is1" = Ashampoo WinOptimizer 6.60
"ASUS AP Bank_is1" = ASUS AP Bank
"AVG9Uninstall" = AVG Free 9.0
"Google Chrome" = Google Chrome
"HijackThis" = HijackThis 2.0.2
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"K_Series_ScreenSaver_EN" = K_Series_ScreenSaver_EN
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"NVIDIA.Updatus" = NVIDIA Updatus
"Usbfix" = Usbfix By C_XX & El Desaparecido
"VLC media player" = VLC media player 1.0.5
"WinLiveSuite_Wave3" = Installation Windows Live
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 15/05/2010 15:54:06 | Computer Name = MemS-PC | Source = Google Update | ID = 20
Description =
 
Error - 16/05/2010 19:26:37 | Computer Name = MemS-PC | Source = SideBySide | ID = 16842815
Description = La création du contexte d’activation a échoué pour « c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll ». Erreur dans le fichier
 de manifeste ou de stratégie « c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll » à la ligne 3.  La valeur « MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR »
 de l’attribut « version » de l’élément « assemblyIdentity » n’est pas valide.
 
Error - 16/05/2010 19:29:05 | Computer Name = MemS-PC | Source = SideBySide | ID = 16842811
Description = La création du contexte d’activation a échoué pour « c:\program files
 (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll ».
Erreur dans le fichier de manifeste ou de stratégie « c:\program files (x86)\microsoft\search
 enhancement pack\search helper\sepsearchhelperie.dll » à la ligne 2.  Syntaxe XML
 non valide.
 
Error - 17/05/2010 18:30:55 | Computer Name = MemS-PC | Source = SideBySide | ID = 16842815
Description = La création du contexte d’activation a échoué pour « c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll ». Erreur dans le fichier
 de manifeste ou de stratégie « c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll » à la ligne 3.  La valeur « MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR »
 de l’attribut « version » de l’élément « assemblyIdentity » n’est pas valide.
 
Error - 17/05/2010 18:32:21 | Computer Name = MemS-PC | Source = SideBySide | ID = 16842811
Description = La création du contexte d’activation a échoué pour « c:\program files
 (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll ».
Erreur dans le fichier de manifeste ou de stratégie « c:\program files (x86)\microsoft\search
 enhancement pack\search helper\sepsearchhelperie.dll » à la ligne 2.  Syntaxe XML
 non valide.
 
Error - 18/05/2010 04:29:32 | Computer Name = MemS-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Les services de chiffrement ont échoué lors du traitement de l’appel
 OnIdentity() dans l’objet System Writer.  Details: AddWin32ServiceFiles: Unable to
 back up image of service Trend Micro Unauthorized Change Prevention Service since
 OpenService API failed  System Error: Le service spécifié n’existe pas en tant que
 service installé.  .
 
Error - 21/05/2010 18:37:45 | Computer Name = MemS-PC | Source = SideBySide | ID = 16842815
Description = La création du contexte d’activation a échoué pour « c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll ». Erreur dans le fichier
 de manifeste ou de stratégie « c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll » à la ligne 3.  La valeur « MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR »
 de l’attribut « version » de l’élément « assemblyIdentity » n’est pas valide.
 
Error - 21/05/2010 18:38:26 | Computer Name = MemS-PC | Source = SideBySide | ID = 16842811
Description = La création du contexte d’activation a échoué pour « c:\program files
 (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll ».
Erreur dans le fichier de manifeste ou de stratégie « c:\program files (x86)\microsoft\search
 enhancement pack\search helper\sepsearchhelperie.dll » à la ligne 2.  Syntaxe XML
 non valide.
 
[ System Events ]
Error - 22/05/2010 20:39:45 | Computer Name = MemS-PC | Source = Disk | ID = 262155
Description = Le pilote a détecté une erreur du contrôleur sur \Device\Harddisk1\DR1.
 
Error - 22/05/2010 20:39:46 | Computer Name = MemS-PC | Source = Disk | ID = 262155
Description = Le pilote a détecté une erreur du contrôleur sur \Device\Harddisk1\DR1.
 
Error - 22/05/2010 20:39:47 | Computer Name = MemS-PC | Source = Disk | ID = 262155
Description = Le pilote a détecté une erreur du contrôleur sur \Device\Harddisk1\DR1.
 
Error - 22/05/2010 20:39:48 | Computer Name = MemS-PC | Source = Disk | ID = 262155
Description = Le pilote a détecté une erreur du contrôleur sur \Device\Harddisk1\DR1.
 
Error - 23/05/2010 04:46:04 | Computer Name = MemS-PC | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 10:40:16 le ?23/?05/?2010 n’était pas
prévu.
 
Error - 23/05/2010 10:42:46 | Computer Name = MemS-PC | Source = Service Control Manager | ID = 7009
Description = Le dépassement de délai (30000 millisecondes) a été atteint lors de
 l’attente de la connexion du service Windows Search.
 
Error - 23/05/2010 10:42:46 | Computer Name = MemS-PC | Source = Service Control Manager | ID = 7000
Description = Le service Windows Search n’a pas pu démarrer en raison de l’erreur :
   %%1053
 
Error - 23/05/2010 11:14:17 | Computer Name = MemS-PC | Source = DCOM | ID = 10010
Description =
 
Error - 24/05/2010 17:03:37 | Computer Name = MemS-PC | Source = DCOM | ID = 10010
Description =
 
Error - 26/05/2010 06:17:40 | Computer Name = MemS-PC | Source = volsnap | ID = 393252
Description = Les clichés instantanés du volume C: ont été annulés car le stockage
 du cliché instantané n’a pas pu s’agrandir en raison d’une limite utilisateur.
 
 
< End of report >
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1519220938-3604924548-360206279-1002\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-040C-1000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2010
"{90140000-0016-040C-1000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2010
"{90140000-0018-040C-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2010
"{90140000-0019-040C-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2010
"{90140000-001A-040C-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2010
"{90140000-001B-040C-1000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2010
"{90140000-001F-0401-1000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2010
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0413-1000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-040C-1000-0000000FF1CE}" = Microsoft Office Proofing (French) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-040C-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (French) 2010
"{90140000-0044-040C-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2010
"{90140000-006E-040C-1000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2010
"{90140000-00A1-040C-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2010
"{90140000-00BA-040C-1000-0000000FF1CE}" = Microsoft Office Groove MUI (French) 2010
"{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}" = ASUS Power4Gear Hybrid
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{CE50C1E2-10AF-400F-A53A-4A3E0AD486B2}" = Windows Live Contrôle parental
"ASUS WebStorage" = ASUS WebStorage
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Elantech" = ETDWare PS/2-x64 7.0.5.10_WHQL
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUS" = Microsoft Office Professionnel Plus 2010
"USB 2.0 VGA UVC WebCam" = USB 2.0 VGA UVC WebCam
"WinRAR archiver" = WinRAR archiver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01523985-2098-43AF-9C97-12B07BE02A9B}" = Windows Live Call
"{059C042E-796A-4ACC-A81A-ECC2010BB78C}" = Windows Live Messenger
"{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{2231CE39-B963-4B9D-823A-F412ECA637B1}" = Windows Live Writer
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3CCB732A-E472-4CF9-B1EE-F18365341FE0}" = Installation Windows Live
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{43563ACB-371B-4C58-8979-B192B390424C}" = Galerie de photos Windows Live
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{63DC2DA0-2A6C-4C38-9249-B75395458657}" = Windows Live Mail
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{67D0313C-4F15-437D-9A2D-C1564088A26A}" = Windows Live Sync
"{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115233673}" = Dream Day Wedding Married in Manhattan
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-1173957}" = Piggly FREE
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117396510}" = Smileyville FREE
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{915809D6-1F93-45F2-9699-5F1DA64DC24B}" = Windows Live Toolbar
"{95120000-0120-040C-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}" = JMicron Ethernet Adapter NDIS Driver
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{9D6D7811-43B3-463C-BC79-5D1755269989}" = Net4Switch
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.3.2 MUI
"{B653A2EC-D816-4498-A4FD-651047AB9DC9}" = Boingo Wi-Fi
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C9991C9B-0783-452E-8954-AB93E2AB3B80}_is1" = Game Park Console
"{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}" = Assistant de connexion Windows Live
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FA2092C5-7979-412D-A962-6485274AE1EE}" = ASUS Data Security Manager
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ashampoo WinOptimizer 6_is1" = Ashampoo WinOptimizer 6.60
"ASUS AP Bank_is1" = ASUS AP Bank
"AVG9Uninstall" = AVG Free 9.0
"Google Chrome" = Google Chrome
"HijackThis" = HijackThis 2.0.2
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"K_Series_ScreenSaver_EN" = K_Series_ScreenSaver_EN
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"NVIDIA.Updatus" = NVIDIA Updatus
"Usbfix" = Usbfix By C_XX & El Desaparecido
"VLC media player" = VLC media player 1.0.5
"WinLiveSuite_Wave3" = Installation Windows Live
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 15/05/2010 15:54:06 | Computer Name = MemS-PC | Source = Google Update | ID = 20
Description =
 
Error - 16/05/2010 19:26:37 | Computer Name = MemS-PC | Source = SideBySide | ID = 16842815
Description = La création du contexte d’activation a échoué pour « c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll ». Erreur dans le fichier
 de manifeste ou de stratégie « c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll » à la ligne 3.  La valeur « MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR »
 de l’attribut « version » de l’élément « assemblyIdentity » n’est pas valide.
 
Error - 16/05/2010 19:29:05 | Computer Name = MemS-PC | Source = SideBySide | ID = 16842811
Description = La création du contexte d’activation a échoué pour « c:\program files
 (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll ».
Erreur dans le fichier de manifeste ou de stratégie « c:\program files (x86)\microsoft\search
 enhancement pack\search helper\sepsearchhelperie.dll » à la ligne 2.  Syntaxe XML
 non valide.
 
Error - 17/05/2010 18:30:55 | Computer Name = MemS-PC | Source = SideBySide | ID = 16842815
Description = La création du contexte d’activation a échoué pour « c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll ». Erreur dans le fichier
 de manifeste ou de stratégie « c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll » à la ligne 3.  La valeur « MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR »
 de l’attribut « version » de l’élément « assemblyIdentity » n’est pas valide.
 
Error - 17/05/2010 18:32:21 | Computer Name = MemS-PC | Source = SideBySide | ID = 16842811
Description = La création du contexte d’activation a échoué pour « c:\program files
 (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll ».
Erreur dans le fichier de manifeste ou de stratégie « c:\program files (x86)\microsoft\search
 enhancement pack\search helper\sepsearchhelperie.dll » à la ligne 2.  Syntaxe XML
 non valide.
 
Error - 18/05/2010 04:29:32 | Computer Name = MemS-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Les services de chiffrement ont échoué lors du traitement de l’appel
 OnIdentity() dans l’objet System Writer.  Details: AddWin32ServiceFiles: Unable to
 back up image of service Trend Micro Unauthorized Change Prevention Service since
 OpenService API failed  System Error: Le service spécifié n’existe pas en tant que
 service installé.  .
 
Error - 21/05/2010 18:37:45 | Computer Name = MemS-PC | Source = SideBySide | ID = 16842815
Description = La création du contexte d’activation a échoué pour « c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll ». Erreur dans le fichier
 de manifeste ou de stratégie « c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll » à la ligne 3.  La valeur « MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR »
 de l’attribut « version » de l’élément « assemblyIdentity » n’est pas valide.
 
Error - 21/05/2010 18:38:26 | Computer Name = MemS-PC | Source = SideBySide | ID = 16842811
Description = La création du contexte d’activation a échoué pour « c:\program files
 (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll ».
Erreur dans le fichier de manifeste ou de stratégie « c:\program files (x86)\microsoft\search
 enhancement pack\search helper\sepsearchhelperie.dll » à la ligne 2.  Syntaxe XML
 non valide.
 
[ System Events ]
Error - 22/05/2010 20:39:45 | Computer Name = MemS-PC | Source = Disk | ID = 262155
Description = Le pilote a détecté une erreur du contrôleur sur \Device\Harddisk1\DR1.
 
Error - 22/05/2010 20:39:46 | Computer Name = MemS-PC | Source = Disk | ID = 262155
Description = Le pilote a détecté une erreur du contrôleur sur \Device\Harddisk1\DR1.
 
Error - 22/05/2010 20:39:47 | Computer Name = MemS-PC | Source = Disk | ID = 262155
Description = Le pilote a détecté une erreur du contrôleur sur \Device\Harddisk1\DR1.
 
Error - 22/05/2010 20:39:48 | Computer Name = MemS-PC | Source = Disk | ID = 262155
Description = Le pilote a détecté une erreur du contrôleur sur \Device\Harddisk1\DR1.
 
Error - 23/05/2010 04:46:04 | Computer Name = MemS-PC | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 10:40:16 le ?23/?05/?2010 n’était pas
prévu.
 
Error - 23/05/2010 10:42:46 | Computer Name = MemS-PC | Source = Service Control Manager | ID = 7009
Description = Le dépassement de délai (30000 millisecondes) a été atteint lors de
 l’attente de la connexion du service Windows Search.
 
Error - 23/05/2010 10:42:46 | Computer Name = MemS-PC | Source = Service Control Manager | ID = 7000
Description = Le service Windows Search n’a pas pu démarrer en raison de l’erreur :
   %%1053
 
Error - 23/05/2010 11:14:17 | Computer Name = MemS-PC | Source = DCOM | ID = 10010
Description =
 
Error - 24/05/2010 17:03:37 | Computer Name = MemS-PC | Source = DCOM | ID = 10010
Description =
 
Error - 26/05/2010 06:17:40 | Computer Name = MemS-PC | Source = volsnap | ID = 393252
Description = Les clichés instantanés du volume C: ont été annulés car le stockage
 du cliché instantané n’a pas pu s’agrandir en raison d’une limite utilisateur.
 
 
< End of report >
Mems
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 11
Inscription: 30 Mai 2010 15:47
 

Re: Infecté par Worm/AuoRun.hc

Message le 30 Mai 2010 22:12

Aussi, j'ai oublié de copier/coller "netsvcs" dans le cadre personnalisation d'OTL. Un petit moment d'inattention lors de la sélection. S'il faut refaire une analyse, préviens moi. En tout cas je te remercie déjà pour ton aide.
Mems
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 11
Inscription: 30 Mai 2010 15:47
 

Re: Infecté par Worm/AuoRun.hc

Message le 30 Mai 2010 22:43

hello,

toujours avec la clef USB branchée...

* Fait un double-clic sur l'icône d'OTL pour le lancer
/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"

* Assure toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case "Rapport minimal" soit cochée.

* Copies et colles le contenue de cette citation dans la partie inférieure d'OTL "Personnalisation"
:Files
C:\ProgramData\Partner
G:\MemS\ISEG\ISEG 2009-2010\negociation commerciale\colloque Etienne Thil Marketing\AUTORUN.INF
G:\MemS\Nouveau dossier (2)\ISEG\ISEG 2009-2010\negociation commerciale\colloque Etienne Thil Marketing\AUTORUN.INF
G:\MemS\Office 2007\AUTORUN.INF



:OTL
SRV - (Partner Service) -- C:\ProgramData\Partner\Partner.exe (Google Inc.)
O2:64bit: - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.)
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 0

:Commands
[emptytemp]


* Cliques sur l'icône "Correction" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan un ou deux rapports vont s'ouvrir "OTL.Txt" et ( ou ) "Extras.Txt"( dans certains cas).
* Copie et colle le ou les rapports dans ta réponse stp...
* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés

ensuite...

  • télécharges >> Malwarebytes <<
  • Installes le et mets le à jours avant le scan
  • Choisis "exécuter un examen rapide" et à la fin du scan , coches tous les éléments trouvés,et cliques sur supprimer la sélection.
  • Postes moi le rapport stp. :wink:

Si tu as besoin, tu as un excellent tuto de Danakil ici
tutoriel-malwarebytes-anti-malware-vt-46564.html

@++
Avatar de l'utilisateur
jeanmimigab
PC-Infopraticien
PC-Infopraticien
 
Messages: 2986
Inscription: 29 Nov 2009 12:05
 

Re: Infecté par Worm/AuoRun.hc

Message le 31 Mai 2010 01:02

Cher docteur, voici le rapport OTL après correction:
Code: Tout sélectionner
All processes killed
========== FILES ==========
C:\ProgramData\Partner folder moved successfully.
G:\MemS\ISEG\ISEG 2009-2010\negociation commerciale\colloque Etienne Thil Marketing\AUTORUN.INF moved successfully.
G:\MemS\Nouveau dossier (2)\ISEG\ISEG 2009-2010\negociation commerciale\colloque Etienne Thil Marketing\AUTORUN.INF moved successfully.
G:\MemS\Office 2007\AUTORUN.INF moved successfully.
========== OTL ==========
Service Partner Service stopped successfully!
Service Partner Service deleted successfully!
File  C:\ProgramData\Partner\Partner.exe  not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}\ deleted successfully.
File C:\ProgramData\Partner\Partner64.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}\ not found.
File C:\ProgramData\Partner\Partner.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoResolveTrack deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Mem'S
->Temp folder emptied: 4549754 bytes
->Temporary Internet Files folder emptied: 40203614 bytes
->FireFox cache emptied: 52841569 bytes
->Flash cache emptied: 2460 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 152660 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50540 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 93,00 mb
 
 
OTL by OldTimer - Version 3.2.5.1 log created on 05312010_005821

Files\Folders moved on Reboot...
C:\Users\Mem'S\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...


Pour ce qui est de malwarebytes, j'ai d'abord effectué un examen rapide mais il n'a trouvé aucun élément infecté. Donc j'ai lancé un examen complet (disque C,D et G=clé usb) et là malwarebytes a trouvé 7 éléments infectés sur C et rien sur G. Toutefois, je pense que c'est normal car ceux sont des éléments provenant d'Usbfix donc je ne les ai pas supprimés.

Ci-dessous les 2 rapports de malawarebytes (rapide+complet)
Code: Tout sélectionner
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 4157

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

31/05/2010 01:08:54
mbam-log-2010-05-31 (01-08-54).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 129456
Temps écoulé: 2 minute(s), 41 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Code: Tout sélectionner
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 4157

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

31/05/2010 01:48:19
mbam-log-2010-05-31 (01-48-19).txt

Type d'examen: Examen complet (C:\|D:\|G:\|)
Elément(s) analysé(s): 224830
Temps écoulé: 33 minute(s), 29 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 7

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\UsbFix\Quarantine\C\explorer.exe.vir (Worm.AutoRun) -> No action taken.
C:\UsbFix\Quarantine\C\Program Files\explorer.exe.vir (Worm.AutoRun) -> No action taken.
C:\UsbFix\Quarantine\C\Program Files\{17350501621331}.exe.vir (Worm.AutoRun) -> No action taken.
C:\UsbFix\Quarantine\C\Windows\BackUp\explorer.exe.vir (Worm.AutoRun) -> No action taken.
C:\UsbFix\Quarantine\G\explorer.exe.vir (Worm.AutoRun) -> No action taken.
C:\UsbFix\Quarantine\G\MemS.exe.vir (Worm.AutoRun) -> No action taken.
C:\UsbFix\Quarantine\G\MemS\.Trashes.exe.vir (Worm.AutoRun) -> No action taken.


Au fait, quel logiciel pour détecter des virus sur un disque amovible? Comment se protéger continuellement? Que me conseillerais tu comme anti virus?
Mems
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 11
Inscription: 30 Mai 2010 15:47
 

Re: Infecté par Worm/AuoRun.hc

Message le 31 Mai 2010 01:27

Euh, j'ai un souci de taille suite aux manip. Malgré que mon PC détecte ma clé usb, je ne peux plus accéder à son contenu (fichier et dossier). En clair quand je double clic ou quand je clic droit/ouvrir c'est écrit "le dossier est vide". ça m'inquiète un peu!! HELP
Mems
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 11
Inscription: 30 Mai 2010 15:47
 

Re: Infecté par Worm/AuoRun.hc

Message le 31 Mai 2010 07:10

Hello,

Il n'y a que des fichier infectieux qui ont étés supprimés de ta clef :-?

essais cela...

débranche et rebranche ta clef USB

ouvre le poste de travail, Clic droit sur l'icône de ta clef USB et choisie "Porpriétésé
onglet "outil" >> clique sur "vérifier maintenant" >> coche les cases "réparer automatiquement...." et "rechercher et tenter....." puis clique sur "Démarrer"

dit moi si en suite tu peux à nouveau l'explorer

@++
Avatar de l'utilisateur
jeanmimigab
PC-Infopraticien
PC-Infopraticien
 
Messages: 2986
Inscription: 29 Nov 2009 12:05
 

Re: Infecté par Worm/AuoRun.hc

Message le 31 Mai 2010 10:48

LOL, en fait le dossier à la racine qui contient tous les autres dossiers et fichiers était caché. Je ne sais pas pourquoi son statut a été modifié mais en tout cas quand j'ai fait afficher les fichiers et dossiers cachés................

Je te remercie pour ton aide précieuse. Y a t-il encore des manip? Dans le cas où j'utilise une clé usb tierce, quel logiciel pour détecter des virus ? Comment se protéger continuellement?
Mems
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 11
Inscription: 30 Mai 2010 15:47
 

Re: Infecté par Worm/AuoRun.hc

Message le 31 Mai 2010 11:00

hello,

en fin de procédure tu auras tous les conseils nécessaire :wink:

mais pour tes clefs USB etc....
si tu en met une nouvelle, tu lance usbfix et tu choisis "vacciné" , cela évitera pas mal de risques..

Il nous reste a désinstaller de manière automatique tous les outils utilisés pour la désinfection...

pour cela...


télécharge >>> ToolsCleaner <<< (de A.Rothstein & dj QUIOU)

fait un double-clique dessus pour lancer le programme

Clique sur Recherche et laisse le scan se terminer (il peut durer une dizaine de minutes au maximum).

une fois la recherche lancée, ne clique pas dans la fenêtre, cela provoquerait un léger bug du programme.

Si toutes fois la mention (ne réponds pas) apparaissait dans le titre de la fenêtre ToolsCleaner, ne t'en occupes pas et laisse quand même le programme terminer son travail

@++
Avatar de l'utilisateur
jeanmimigab
PC-Infopraticien
PC-Infopraticien
 
Messages: 2986
Inscription: 29 Nov 2009 12:05
 

Suivante


Sujets similaires

Message [Résolu] Récupération du dual boot
Bonjour,Pourriez-vous m'aider à remettre le dual boot" sur un pc portable HP modèle G7 1235 SF" qui a Windows 10 et Ubuntu 24.04 que j'ai installé dans " l'espace libre" du disque dur mais au démarrage c'est Ubuntu qui est démarre directement, comment faire ?J'aurai voulu garder ...
Réponses: 13

Message [résolu] Inscris à l'insu de mon plein gré
Bonjour J'ai un souci, qui m'énerve vraiment, ma fille m'a réglé une smart TV, pour que le Chromecast intégré fonctionne elle m'a créé un compte sur google. Presque sur chaque site, j'ai ceci :Sur le site TV loisir, je n'ai pas fait exprès, j'ai cliqué sur ok, au lieu de la croix, ça m'a créé un com ...
Réponses: 3

Message [résolu] Appels indésirables
Bonsoir? J'ai besoin d'aide, je n'en peux plus, mon portable est sur liste rouge, j'ai plusieurs appels par jour, d'un cabinet de santé, "santénéa", ils demandent à parler à ma femme, qui est décédée en octobre 2022, je ne comprends pas le lien entre mon numéro de portable et ma femme. ? J ...
Réponses: 26

Message Partition inutilisée [Résolu]
Bonjour à tous !J'ai encore des lacunes (normal vu mon âge....):Après avoir fait du ménage sur mon disque SSD, il y reste Win 8 et Ubuntu 22.04 plus une partition de 6 Go que je voudrais utiliser pour y stocker des sauvegardes non critiques.Elle est nommée "Lost+found"Je ne peux pas avoir ...
Réponses: 3

Message [résolu] C'est le bazar sur mon bureau
Bonjour Quand je veux héberger une image ou autre chose de mon bureau, j'ai ça, maisquescequecestdoncquetoutcestmachins? Merci
Réponses: 8

Message [RÉSOLU] Vidéos invisibles avec Firefox dans un forum
Bonjour à tous.Je ne sais pas si je suis au bon endroit pour poser ma question; ce sous répertoire me semblait le plus approprié.Je fréquente un forum depuis de nombreuses années et je constate que les vidéos postées dans les messages ne s'affichent plus avec Firefox. Quand je regarde le détail des ...
Réponses: 5


Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 8 invités


.: Nous contacter :: Flux RSS :: Données personnelles :.