Il y a actuellement 241 visiteurs
Dimanche 24 Novembre 2024
accueilactualitésdossierscomparer les prixtélécharger gratuitement vos logicielsoffres d'emploiforum informatique
Connexion
Créer un compte

Problème Security Tool [Résolu]

Un ordinateur qui ralentit, des écrans publicitaires qui apparaissent, des applications qui refusent de démarrer ou encore votre navigateur qui s'obstine à ouvrir une page douteuse sont autant d'éléments qui indiquent que l'intégrité de votre ordinateur est menacée par un virus. Vous trouverez dans ce forum quelques conseils et logiciels pour surfer tranquillement.
Règles du forum
Pour afficher un rapport d'analyse ou un rapport d'infection (HijackThis, OTL, AdwCleaner etc...)‎, veuillez utiliser le système de fichiers joints interne au forum. Seuls les formats les .txt et .log de moins de 1Mo sont acceptés. Pour obtenir de l'aide pour insérer vos fichiers joints, veuillez consulter ce tutoriel

Problème Security Tool [Résolu]

Message le 23 Aoû 2010 23:02

Bonjour,

Je souhaiterais savoir s'il est possible d'enlever ce virus de malheur. Je pense que je l'ai attrapé sur allostreaming pour les films car il est apparu à ce moment là !!! Enfin je sais pas mais là j'ai fait le tour des forums pour lire les aides pour supprimer ce virus mais je n'y arrive pas ca ne marche jamais !

Donc mon système d'exploitation est WINDOWS 7

J'ai essayé tout d'abord de supprimer les fichiers dans application data et desktop mais c'est pas possible

Ensuite j'ai téléchargé les deux logiciels RSIT.exe puis Malwarebyte's mais le fait est que le virus est bien installé et refuse donc le lancement de ces logiciels.

Du coup j'ai essayé la méthode mode sans échec_msconfig et là il m'est impossible de trouver cette ligne avec ces numéros que je dois décocher.


Voilà, je suis dans l'impasse totale et je ne trouve plus de solutions dans les forums de plus la page "security analysis" dans oogle s'affiche maintenant et je peux pas faire la mise à jour.

Je suis complétement perdue et je vous serais reconnaissante si vous pouviez me venir en aide.

Merci d'avance

Claire
clair_ette
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 10
Inscription: 23 Aoû 2010 22:48
 


Re: Problème Security Tool

Message le 23 Aoû 2010 23:29

salut en attendant les pro de la desinfection, telecharges hijackthis et lance le.
postes nous le rapport generé.
Avatar de l'utilisateur
reg35
PC-Infopraticien
PC-Infopraticien
 
Messages: 5816
Inscription: 21 Juin 2009 22:30
Localisation: recherche en cours, veuillez patienter...
 

Re: Problème Security Tool

Message le 24 Aoû 2010 07:17

hello vous deux,

Fais cela stp...

Télécharger Rkill de Grinler sur le bureau,
http://download.bleepingcomputer.com/grinler/rkill.com

Redémarres ton pc en mode sans échec....


Fais un clic droit sur le fichier rkill téléchargé puis choisir "Exécuter en tant qu'administrateur" pour lancer l'outil.

puis re-tentes de lancer malwarebyte, fais le scan....supprimes ce qu'il trouve et postes le rapport :wink:
Avatar de l'utilisateur
jeanmimigab
PC-Infopraticien
PC-Infopraticien
 
Messages: 2986
Inscription: 29 Nov 2009 12:05
 

Re: Problème Security Tool

Message le 24 Aoû 2010 14:41

Bonjour,

Merci pour toutes ces informations. J'ai fait ce que vous m'avez dit en mode sans échec, le virus est toujours présent !!

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

[code]
Version de la base de données: 4052

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

24/08/2010 15:35:27
mbam-log-2010-08-24 (15-35-27).txt

Type d'examen: Examen complet (C:\|)
Elément(s) analysé(s): 260909
Temps écoulé: 39 minute(s), 43 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 7

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ujesocubuworu (Trojan.Agent.U) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Users\Riou Sébastien\Documents\sketch up 5\InstallSketchUpW5.0.232ENA__________\InstallSketchUpW5.0.232ENA__________\ac-sk515.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Riou Sébastien\Downloads\A graver\Autodesk AutoCAD 2010- Keygens only (X-FORCE 32-64bits) [RH]\AAC2010_Keygen-32bits.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Riou Sébastien\Downloads\A graver\Autodesk AutoCAD 2010- Keygens only (X-FORCE 32-64bits) [RH]\AAC2010_Keygen-64bits.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
C:\Users\Riou Sébastien\Downloads\A graver\Nero9426\Keymaker.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Riou Sébastien\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Riou Sébastien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Users\Riou Sébastien\AppData\Local\KBDcap.dll (Trojan.Agent.U) -> Quarantined and deleted successfully.
[code]
clair_ette
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 10
Inscription: 23 Aoû 2010 22:48
 

Re: Problème Security Tool

Message le 24 Aoû 2010 16:49

re,
le virus est toujours présent !!


ho, sans blagues...? :o

Malwarebytes c'était pour dégrossir, ça serait trop facile si il faisait tout :wink:

Fais une sauvegarde des documents important si tu en as sur ce PC.


ensuite....

fais cela en mode normal....(on oublie le mode sans échec)

* Télécharge >> OTL <<sur ton bureau.

* Fait un double-clic sur l'icône d'OTL pour le lancer

Si OTL ne se lance pas, relance Rkill.com et retente le lancement d'OTL

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case "rapport minimal " soit cochée.

* Coches les case situées devant "Tous les utilisateurs", " Recherche LOP" et "Recherche Purity".

* Copier et colle le contenue de cette citation dans la partie inférieure d'OTL "personnalisation"


%systemroot%\system32\drivers\*.sys /lockedfiles
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
tcpip.sys
Sfloppy.sys
Changer.sys
cdrom.sys
disk.sys
ndis.sys
usbscan.sys
usbprint.sys
tdtcp.sys
tdpipe.sys
swmidi.sys
splitter.sys
rdpwd.sys
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
RASACD.SYS
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles


* Cliques sur l'icône "Analyse" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan deux rapports vont s'ouvrir "OTL.Txt" et ( ou ) "Extras.Txt"( réduit dans la barre des taches).
* Copie et colle les rapports dans ta réponse stp...
* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés
Avatar de l'utilisateur
jeanmimigab
PC-Infopraticien
PC-Infopraticien
 
Messages: 2986
Inscription: 29 Nov 2009 12:05
 

Re: Problème Security Tool

Message le 25 Aoû 2010 10:48

Impossible d'ouvrir OTL même en lancant Rkill avant le virus le bloque.

Merci encore d'avance
clair_ette
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 10
Inscription: 23 Aoû 2010 22:48
 

Re: Problème Security Tool

Message le 25 Aoû 2010 15:00

RE,

et si tu essais en mode sans échec...

tu lances RKill et juste après tu relance OTL...

ça fonctionne ou non ?
Avatar de l'utilisateur
jeanmimigab
PC-Infopraticien
PC-Infopraticien
 
Messages: 2986
Inscription: 29 Nov 2009 12:05
 

Re: Problème Security Tool

Message le 25 Aoû 2010 17:17

Oui ca marche sans soucis en mode sans échec !!
clair_ette
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 10
Inscription: 23 Aoû 2010 22:48
 

Re: Problème Security Tool

Message le 25 Aoû 2010 17:19

clair_ette a écrit:Oui ca marche sans soucis en mode sans échec !!


ok, fais le scan et envoie le rapport, on ne verra pas toute la partie active de l'infection, mais on devrait pouvoir la neutraliser :wink:
Avatar de l'utilisateur
jeanmimigab
PC-Infopraticien
PC-Infopraticien
 
Messages: 2986
Inscription: 29 Nov 2009 12:05
 

Message le 25 Aoû 2010 20:24

Code: Tout sélectionner
OTL Extras logfile created on: 25/08/2010 19:09:52 - Run 1
OTL by OldTimer - Version 3.2.10.0     Folder = C:\Users\Riou Sébastien\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 72,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,05 Gb Total Space | 99,92 Gb Free Space | 67,04% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: RIOUSÉBASTIEN
Current User Name: Riou Sébastien
Logged in as Administrator.
 
Current Boot Mode: SafeMode
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Minimal
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Barre d'outils
"{10812DE7-2E57-4740-B226-6B3BE34AF9D7}" = Lexmark Tools for Office
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 20
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{42c0e32e-6685-41f1-b962-61fb3c40ccc0}" = Nero 9 Trial
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{5791B7D3-8B34-4218-9750-6A8E45D0AD32}" = pdfforge Toolbar v1.1.2
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CE08C3C-8FF4-45D9-925E-4F3CE2D7FA7D}" = Adobe Setup
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2a31ae7a5c43ff52d8577782dd34e04" = Adobe Illustrator CS4
"avast5" = avast! Free Antivirus
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Foxit Reader" = Foxit Reader
"Google Chrome" = Google Chrome
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.11)" = Mozilla Firefox (3.5.11)
"Picasa 3" = Picasa 3
"PROPLUS" = Microsoft Office Professional Plus 2007
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"TuneUpMedia" = TuneUp Companion 1.7.1
"VLC media player" = VLC media player 1.0.3
"Vuze_Remote Toolbar" = Vuze Remote Toolbar
"WinRAR archiver" = Logiciel d'archivage WinRAR
 
[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]
 
[HKEY_USERS\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 25/08/2010 06:43:45 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 25/08/2010 06:43:45 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 14274
 
Error - 25/08/2010 06:43:45 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 14274
 
Error - 25/08/2010 06:43:49 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 25/08/2010 06:43:49 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 18283
 
Error - 25/08/2010 06:43:49 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 18283
 
Error - 25/08/2010 06:43:55 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 25/08/2010 06:43:55 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 24149
 
Error - 25/08/2010 06:43:55 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 24149
 
Error - 25/08/2010 12:37:40 | Computer Name = RiouSébastien | Source = Microsoft-Windows-CAPI2 | ID = 512
Description = Le service Services de chiffrement n’a pas pu initialiser l’objet
sauvegarde VSS « System Writer ».  Details: Could not query the status of the EventSystem
 service.  System Error: Un arrêt système est en cours.  .
 
[ OSession Events ]
Error - 31/03/2010 17:47:43 | Computer Name = RiouSébastien | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 104
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 14/04/2010 10:51:33 | Computer Name = RiouSébastien | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 10873
 seconds with 960 seconds of active time.  This session ended with a crash.
 
Error - 29/04/2010 13:19:24 | Computer Name = RiouSébastien | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3312
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 06/05/2010 08:00:01 | Computer Name = RiouSébastien | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4710
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 25/05/2010 14:12:27 | Computer Name = RiouSébastien | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 16:23:42 le ?25/?05/?2010 n’était pas
prévu.
 
Error - 28/05/2010 05:28:56 | Computer Name = RiouSébastien | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 22:49:06 le ?27/?05/?2010 n’était pas
prévu.
 
Error - 28/05/2010 11:50:28 | Computer Name = RiouSébastien | Source = Microsoft-Windows-HAL | ID = 12
Description = Le microprogramme de la plateforme a endommagé la mémoire lors de
la précédente transition d’alimentation du système. Recherchez un microprogramme
 plus récent à utiliser pour votre système.
 
Error - 29/05/2010 04:06:50 | Computer Name = RiouSébastien | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 19:32:49 le ?28/?05/?2010 n’était pas
prévu.
 
Error - 31/05/2010 07:12:44 | Computer Name = RiouSébastien | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 13:03:42 le ?31/?05/?2010 n’était pas
prévu.
 
Error - 01/06/2010 08:02:39 | Computer Name = RiouSébastien | Source = Microsoft-Windows-HAL | ID = 12
Description = Le microprogramme de la plateforme a endommagé la mémoire lors de
la précédente transition d’alimentation du système. Recherchez un microprogramme
 plus récent à utiliser pour votre système.
 
Error - 02/06/2010 14:33:58 | Computer Name = RiouSébastien | Source = Microsoft-Windows-HAL | ID = 12
Description = Le microprogramme de la plateforme a endommagé la mémoire lors de
la précédente transition d’alimentation du système. Recherchez un microprogramme
 plus récent à utiliser pour votre système.
 
Error - 03/06/2010 11:12:01 | Computer Name = RiouSébastien | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 15:57:16 le ?03/?06/?2010 n’était pas
prévu.
 
Error - 04/06/2010 07:42:21 | Computer Name = RiouSébastien | Source = Microsoft-Windows-HAL | ID = 12
Description = Le microprogramme de la plateforme a endommagé la mémoire lors de
la précédente transition d’alimentation du système. Recherchez un microprogramme
 plus récent à utiliser pour votre système.
 
Error - 07/06/2010 04:25:01 | Computer Name = RiouSébastien | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 17:01:20 le ?05/?06/?2010 n’était pas
prévu.
 
 
< End of report >
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Barre d'outils
"{10812DE7-2E57-4740-B226-6B3BE34AF9D7}" = Lexmark Tools for Office
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 20
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{42c0e32e-6685-41f1-b962-61fb3c40ccc0}" = Nero 9 Trial
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{5791B7D3-8B34-4218-9750-6A8E45D0AD32}" = pdfforge Toolbar v1.1.2
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CE08C3C-8FF4-45D9-925E-4F3CE2D7FA7D}" = Adobe Setup
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2a31ae7a5c43ff52d8577782dd34e04" = Adobe Illustrator CS4
"avast5" = avast! Free Antivirus
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Foxit Reader" = Foxit Reader
"Google Chrome" = Google Chrome
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.11)" = Mozilla Firefox (3.5.11)
"Picasa 3" = Picasa 3
"PROPLUS" = Microsoft Office Professional Plus 2007
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"TuneUpMedia" = TuneUp Companion 1.7.1
"VLC media player" = VLC media player 1.0.3
"Vuze_Remote Toolbar" = Vuze Remote Toolbar
"WinRAR archiver" = Logiciel d'archivage WinRAR
 
[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]
 
[HKEY_USERS\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 25/08/2010 06:43:45 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 25/08/2010 06:43:45 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 14274
 
Error - 25/08/2010 06:43:45 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 14274
 
Error - 25/08/2010 06:43:49 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 25/08/2010 06:43:49 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 18283
 
Error - 25/08/2010 06:43:49 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 18283
 
Error - 25/08/2010 06:43:55 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 25/08/2010 06:43:55 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 24149
 
Error - 25/08/2010 06:43:55 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 24149
 
Error - 25/08/2010 12:37:40 | Computer Name = RiouSébastien | Source = Microsoft-Windows-CAPI2 | ID = 512
Description = Le service Services de chiffrement n’a pas pu initialiser l’objet
sauvegarde VSS « System Writer ».  Details: Could not query the status of the EventSystem
 service.  System Error: Un arrêt système est en cours.  .
 
[ OSession Events ]
Error - 31/03/2010 17:47:43 | Computer Name = RiouSébastien | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 104
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 14/04/2010 10:51:33 | Computer Name = RiouSébastien | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 10873
 seconds with 960 seconds of active time.  This session ended with a crash.
 
Error - 29/04/2010 13:19:24 | Computer Name = RiouSébastien | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3312
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 06/05/2010 08:00:01 | Computer Name = RiouSébastien | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4710
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 25/05/2010 14:12:27 | Computer Name = RiouSébastien | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 16:23:42 le ?25/?05/?2010 n’était pas
prévu.
 
Error - 28/05/2010 05:28:56 | Computer Name = RiouSébastien | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 22:49:06 le ?27/?05/?2010 n’était pas
prévu.
 
Error - 28/05/2010 11:50:28 | Computer Name = RiouSébastien | Source = Microsoft-Windows-HAL | ID = 12
Description = Le microprogramme de la plateforme a endommagé la mémoire lors de
la précédente transition d’alimentation du système. Recherchez un microprogramme
 plus récent à utiliser pour votre système.
 
Error - 29/05/2010 04:06:50 | Computer Name = RiouSébastien | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 19:32:49 le ?28/?05/?2010 n’était pas
prévu.
 
Error - 31/05/2010 07:12:44 | Computer Name = RiouSébastien | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 13:03:42 le ?31/?05/?2010 n’était pas
prévu.
 
Error - 01/06/2010 08:02:39 | Computer Name = RiouSébastien | Source = Microsoft-Windows-HAL | ID = 12
Description = Le microprogramme de la plateforme a endommagé la mémoire lors de
la précédente transition d’alimentation du système. Recherchez un microprogramme
 plus récent à utiliser pour votre système.
 
Error - 02/06/2010 14:33:58 | Computer Name = RiouSébastien | Source = Microsoft-Windows-HAL | ID = 12
Description = Le microprogramme de la plateforme a endommagé la mémoire lors de
la précédente transition d’alimentation du système. Recherchez un microprogramme
 plus récent à utiliser pour votre système.
 
Error - 03/06/2010 11:12:01 | Computer Name = RiouSébastien | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 15:57:16 le ?03/?06/?2010 n’était pas
prévu.
 
Error - 04/06/2010 07:42:21 | Computer Name = RiouSébastien | Source = Microsoft-Windows-HAL | ID = 12
Description = Le microprogramme de la plateforme a endommagé la mémoire lors de
la précédente transition d’alimentation du système. Recherchez un microprogramme
 plus récent à utiliser pour votre système.
 
Error - 07/06/2010 04:25:01 | Computer Name = RiouSébastien | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 17:01:20 le ?05/?06/?2010 n’était pas
prévu.
 
 
< End of report >
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Barre d'outils
"{10812DE7-2E57-4740-B226-6B3BE34AF9D7}" = Lexmark Tools for Office
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 20
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{42c0e32e-6685-41f1-b962-61fb3c40ccc0}" = Nero 9 Trial
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{5791B7D3-8B34-4218-9750-6A8E45D0AD32}" = pdfforge Toolbar v1.1.2
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CE08C3C-8FF4-45D9-925E-4F3CE2D7FA7D}" = Adobe Setup
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2a31ae7a5c43ff52d8577782dd34e04" = Adobe Illustrator CS4
"avast5" = avast! Free Antivirus
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Foxit Reader" = Foxit Reader
"Google Chrome" = Google Chrome
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.11)" = Mozilla Firefox (3.5.11)
"Picasa 3" = Picasa 3
"PROPLUS" = Microsoft Office Professional Plus 2007
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"TuneUpMedia" = TuneUp Companion 1.7.1
"VLC media player" = VLC media player 1.0.3
"Vuze_Remote Toolbar" = Vuze Remote Toolbar
"WinRAR archiver" = Logiciel d'archivage WinRAR
 
[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]
 
[HKEY_USERS\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 25/08/2010 06:43:45 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 25/08/2010 06:43:45 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 14274
 
Error - 25/08/2010 06:43:45 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 14274
 
Error - 25/08/2010 06:43:49 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 25/08/2010 06:43:49 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 18283
 
Error - 25/08/2010 06:43:49 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 18283
 
Error - 25/08/2010 06:43:55 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 25/08/2010 06:43:55 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 24149
 
Error - 25/08/2010 06:43:55 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 24149
 
Error - 25/08/2010 12:37:40 | Computer Name = RiouSébastien | Source = Microsoft-Windows-CAPI2 | ID = 512
Description = Le service Services de chiffrement n’a pas pu initialiser l’objet
sauvegarde VSS « System Writer ».  Details: Could not query the status of the EventSystem
 service.  System Error: Un arrêt système est en cours.  .
 
[ OSession Events ]
Error - 31/03/2010 17:47:43 | Computer Name = RiouSébastien | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 104
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 14/04/2010 10:51:33 | Computer Name = RiouSébastien | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 10873
 seconds with 960 seconds of active time.  This session ended with a crash.
 
Error - 29/04/2010 13:19:24 | Computer Name = RiouSébastien | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3312
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 06/05/2010 08:00:01 | Computer Name = RiouSébastien | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4710
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 25/05/2010 14:12:27 | Computer Name = RiouSébastien | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 16:23:42 le ?25/?05/?2010 n’était pas
prévu.
 
Error - 28/05/2010 05:28:56 | Computer Name = RiouSébastien | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 22:49:06 le ?27/?05/?2010 n’était pas
prévu.
 
Error - 28/05/2010 11:50:28 | Computer Name = RiouSébastien | Source = Microsoft-Windows-HAL | ID = 12
Description = Le microprogramme de la plateforme a endommagé la mémoire lors de
la précédente transition d’alimentation du système. Recherchez un microprogramme
 plus récent à utiliser pour votre système.
 
Error - 29/05/2010 04:06:50 | Computer Name = RiouSébastien | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 19:32:49 le ?28/?05/?2010 n’était pas
prévu.
 
Error - 31/05/2010 07:12:44 | Computer Name = RiouSébastien | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 13:03:42 le ?31/?05/?2010 n’était pas
prévu.
 
Error - 01/06/2010 08:02:39 | Computer Name = RiouSébastien | Source = Microsoft-Windows-HAL | ID = 12
Description = Le microprogramme de la plateforme a endommagé la mémoire lors de
la précédente transition d’alimentation du système. Recherchez un microprogramme
 plus récent à utiliser pour votre système.
 
Error - 02/06/2010 14:33:58 | Computer Name = RiouSébastien | Source = Microsoft-Windows-HAL | ID = 12
Description = Le microprogramme de la plateforme a endommagé la mémoire lors de
la précédente transition d’alimentation du système. Recherchez un microprogramme
 plus récent à utiliser pour votre système.
 
Error - 03/06/2010 11:12:01 | Computer Name = RiouSébastien | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 15:57:16 le ?03/?06/?2010 n’était pas
prévu.
 
Error - 04/06/2010 07:42:21 | Computer Name = RiouSébastien | Source = Microsoft-Windows-HAL | ID = 12
Description = Le microprogramme de la plateforme a endommagé la mémoire lors de
la précédente transition d’alimentation du système. Recherchez un microprogramme
 plus récent à utiliser pour votre système.
 
Error - 07/06/2010 04:25:01 | Computer Name = RiouSébastien | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 17:01:20 le ?05/?06/?2010 n’était pas
prévu.
 
 
< End of report >
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Barre d'outils
"{10812DE7-2E57-4740-B226-6B3BE34AF9D7}" = Lexmark Tools for Office
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 20
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{42c0e32e-6685-41f1-b962-61fb3c40ccc0}" = Nero 9 Trial
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{5791B7D3-8B34-4218-9750-6A8E45D0AD32}" = pdfforge Toolbar v1.1.2
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CE08C3C-8FF4-45D9-925E-4F3CE2D7FA7D}" = Adobe Setup
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2a31ae7a5c43ff52d8577782dd34e04" = Adobe Illustrator CS4
"avast5" = avast! Free Antivirus
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Foxit Reader" = Foxit Reader
"Google Chrome" = Google Chrome
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.11)" = Mozilla Firefox (3.5.11)
"Picasa 3" = Picasa 3
"PROPLUS" = Microsoft Office Professional Plus 2007
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"TuneUpMedia" = TuneUp Companion 1.7.1
"VLC media player" = VLC media player 1.0.3
"Vuze_Remote Toolbar" = Vuze Remote Toolbar
"WinRAR archiver" = Logiciel d'archivage WinRAR
 
[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]
 
[HKEY_USERS\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 25/08/2010 06:43:45 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 25/08/2010 06:43:45 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 14274
 
Error - 25/08/2010 06:43:45 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 14274
 
Error - 25/08/2010 06:43:49 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 25/08/2010 06:43:49 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 18283
 
Error - 25/08/2010 06:43:49 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 18283
 
Error - 25/08/2010 06:43:55 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 25/08/2010 06:43:55 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 24149
 
Error - 25/08/2010 06:43:55 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 24149
 
Error - 25/08/2010 12:37:40 | Computer Name = RiouSébastien | Source = Microsoft-Windows-CAPI2 | ID = 512
Description = Le service Services de chiffrement n’a pas pu initialiser l’objet
sauvegarde VSS « System Writer ».  Details: Could not query the status of the EventSystem
 service.  System Error: Un arrêt système est en cours.  .
 
[ OSession Events ]
Error - 31/03/2010 17:47:43 | Computer Name = RiouSébastien | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 104
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 14/04/2010 10:51:33 | Computer Name = RiouSébastien | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 10873
 seconds with 960 seconds of active time.  This session ended with a crash.
 
Error - 29/04/2010 13:19:24 | Computer Name = RiouSébastien | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3312
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 06/05/2010 08:00:01 | Computer Name = RiouSébastien | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4710
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 25/05/2010 14:12:27 | Computer Name = RiouSébastien | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 16:23:42 le ?25/?05/?2010 n’était pas
prévu.
 
Error - 28/05/2010 05:28:56 | Computer Name = RiouSébastien | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 22:49:06 le ?27/?05/?2010 n’était pas
prévu.
 
Error - 28/05/2010 11:50:28 | Computer Name = RiouSébastien | Source = Microsoft-Windows-HAL | ID = 12
Description = Le microprogramme de la plateforme a endommagé la mémoire lors de
la précédente transition d’alimentation du système. Recherchez un microprogramme
 plus récent à utiliser pour votre système.
 
Error - 29/05/2010 04:06:50 | Computer Name = RiouSébastien | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 19:32:49 le ?28/?05/?2010 n’était pas
prévu.
 
Error - 31/05/2010 07:12:44 | Computer Name = RiouSébastien | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 13:03:42 le ?31/?05/?2010 n’était pas
prévu.
 
Error - 01/06/2010 08:02:39 | Computer Name = RiouSébastien | Source = Microsoft-Windows-HAL | ID = 12
Description = Le microprogramme de la plateforme a endommagé la mémoire lors de
la précédente transition d’alimentation du système. Recherchez un microprogramme
 plus récent à utiliser pour votre système.
 
Error - 02/06/2010 14:33:58 | Computer Name = RiouSébastien | Source = Microsoft-Windows-HAL | ID = 12
Description = Le microprogramme de la plateforme a endommagé la mémoire lors de
la précédente transition d’alimentation du système. Recherchez un microprogramme
 plus récent à utiliser pour votre système.
 
Error - 03/06/2010 11:12:01 | Computer Name = RiouSébastien | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 15:57:16 le ?03/?06/?2010 n’était pas
prévu.
 
Error - 04/06/2010 07:42:21 | Computer Name = RiouSébastien | Source = Microsoft-Windows-HAL | ID = 12
Description = Le microprogramme de la plateforme a endommagé la mémoire lors de
la précédente transition d’alimentation du système. Recherchez un microprogramme
 plus récent à utiliser pour votre système.
 
Error - 07/06/2010 04:25:01 | Computer Name = RiouSébastien | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 17:01:20 le ?05/?06/?2010 n’était pas
prévu.
 
 
< End of report >
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Barre d'outils
"{10812DE7-2E57-4740-B226-6B3BE34AF9D7}" = Lexmark Tools for Office
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 20
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{42c0e32e-6685-41f1-b962-61fb3c40ccc0}" = Nero 9 Trial
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{5791B7D3-8B34-4218-9750-6A8E45D0AD32}" = pdfforge Toolbar v1.1.2
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CE08C3C-8FF4-45D9-925E-4F3CE2D7FA7D}" = Adobe Setup
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2a31ae7a5c43ff52d8577782dd34e04" = Adobe Illustrator CS4
"avast5" = avast! Free Antivirus
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Foxit Reader" = Foxit Reader
"Google Chrome" = Google Chrome
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.11)" = Mozilla Firefox (3.5.11)
"Picasa 3" = Picasa 3
"PROPLUS" = Microsoft Office Professional Plus 2007
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"TuneUpMedia" = TuneUp Companion 1.7.1
"VLC media player" = VLC media player 1.0.3
"Vuze_Remote Toolbar" = Vuze Remote Toolbar
"WinRAR archiver" = Logiciel d'archivage WinRAR
 
[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]
 
[HKEY_USERS\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 25/08/2010 06:43:45 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 25/08/2010 06:43:45 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 14274
 
Error - 25/08/2010 06:43:45 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 14274
 
Error - 25/08/2010 06:43:49 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 25/08/2010 06:43:49 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 18283
 
Error - 25/08/2010 06:43:49 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 18283
 
Error - 25/08/2010 06:43:55 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 25/08/2010 06:43:55 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 24149
 
Error - 25/08/2010 06:43:55 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 24149
 
Error - 25/08/2010 12:37:40 | Computer Name = RiouSébastien | Source = Microsoft-Windows-CAPI2 | ID = 512
Description = Le service Services de chiffrement n’a pas pu initialiser l’objet
sauvegarde VSS « System Writer ».  Details: Could not query the status of the EventSystem
 service.  System Error: Un arrêt système est en cours.  .
 
[ OSession Events ]
Error - 31/03/2010 17:47:43 | Computer Name = RiouSébastien | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 104
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 14/04/2010 10:51:33 | Computer Name = RiouSébastien | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 10873
 seconds with 960 seconds of active time.  This session ended with a crash.
 
Error - 29/04/2010 13:19:24 | Computer Name = RiouSébastien | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3312
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 06/05/2010 08:00:01 | Computer Name = RiouSébastien | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4710
 seconds with 0 seconds of active time.  This session ended with a crash.


Rapport divisé, suite :
Code: Tout sélectionner
[ System Events ]
Error - 25/05/2010 14:12:27 | Computer Name = RiouSébastien | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 16:23:42 le ?25/?05/?2010 n’était pas
prévu.
 
Error - 28/05/2010 05:28:56 | Computer Name = RiouSébastien | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 22:49:06 le ?27/?05/?2010 n’était pas
prévu.
 
Error - 28/05/2010 11:50:28 | Computer Name = RiouSébastien | Source = Microsoft-Windows-HAL | ID = 12
Description = Le microprogramme de la plateforme a endommagé la mémoire lors de
la précédente transition d’alimentation du système. Recherchez un microprogramme
 plus récent à utiliser pour votre système.
 
Error - 29/05/2010 04:06:50 | Computer Name = RiouSébastien | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 19:32:49 le ?28/?05/?2010 n’était pas
prévu.
 
Error - 31/05/2010 07:12:44 | Computer Name = RiouSébastien | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 13:03:42 le ?31/?05/?2010 n’était pas
prévu.
 
Error - 01/06/2010 08:02:39 | Computer Name = RiouSébastien | Source = Microsoft-Windows-HAL | ID = 12
Description = Le microprogramme de la plateforme a endommagé la mémoire lors de
la précédente transition d’alimentation du système. Recherchez un microprogramme
 plus récent à utiliser pour votre système.
 
Error - 02/06/2010 14:33:58 | Computer Name = RiouSébastien | Source = Microsoft-Windows-HAL | ID = 12
Description = Le microprogramme de la plateforme a endommagé la mémoire lors de
la précédente transition d’alimentation du système. Recherchez un microprogramme
 plus récent à utiliser pour votre système.
 
Error - 03/06/2010 11:12:01 | Computer Name = RiouSébastien | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 15:57:16 le ?03/?06/?2010 n’était pas
prévu.
 
Error - 04/06/2010 07:42:21 | Computer Name = RiouSébastien | Source = Microsoft-Windows-HAL | ID = 12
Description = Le microprogramme de la plateforme a endommagé la mémoire lors de
la précédente transition d’alimentation du système. Recherchez un microprogramme
 plus récent à utiliser pour votre système.
 
Error - 07/06/2010 04:25:01 | Computer Name = RiouSébastien | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 17:01:20 le ?05/?06/?2010 n’était pas
prévu.
 
 
< End of report >
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Barre d'outils
"{10812DE7-2E57-4740-B226-6B3BE34AF9D7}" = Lexmark Tools for Office
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 20
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{42c0e32e-6685-41f1-b962-61fb3c40ccc0}" = Nero 9 Trial
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{5791B7D3-8B34-4218-9750-6A8E45D0AD32}" = pdfforge Toolbar v1.1.2
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CE08C3C-8FF4-45D9-925E-4F3CE2D7FA7D}" = Adobe Setup
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2a31ae7a5c43ff52d8577782dd34e04" = Adobe Illustrator CS4
"avast5" = avast! Free Antivirus
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Foxit Reader" = Foxit Reader
"Google Chrome" = Google Chrome
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.11)" = Mozilla Firefox (3.5.11)
"Picasa 3" = Picasa 3
"PROPLUS" = Microsoft Office Professional Plus 2007
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"TuneUpMedia" = TuneUp Companion 1.7.1
"VLC media player" = VLC media player 1.0.3
"Vuze_Remote Toolbar" = Vuze Remote Toolbar
"WinRAR archiver" = Logiciel d'archivage WinRAR
 
[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]
 
[HKEY_USERS\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 25/08/2010 06:43:45 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 25/08/2010 06:43:45 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 14274
 
Error - 25/08/2010 06:43:45 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 14274
 
Error - 25/08/2010 06:43:49 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 25/08/2010 06:43:49 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 18283
 
Error - 25/08/2010 06:43:49 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 18283
 
Error - 25/08/2010 06:43:55 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 25/08/2010 06:43:55 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 24149
 
Error - 25/08/2010 06:43:55 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 24149
 
Error - 25/08/2010 12:37:40 | Computer Name = RiouSébastien | Source = Microsoft-Windows-CAPI2 | ID = 512
Description = Le service Services de chiffrement n’a pas pu initialiser l’objet
sauvegarde VSS « System Writer ».  Details: Could not query the status of the EventSystem
 service.  System Error: Un arrêt système est en cours.  .
 
[ OSession Events ]
Error - 31/03/2010 17:47:43 | Computer Name = RiouSébastien | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 104
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 14/04/2010 10:51:33 | Computer Name = RiouSébastien | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 10873
 seconds with 960 seconds of active time.  This session ended with a crash.
 
Error - 29/04/2010 13:19:24 | Computer Name = RiouSébastien | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3312
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 06/05/2010 08:00:01 | Computer Name = RiouSébastien | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4710
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 25/05/2010 14:12:27 | Computer Name = RiouSébastien | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 16:23:42 le ?25/?05/?2010 n’était pas
prévu.
 
Error - 28/05/2010 05:28:56 | Computer Name = RiouSébastien | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 22:49:06 le ?27/?05/?2010 n’était pas
prévu.
 
Error - 28/05/2010 11:50:28 | Computer Name = RiouSébastien | Source = Microsoft-Windows-HAL | ID = 12
Description = Le microprogramme de la plateforme a endommagé la mémoire lors de
la précédente transition d’alimentation du système. Recherchez un microprogramme
 plus récent à utiliser pour votre système.
 
Error - 29/05/2010 04:06:50 | Computer Name = RiouSébastien | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 19:32:49 le ?28/?05/?2010 n’était pas
prévu.
 
Error - 31/05/2010 07:12:44 | Computer Name = RiouSébastien | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 13:03:42 le ?31/?05/?2010 n’était pas
prévu.
 
Error - 01/06/2010 08:02:39 | Computer Name = RiouSébastien | Source = Microsoft-Windows-HAL | ID = 12
Description = Le microprogramme de la plateforme a endommagé la mémoire lors de
la précédente transition d’alimentation du système. Recherchez un microprogramme
 plus récent à utiliser pour votre système.
 
Error - 02/06/2010 14:33:58 | Computer Name = RiouSébastien | Source = Microsoft-Windows-HAL | ID = 12
Description = Le microprogramme de la plateforme a endommagé la mémoire lors de
la précédente transition d’alimentation du système. Recherchez un microprogramme
 plus récent à utiliser pour votre système.
 
Error - 03/06/2010 11:12:01 | Computer Name = RiouSébastien | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 15:57:16 le ?03/?06/?2010 n’était pas
prévu.
 
Error - 04/06/2010 07:42:21 | Computer Name = RiouSébastien | Source = Microsoft-Windows-HAL | ID = 12
Description = Le microprogramme de la plateforme a endommagé la mémoire lors de
la précédente transition d’alimentation du système. Recherchez un microprogramme
 plus récent à utiliser pour votre système.
 
Error - 07/06/2010 04:25:01 | Computer Name = RiouSébastien | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 17:01:20 le ?05/?06/?2010 n’était pas
prévu.
 
 
< End of report >
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Barre d'outils
"{10812DE7-2E57-4740-B226-6B3BE34AF9D7}" = Lexmark Tools for Office
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 20
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{42c0e32e-6685-41f1-b962-61fb3c40ccc0}" = Nero 9 Trial
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{5791B7D3-8B34-4218-9750-6A8E45D0AD32}" = pdfforge Toolbar v1.1.2
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CE08C3C-8FF4-45D9-925E-4F3CE2D7FA7D}" = Adobe Setup
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2a31ae7a5c43ff52d8577782dd34e04" = Adobe Illustrator CS4
"avast5" = avast! Free Antivirus
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Foxit Reader" = Foxit Reader
"Google Chrome" = Google Chrome
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.11)" = Mozilla Firefox (3.5.11)
"Picasa 3" = Picasa 3
"PROPLUS" = Microsoft Office Professional Plus 2007
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"TuneUpMedia" = TuneUp Companion 1.7.1
"VLC media player" = VLC media player 1.0.3
"Vuze_Remote Toolbar" = Vuze Remote Toolbar
"WinRAR archiver" = Logiciel d'archivage WinRAR
 
[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]
 
[HKEY_USERS\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 25/08/2010 06:43:45 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 25/08/2010 06:43:45 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 14274
 
Error - 25/08/2010 06:43:45 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 14274
 
Error - 25/08/2010 06:43:49 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 25/08/2010 06:43:49 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 18283
 
Error - 25/08/2010 06:43:49 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 18283
 
Error - 25/08/2010 06:43:55 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 25/08/2010 06:43:55 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 24149
 
Error - 25/08/2010 06:43:55 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 24149
 
Error - 25/08/2010 12:37:40 | Computer Name = RiouSébastien | Source = Microsoft-Windows-CAPI2 | ID = 512
Description = Le service Services de chiffrement n’a pas pu initialiser l’objet
sauvegarde VSS « System Writer ».  Details: Could not query the status of the EventSystem
 service.  System Error: Un arrêt système est en cours.  .
 
[ OSession Events ]
Error - 31/03/2010 17:47:43 | Computer Name = RiouSébastien | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 104
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 14/04/2010 10:51:33 | Computer Name = RiouSébastien | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 10873
 seconds with 960 seconds of active time.  This session ended with a crash.
 
Error - 29/04/2010 13:19:24 | Computer Name = RiouSébastien | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3312
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 06/05/2010 08:00:01 | Computer Name = RiouSébastien | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4710
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 25/05/2010 14:12:27 | Computer Name = RiouSébastien | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 16:23:42 le ?25/?05/?2010 n’était pas
prévu.
 
Error - 28/05/2010 05:28:56 | Computer Name = RiouSébastien | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 22:49:06 le ?27/?05/?2010 n’était pas
prévu.
 
Error - 28/05/2010 11:50:28 | Computer Name = RiouSébastien | Source = Microsoft-Windows-HAL | ID = 12
Description = Le microprogramme de la plateforme a endommagé la mémoire lors de
la précédente transition d’alimentation du système. Recherchez un microprogramme
 plus récent à utiliser pour votre système.
 
Error - 29/05/2010 04:06:50 | Computer Name = RiouSébastien | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 19:32:49 le ?28/?05/?2010 n’était pas
prévu.
 
Error - 31/05/2010 07:12:44 | Computer Name = RiouSébastien | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 13:03:42 le ?31/?05/?2010 n’était pas
prévu.
 
Error - 01/06/2010 08:02:39 | Computer Name = RiouSébastien | Source = Microsoft-Windows-HAL | ID = 12
Description = Le microprogramme de la plateforme a endommagé la mémoire lors de
la précédente transition d’alimentation du système. Recherchez un microprogramme
 plus récent à utiliser pour votre système.
 
Error - 02/06/2010 14:33:58 | Computer Name = RiouSébastien | Source = Microsoft-Windows-HAL | ID = 12
Description = Le microprogramme de la plateforme a endommagé la mémoire lors de
la précédente transition d’alimentation du système. Recherchez un microprogramme
 plus récent à utiliser pour votre système.
 
Error - 03/06/2010 11:12:01 | Computer Name = RiouSébastien | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 15:57:16 le ?03/?06/?2010 n’était pas
prévu.
 
Error - 04/06/2010 07:42:21 | Computer Name = RiouSébastien | Source = Microsoft-Windows-HAL | ID = 12
Description = Le microprogramme de la plateforme a endommagé la mémoire lors de
la précédente transition d’alimentation du système. Recherchez un microprogramme
 plus récent à utiliser pour votre système.
 
Error - 07/06/2010 04:25:01 | Computer Name = RiouSébastien | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 17:01:20 le ?05/?06/?2010 n’était pas
prévu.
 
 
< End of report >
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Barre d'outils
"{10812DE7-2E57-4740-B226-6B3BE34AF9D7}" = Lexmark Tools for Office
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 20
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{42c0e32e-6685-41f1-b962-61fb3c40ccc0}" = Nero 9 Trial
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{5791B7D3-8B34-4218-9750-6A8E45D0AD32}" = pdfforge Toolbar v1.1.2
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CE08C3C-8FF4-45D9-925E-4F3CE2D7FA7D}" = Adobe Setup
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2a31ae7a5c43ff52d8577782dd34e04" = Adobe Illustrator CS4
"avast5" = avast! Free Antivirus
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Foxit Reader" = Foxit Reader
"Google Chrome" = Google Chrome
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.11)" = Mozilla Firefox (3.5.11)
"Picasa 3" = Picasa 3
"PROPLUS" = Microsoft Office Professional Plus 2007
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"TuneUpMedia" = TuneUp Companion 1.7.1
"VLC media player" = VLC media player 1.0.3
"Vuze_Remote Toolbar" = Vuze Remote Toolbar
"WinRAR archiver" = Logiciel d'archivage WinRAR
 
[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]
 
[HKEY_USERS\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 25/08/2010 06:43:45 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 25/08/2010 06:43:45 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 14274
 
Error - 25/08/2010 06:43:45 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 14274
 
Error - 25/08/2010 06:43:49 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 25/08/2010 06:43:49 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 18283
 
Error - 25/08/2010 06:43:49 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 18283
 
Error - 25/08/2010 06:43:55 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 25/08/2010 06:43:55 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 24149
 
Error - 25/08/2010 06:43:55 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 24149
 
Error - 25/08/2010 12:37:40 | Computer Name = RiouSébastien | Source = Microsoft-Windows-CAPI2 | ID = 512
Description = Le service Services de chiffrement n’a pas pu initialiser l’objet
sauvegarde VSS « System Writer ».  Details: Could not query the status of the EventSystem
 service.  System Error: Un arrêt système est en cours.  .
 
[ OSession Events ]
Error - 31/03/2010 17:47:43 | Computer Name = RiouSébastien | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 104
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 14/04/2010 10:51:33 | Computer Name = RiouSébastien | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 10873
 seconds with 960 seconds of active time.  This session ended with a crash.
 
Error - 29/04/2010 13:19:24 | Computer Name = RiouSébastien | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3312
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 06/05/2010 08:00:01 | Computer Name = RiouSébastien | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4710
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 25/05/2010 14:12:27 | Computer Name = RiouSébastien | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 16:23:42 le ?25/?05/?2010 n’était pas
prévu.
 
Error - 28/05/2010 05:28:56 | Computer Name = RiouSébastien | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 22:49:06 le ?27/?05/?2010 n’était pas
prévu.
 
Error - 28/05/2010 11:50:28 | Computer Name = RiouSébastien | Source = Microsoft-Windows-HAL | ID = 12
Description = Le microprogramme de la plateforme a endommagé la mémoire lors de
la précédente transition d’alimentation du système. Recherchez un microprogramme
 plus récent à utiliser pour votre système.
 
Error - 29/05/2010 04:06:50 | Computer Name = RiouSébastien | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 19:32:49 le ?28/?05/?2010 n’était pas
prévu.
 
Error - 31/05/2010 07:12:44 | Computer Name = RiouSébastien | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 13:03:42 le ?31/?05/?2010 n’était pas
prévu.
 
Error - 01/06/2010 08:02:39 | Computer Name = RiouSébastien | Source = Microsoft-Windows-HAL | ID = 12
Description = Le microprogramme de la plateforme a endommagé la mémoire lors de
la précédente transition d’alimentation du système. Recherchez un microprogramme
 plus récent à utiliser pour votre système.
 
Error - 02/06/2010 14:33:58 | Computer Name = RiouSébastien | Source = Microsoft-Windows-HAL | ID = 12
Description = Le microprogramme de la plateforme a endommagé la mémoire lors de
la précédente transition d’alimentation du système. Recherchez un microprogramme
 plus récent à utiliser pour votre système.
 
Error - 03/06/2010 11:12:01 | Computer Name = RiouSébastien | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 15:57:16 le ?03/?06/?2010 n’était pas
prévu.
 
Error - 04/06/2010 07:42:21 | Computer Name = RiouSébastien | Source = Microsoft-Windows-HAL | ID = 12
Description = Le microprogramme de la plateforme a endommagé la mémoire lors de
la précédente transition d’alimentation du système. Recherchez un microprogramme
 plus récent à utiliser pour votre système.
 
Error - 07/06/2010 04:25:01 | Computer Name = RiouSébastien | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 17:01:20 le ?05/?06/?2010 n’était pas
prévu.
 
 
< End of report >
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Barre d'outils
"{10812DE7-2E57-4740-B226-6B3BE34AF9D7}" = Lexmark Tools for Office
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 20
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{42c0e32e-6685-41f1-b962-61fb3c40ccc0}" = Nero 9 Trial
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{5791B7D3-8B34-4218-9750-6A8E45D0AD32}" = pdfforge Toolbar v1.1.2
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CE08C3C-8FF4-45D9-925E-4F3CE2D7FA7D}" = Adobe Setup
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2a31ae7a5c43ff52d8577782dd34e04" = Adobe Illustrator CS4
"avast5" = avast! Free Antivirus
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Foxit Reader" = Foxit Reader
"Google Chrome" = Google Chrome
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.11)" = Mozilla Firefox (3.5.11)
"Picasa 3" = Picasa 3
"PROPLUS" = Microsoft Office Professional Plus 2007
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"TuneUpMedia" = TuneUp Companion 1.7.1
"VLC media player" = VLC media player 1.0.3
"Vuze_Remote Toolbar" = Vuze Remote Toolbar
"WinRAR archiver" = Logiciel d'archivage WinRAR
 
[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]
 
[HKEY_USERS\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 25/08/2010 06:43:45 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 25/08/2010 06:43:45 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 14274
 
Error - 25/08/2010 06:43:45 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 14274
 
Error - 25/08/2010 06:43:49 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 25/08/2010 06:43:49 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 18283
 
Error - 25/08/2010 06:43:49 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 18283
 
Error - 25/08/2010 06:43:55 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 25/08/2010 06:43:55 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 24149
 
Error - 25/08/2010 06:43:55 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 24149
 
Error - 25/08/2010 12:37:40 | Computer Name = RiouSébastien | Source = Microsoft-Windows-CAPI2 | ID = 512
Description = Le service Services de chiffrement n’a pas pu initialiser l’objet
sauvegarde VSS « System Writer ».  Details: Could not query the status of the EventSystem
 service.  System Error: Un arrêt système est en cours.  .
 
[ OSession Events ]
Error - 31/03/2010 17:47:43 | Computer Name = RiouSébastien | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 104
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 14/04/2010 10:51:33 | Computer Name = RiouSébastien | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 10873
 seconds with 960 seconds of active time.  This session ended with a crash.
 
Error - 29/04/2010 13:19:24 | Computer Name = RiouSébastien | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3312
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 06/05/2010 08:00:01 | Computer Name = RiouSébastien | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4710
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 25/05/2010 14:12:27 | Computer Name = RiouSébastien | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 16:23:42 le ?25/?05/?2010 n’était pas
prévu.
 
Error - 28/05/2010 05:28:56 | Computer Name = RiouSébastien | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 22:49:06 le ?27/?05/?2010 n’était pas
prévu.
 
Error - 28/05/2010 11:50:28 | Computer Name = RiouSébastien | Source = Microsoft-Windows-HAL | ID = 12
Description = Le microprogramme de la plateforme a endommagé la mémoire lors de
la précédente transition d’alimentation du système. Recherchez un microprogramme
 plus récent à utiliser pour votre système.
 
Error - 29/05/2010 04:06:50 | Computer Name = RiouSébastien | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 19:32:49 le ?28/?05/?2010 n’était pas
prévu.
 
Error - 31/05/2010 07:12:44 | Computer Name = RiouSébastien | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 13:03:42 le ?31/?05/?2010 n’était pas
prévu.
 
Error - 01/06/2010 08:02:39 | Computer Name = RiouSébastien | Source = Microsoft-Windows-HAL | ID = 12
Description = Le microprogramme de la plateforme a endommagé la mémoire lors de
la précédente transition d’alimentation du système. Recherchez un microprogramme
 plus récent à utiliser pour votre système.
 
Error - 02/06/2010 14:33:58 | Computer Name = RiouSébastien | Source = Microsoft-Windows-HAL | ID = 12
Description = Le microprogramme de la plateforme a endommagé la mémoire lors de
la précédente transition d’alimentation du système. Recherchez un microprogramme
 plus récent à utiliser pour votre système.
 
Error - 03/06/2010 11:12:01 | Computer Name = RiouSébastien | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 15:57:16 le ?03/?06/?2010 n’était pas
prévu.
 
Error - 04/06/2010 07:42:21 | Computer Name = RiouSébastien | Source = Microsoft-Windows-HAL | ID = 12
Description = Le microprogramme de la plateforme a endommagé la mémoire lors de
la précédente transition d’alimentation du système. Recherchez un microprogramme
 plus récent à utiliser pour votre système.
 
Error - 07/06/2010 04:25:01 | Computer Name = RiouSébastien | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 17:01:20 le ?05/?06/?2010 n’était pas
prévu.
 
 
< End of report >
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Barre d'outils
"{10812DE7-2E57-4740-B226-6B3BE34AF9D7}" = Lexmark Tools for Office
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 20
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{42c0e32e-6685-41f1-b962-61fb3c40ccc0}" = Nero 9 Trial
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{5791B7D3-8B34-4218-9750-6A8E45D0AD32}" = pdfforge Toolbar v1.1.2
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CE08C3C-8FF4-45D9-925E-4F3CE2D7FA7D}" = Adobe Setup
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2a31ae7a5c43ff52d8577782dd34e04" = Adobe Illustrator CS4
"avast5" = avast! Free Antivirus
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Foxit Reader" = Foxit Reader
"Google Chrome" = Google Chrome
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.11)" = Mozilla Firefox (3.5.11)
"Picasa 3" = Picasa 3
"PROPLUS" = Microsoft Office Professional Plus 2007
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"TuneUpMedia" = TuneUp Companion 1.7.1
"VLC media player" = VLC media player 1.0.3
"Vuze_Remote Toolbar" = Vuze Remote Toolbar
"WinRAR archiver" = Logiciel d'archivage WinRAR
 
[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]
 
[HKEY_USERS\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 25/08/2010 06:43:45 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 25/08/2010 06:43:45 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 14274
 
Error - 25/08/2010 06:43:45 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 14274
 
Error - 25/08/2010 06:43:49 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 25/08/2010 06:43:49 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 18283
 
Error - 25/08/2010 06:43:49 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 18283
 
Error - 25/08/2010 06:43:55 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 25/08/2010 06:43:55 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 24149
 
Error - 25/08/2010 06:43:55 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 24149
 
Error - 25/08/2010 12:37:40 | Computer Name = RiouSébastien | Source = Microsoft-Windows-CAPI2 | ID = 512
Description = Le service Services de chiffrement n’a pas pu initialiser l’objet
sauvegarde VSS « System Writer ».  Details: Could not query the status of the EventSystem
 service.  System Error: Un arrêt système est en cours.  .
 
[ OSession Events ]
Error - 31/03/2010 17:47:43 | Computer Name = RiouSébastien | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 104
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 14/04/2010 10:51:33 | Computer Name = RiouSébastien | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 10873
 seconds with 960 seconds of active time.  This session ended with a crash.
 
Error - 29/04/2010 13:19:24 | Computer Name = RiouSébastien | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3312
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 06/05/2010 08:00:01 | Computer Name = RiouSébastien | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4710
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 25/05/2010 14:12:27 | Computer Name = RiouSébastien | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 16:23:42 le ?25/?05/?2010 n’était pas
prévu.
 
Error - 28/05/2010 05:28:56 | Computer Name = RiouSébastien | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 22:49:06 le ?27/?05/?2010 n’était pas
prévu.
 
Error - 28/05/2010 11:50:28 | Computer Name = RiouSébastien | Source = Microsoft-Windows-HAL | ID = 12
Description = Le microprogramme de la plateforme a endommagé la mémoire lors de
la précédente transition d’alimentation du système. Recherchez un microprogramme
 plus récent à utiliser pour votre système.
 
Error - 29/05/2010 04:06:50 | Computer Name = RiouSébastien | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 19:32:49 le ?28/?05/?2010 n’était pas
prévu.
 
Error - 31/05/2010 07:12:44 | Computer Name = RiouSébastien | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 13:03:42 le ?31/?05/?2010 n’était pas
prévu.
 
Error - 01/06/2010 08:02:39 | Computer Name = RiouSébastien | Source = Microsoft-Windows-HAL | ID = 12
Description = Le microprogramme de la plateforme a endommagé la mémoire lors de
la précédente transition d’alimentation du système. Recherchez un microprogramme
 plus récent à utiliser pour votre système.
 
Error - 02/06/2010 14:33:58 | Computer Name = RiouSébastien | Source = Microsoft-Windows-HAL | ID = 12
Description = Le microprogramme de la plateforme a endommagé la mémoire lors de
la précédente transition d’alimentation du système. Recherchez un microprogramme
 plus récent à utiliser pour votre système.
 
Error - 03/06/2010 11:12:01 | Computer Name = RiouSébastien | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 15:57:16 le ?03/?06/?2010 n’était pas
prévu.
 
Error - 04/06/2010 07:42:21 | Computer Name = RiouSébastien | Source = Microsoft-Windows-HAL | ID = 12
Description = Le microprogramme de la plateforme a endommagé la mémoire lors de
la précédente transition d’alimentation du système. Recherchez un microprogramme
 plus récent à utiliser pour votre système.
 
Error - 07/06/2010 04:25:01 | Computer Name = RiouSébastien | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 17:01:20 le ?05/?06/?2010 n’était pas
prévu.
 
 
< End of report >


Code: Tout sélectionner
OTL logfile created on: 25/08/2010 19:09:52 - Run 1
OTL by OldTimer - Version 3.2.10.0     Folder = C:\Users\Riou Sébastien\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 72,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,05 Gb Total Space | 99,92 Gb Free Space | 67,04% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: RIOUSÉBASTIEN
Current User Name: Riou Sébastien
Logged in as Administrator.
 
Current Boot Mode: SafeMode
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Minimal


Merci d'avance.

EDIT Skynet : erreur dans les balises [code], c'est corrigé ;).
clair_ette
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 10
Inscription: 23 Aoû 2010 22:48
 

Re: Problème Security Tool

Message le 25 Aoû 2010 20:56

Oulala !! Il y a du boulot la dedans :o

Bon Travaille et bonne chance Jeanmimi :D
Avatar de l'utilisateur
Del-crosseur
Expert(e)
Expert(e)
 
Messages: 1833
Inscription: 08 Juin 2009 06:46
Localisation: Nord-(59)
 

Re: Problème Security Tool

Message le 25 Aoû 2010 21:24

Arrrgh!!Punaise de punaise. En voulant "compacter" ton rapport ...
...La honte sur moi je l'ai scratché... :oops: Désolé!!

Edit AtOM:Et bien non, c'est le Cyborg qui était en train de le traiter...

Sauvé !! Merci Skynet !!
Avatar de l'utilisateur
Ask to Old Man
Moderateur
Moderateur
 
Messages: 19970
Inscription: 14 Mar 2004 10:06
Localisation: Argenteuil,Val d'Oise
 

Re: Problème Security Tool

Message le 25 Aoû 2010 21:28

hello,

pour le rapport extrat.txt c'est OK, il est complet

par contre le rapport OTL.txt n'est pas complet, il y a juste l'entête, peux tu me le re-poster stp.... :wink:

@++
Avatar de l'utilisateur
jeanmimigab
PC-Infopraticien
PC-Infopraticien
 
Messages: 2986
Inscription: 29 Nov 2009 12:05
 

Message le 25 Aoû 2010 21:37

De rien AtOM ;), et voici un autre rapport trop long qui ne passait pas :

Code: Tout sélectionner
OTL logfile created on: 25/08/2010 19:09:52 - Run 1
    OTL by OldTimer - Version 3.2.10.0     Folder = C:\Users\Riou Sébastien\Desktop
    64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

    2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 72,00% Memory free
    4,00 Gb Paging File | 3,00 Gb Available in Paging File | 87,00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 149,05 Gb Total Space | 99,92 Gb Free Space | 67,04% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: RIOUSÉBASTIEN
    Current User Name: Riou Sébastien
    Logged in as Administrator.

    Current Boot Mode: SafeMode
    Scan Mode: All users
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 7 Days
    Output = Minimal

[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - C:\Users\Riou Sébastien\Desktop\OTL.exe (OldTimer Tools)
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - C:\Users\Riou Sébastien\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\wpdshext.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\GdiPlus.dll (Microsoft Corporation)
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (Application Updater) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (lxed_device) -- C:\Windows\SysWow64\lxedcoms.exe ( )
SRV - (MDM) -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.)
 
 
[color=#E56717]========== Standard Registry (All) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
 
IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
 
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2297721
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2E AA C4 DE F3 87 CA 01  [binary data]
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "Google Powered Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:7.1.20100723W
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:1.1.2
FF - prefs.js..extensions.enabledItems: radiobar@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.11
FF - prefs.js..keyword.URL: "http://fr.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=302398&p="
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/07/23 20:16:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/07/23 20:16:45 | 000,000,000 | ---D | M]
 
[2010/01/03 16:00:19 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\mozilla\Extensions
[2010/01/03 16:00:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Riou Sébastien\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/08/23 16:00:30 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\mozilla\Firefox\Profiles\xbzwzwe7.default\extensions
[2010/08/03 14:11:49 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Riou Sébastien\AppData\Roaming\mozilla\Firefox\Profiles\xbzwzwe7.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/08/19 12:51:10 | 000,000,000 | ---D | M] (Vuze Remote Toolbar) -- C:\Users\Riou Sébastien\AppData\Roaming\mozilla\Firefox\Profiles\xbzwzwe7.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2010/07/22 18:16:44 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\mozilla\Firefox\Profiles\xbzwzwe7.default\extensions\radiobar@toolbar
[2010/08/19 12:54:16 | 000,000,911 | ---- | M] () -- C:\Users\Riou Sébastien\AppData\Roaming\Mozilla\FireFox\Profiles\xbzwzwe7.default\searchplugins\conduit.xml
[2010/06/30 23:03:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/07/22 18:16:38 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/06/30 23:03:10 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/01/08 12:39:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010/05/25 08:38:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/07/22 18:16:37 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browserdirprovider.dll
[2010/07/22 18:16:37 | 000,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\brwsrcmp.dll
[2007/04/10 18:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/12 17:59:34 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2010/07/22 18:16:37 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll
[2010/07/23 20:16:44 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
[2010/07/23 20:16:44 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
[2010/07/23 20:16:45 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
[2010/07/23 20:16:45 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
[2010/07/23 20:16:45 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
[2010/07/23 20:16:45 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
[2010/07/23 20:16:45 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
[2010/04/07 19:33:01 | 000,001,516 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/04/07 19:33:01 | 000,001,822 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/04/07 19:33:01 | 000,000,757 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/04/07 19:33:01 | 000,002,371 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google.xml
[2010/04/07 19:33:01 | 000,001,426 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/04/07 19:33:01 | 000,000,652 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-france.xml
[2010/04/26 14:17:59 | 000,000,811 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo.xml
 
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Lexmark Barre d'outils) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Lexmark Barre d'outils) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\..\Toolbar\WebBrowser: (Lexmark Barre d'outils) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000..\Run: [Metropolis] C:\Users\RIOUSB~1\AppData\Local\Temp\sshnas21.DLL File not found
O4 - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000..\Run: [XBV6RD5SZF] C:\Users\Riou Sébastien\AppData\Local\Temp\Ul1.exe (ApexDC++ Development Team)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000..\RunOnce: [43278680] C:\Users\Riou Sébastien\AppData\Local\43278680.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1ea19335-078e-11df-b2f0-001a6b7622c5}\Shell - "" = AutoRun
O33 - MountPoints2\{1ea19335-078e-11df-b2f0-001a6b7622c5}\Shell\AutoRun\command - "" = F:\WD SmartWare.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 7 Days ==========[/color]
 
[2010/08/25 19:02:52 | 001,291,340 | -H-- | C] () -- C:\Users\Riou Sébastien\AppData\Local\IconCache.db
[2010/08/25 11:33:10 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Riou Sébastien\Desktop\OTL.exe
[2010/08/25 11:15:19 | 000,194,560 | ---- | C] (ApexDC++ Development Team) -- C:\Windows\Umuzaf.exe
[2010/08/24 15:37:19 | 000,194,560 | ---- | C] (ApexDC++ Development Team) -- C:\Windows\Umuzae.exe
[2010/08/24 14:54:21 | 000,000,000 | ---D | C] -- C:\Users\Riou Sébastien\AppData\Roaming\Malwarebytes
[2010/08/24 14:54:15 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/08/24 14:54:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/08/24 14:54:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/08/24 14:27:36 | 000,194,560 | ---- | C] (ApexDC++ Development Team) -- C:\Windows\Umuzad.exe
[2010/08/23 23:39:54 | 000,000,000 | ---D | C] -- C:\ProgramData\3ef1bc1
[2010/08/23 23:38:12 | 000,194,560 | ---- | C] (ApexDC++ Development Team) -- C:\Windows\Umuzac.exe
[2010/08/23 23:10:15 | 000,194,560 | ---- | C] (ApexDC++ Development Team) -- C:\Windows\Umuzab.exe
[2010/08/23 22:54:16 | 000,194,560 | ---- | C] (ApexDC++ Development Team) -- C:\Windows\Umuzaa.exe
[2010/08/23 18:49:42 | 001,084,416 | ---- | C] () -- C:\Users\Riou Sébastien\AppData\Local\43278680.exe
[2010/08/19 12:52:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUpMedia
[2010/08/19 12:52:48 | 000,000,000 | ---D | C] -- C:\Users\Riou Sébastien\AppData\Roaming\TuneUpMedia
[2010/08/19 12:52:45 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUpMedia
[2010/08/19 12:52:43 | 000,000,000 | ---D | C] -- C:\Users\Riou Sébastien\Documents\Vuze Downloads
[2010/08/19 12:51:49 | 000,000,000 | ---D | C] -- C:\Users\Riou Sébastien\AppData\Roaming\Azureus
[2010/08/19 12:51:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vuze
[2010/08/19 12:51:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2010/08/19 12:51:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vuze_Remote
[2010/06/30 23:09:40 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/04/05 12:28:59 | 000,028,130 | ---- | C] () -- C:\ProgramData\lxedJSW.log
[2010/04/05 12:28:38 | 000,000,252 | ---- | C] () -- C:\ProgramData\FastPics.log
[2010/04/05 12:20:00 | 000,000,077 | ---- | C] () -- C:\ProgramData\lxed.log
[2010/04/05 12:08:12 | 000,033,570 | ---- | C] () -- C:\ProgramData\lxedscan.log
[2010/04/05 12:06:38 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedinpa.dll
[2010/04/05 12:06:38 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lxediesc.dll
[2010/04/05 12:06:37 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedserv.dll
[2010/04/05 12:06:37 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedusb1.dll
[2010/04/05 12:06:37 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedcomc.dll
[2010/04/05 12:06:37 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedhbn3.dll
[2010/04/05 12:06:37 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedpmui.dll
[2010/04/05 12:06:37 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedlmpm.dll
[2010/04/05 12:06:37 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedcomm.dll
[2010/04/05 12:01:34 | 000,000,000 | ---- | C] () -- C:\ProgramData\cmn_upld.log
[2010/04/05 12:01:33 | 000,000,000 | ---- | C] () -- C:\ProgramData\LxWbGwLog.log
[2010/04/05 12:01:19 | 000,000,000 | ---- | C] () -- C:\ProgramData\UpdaterLog.txt
[2009/12/28 19:14:55 | 000,141,248 | ---- | C] () -- C:\Users\Riou Sébastien\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/07/14 06:54:24 | 000,000,174 | -HS- | C] () -- C:\Program Files (x86)\desktop.ini
[1 C:\Users\Riou Sébastien\Desktop\*.tmp files -> C:\Users\Riou Sébastien\Desktop\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 7 Days ==========[/color]
 
[2010/08/25 19:04:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/25 19:03:47 | 1609,134,080 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/25 19:03:10 | 003,932,160 | -HS- | M] () -- C:\Users\Riou Sébastien\ntuser.dat
[2010/08/25 19:02:52 | 001,291,340 | -H-- | M] () -- C:\Users\Riou Sébastien\AppData\Local\IconCache.db
[2010/08/25 19:01:08 | 000,000,322 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/08/25 18:58:20 | 000,001,078 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/25 18:58:15 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/25 18:42:04 | 000,000,216 | -H-- | M] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2010/08/25 18:14:07 | 000,001,082 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/25 11:33:16 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Riou Sébastien\Desktop\OTL.exe
[2010/08/24 14:54:17 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/24 14:32:05 | 000,363,520 | ---- | M] () -- C:\Users\Riou Sébastien\Desktop\rkill.com
[2010/08/23 18:49:42 | 001,084,416 | ---- | M] () -- C:\Users\Riou Sébastien\AppData\Local\43278680.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzaf.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzae.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzad.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzac.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzab.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzaa.exe
[2010/08/19 12:51:34 | 000,001,852 | ---- | M] () -- C:\Users\Riou Sébastien\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2010/08/19 12:51:34 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[1 C:\Users\Riou Sébastien\Desktop\*.tmp files -> C:\Users\Riou Sébastien\Desktop\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2010/08/24 14:54:17 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/24 14:32:03 | 000,363,520 | ---- | C] () -- C:\Users\Riou Sébastien\Desktop\rkill.com
[2010/08/23 18:48:29 | 000,000,322 | -H-- | C] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/08/23 18:48:22 | 000,000,216 | -H-- | C] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2010/08/19 12:51:34 | 000,001,852 | ---- | C] () -- C:\Users\Riou Sébastien\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2010/08/19 12:51:34 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\Vuze.lnk
[2010/04/05 12:06:38 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxedcomx.dll
[2010/04/05 12:06:38 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\LXEDinst.dll
[2010/04/05 12:06:38 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\lxedinsr.dll
[2010/04/05 12:06:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxedjswr.dll
[2010/04/05 12:06:38 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxedcur.dll
[2010/04/05 12:06:37 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxedins.dll
[2010/04/05 12:06:37 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxedinsb.dll
[2010/04/05 12:06:37 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxedcu.dll
[2010/04/05 12:06:37 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxedcub.dll
[2010/04/05 12:01:04 | 000,024,064 | ---- | C] () -- C:\Windows\SysWow64\LXEDsmr.dll
[2010/04/05 12:01:03 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\LXEDsm.dll
[2009/12/27 18:03:45 | 001,503,232 | ---- | C] () -- C:\Windows\SysWow64\nView.dll
[2009/12/27 18:03:45 | 001,101,824 | ---- | C] () -- C:\Windows\SysWow64\nvwimg.dll
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2010/01/14 16:42:01 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\ArchiFacile
[2010/02/01 13:15:18 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Autodesk
[2010/08/19 13:12:10 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Azureus
[2010/08/19 12:48:45 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\BitTorrent
[2009/12/28 19:48:31 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\DAEMON Tools Lite
[2010/01/12 17:59:49 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Foxit
[2010/05/25 10:24:53 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Foxit Software
[2010/05/28 17:47:07 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\PDF Software
[2010/01/11 12:33:47 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Peace Craft
[2010/08/20 15:15:29 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\TuneUpMedia
[2010/07/05 12:13:54 | 000,032,496 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/08/25 19:01:08 | 000,000,322 | -H-- | M] () -- C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/08/25 18:42:04 | 000,000,216 | -H-- | M] () -- C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Custom Scans ==========[/color]
 
 
[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]
 
[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*. >[/color]
 
[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.exe /s >[/color]
 
[color=#A23BEC]< %APPDATA%\*. >[/color]
[2010/05/26 22:41:06 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Adobe
[2010/02/23 21:31:20 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Apple Computer
[2010/01/14 16:42:01 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\ArchiFacile
[2010/02/01 13:15:18 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Autodesk
[2010/08/19 13:12:10 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Azureus
[2010/08/19 12:48:45 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\BitTorrent
[2009/12/28 19:48:31 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\DAEMON Tools Lite
[2010/08/19 13:12:48 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\dvdcss
[2010/01/12 17:59:49 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Foxit
[2010/05/25 10:24:53 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Foxit Software
[2010/01/13 15:38:22 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Google
[2010/07/08 11:34:11 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Identities
[2010/01/03 16:18:29 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Macromedia
[2010/08/24 14:54:21 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Malwarebytes
[2009/07/14 17:35:05 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Media Center Programs
[2010/04/28 15:23:33 | 000,000,000 | --SD | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Microsoft
[2010/08/20 15:15:03 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Mozilla
[2009/12/28 20:25:42 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Nero
[2010/05/28 17:47:07 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\PDF Software
[2010/01/11 12:33:47 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Peace Craft
[2010/08/15 20:15:10 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Skype
[2010/08/15 20:02:13 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\skypePM
[2010/08/20 15:15:29 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\TuneUpMedia
[2010/08/20 15:18:57 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\vlc
[2010/01/01 13:10:28 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\WinRAR
 
[color=#A23BEC]< %APPDATA%\*.exe /s >[/color]
[2010/08/19 13:07:44 | 004,177,856 | ---- | M] () -- C:\Users\Riou Sébastien\AppData\Roaming\Azureus\plugins\azemp\vuzeplayer.exe
[2010/08/19 12:52:21 | 000,310,208 | ---- | M] (Georgia Institute of Technology) -- C:\Users\Riou Sébastien\AppData\Roaming\Azureus\plugins\mlab\ShaperProbeC.exe
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
 
 
[color=#A23BEC]< MD5 for: AGP440.SYS  >[/color]
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
 
[color=#A23BEC]< MD5 for: ATAPI.SYS  >[/color]
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
 
[color=#A23BEC]< MD5 for: CDROM.SYS  >[/color]
[2009/07/14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysWow64\DriverStore\FileRepository\cdrom.inf_amd64_neutral_8363d00ecae4322d\cdrom.sys
[2009/07/14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys
 
[color=#A23BEC]< MD5 for: CNGAUDIT.DLL  >[/color]
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
[color=#A23BEC]< MD5 for: DISK.SYS  >[/color]
[2009/07/14 03:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysWow64\DriverStore\FileRepository\disk.inf_amd64_neutral_10ce25bbc5a9cc43\disk.sys
[2009/07/14 03:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_55bb738b8ddd8a01\disk.sys
 
[color=#A23BEC]< MD5 for: IASTORV.SYS  >[/color]
[2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
[color=#A23BEC]< MD5 for: NDIS.SYS  >[/color]
[2009/07/14 03:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys
 
[color=#A23BEC]< MD5 for: NETLOGON.DLL  >[/color]
[2009/07/14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
[color=#A23BEC]< MD5 for: NVSTOR.SYS  >[/color]
[2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
 
[color=#A23BEC]< MD5 for: RASACD.SYS  >[/color]
[2009/07/14 02:10:09 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=5A0DA8AD5762FA2D91678A8A01311704 -- C:\Windows\winsxs\amd64_microsoft-windows-rasautodial_31bf3856ad364e35_6.1.7600.16385_none_6bcef05d7f04260a\rasacd.sys
 
[color=#A23BEC]< MD5 for: RDPWD.SYS  >[/color]
[2009/07/14 02:16:48 | 000,204,800 | ---- | M] (Microsoft Corporation) MD5=8A3E6BEA1C53EA6177FE2B6EBA2C80D7 -- C:\Windows\winsxs\amd64_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7600.16385_none_a76a79eeeeb38f01\rdpwd.sys
 
[color=#A23BEC]< MD5 for: SCECLI.DLL  >[/color]
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
 
[color=#A23BEC]< MD5 for: SFLOPPY.SYS  >[/color]
[2009/07/14 02:01:02 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=A9D601643A1647211A1EE2EC4E433FF4 -- C:\Windows\SysWow64\DriverStore\FileRepository\flpydisk.inf_amd64_neutral_f54222cc59267e1e\sfloppy.sys
[2009/07/14 02:01:02 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=A9D601643A1647211A1EE2EC4E433FF4 -- C:\Windows\winsxs\amd64_flpydisk.inf_31bf3856ad364e35_6.1.7600.16385_none_42ff01d4942cc5ea\sfloppy.sys
 
[color=#A23BEC]< MD5 for: TCPIP.SYS  >[/color]
[2010/06/14 08:39:16 | 001,889,152 | ---- | M] (Microsoft Corporation) MD5=542C6767C68C9D6AAACA59436B0D15C2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079\tcpip.sys
[2010/06/14 08:37:36 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59b7ad7fe2fcc8\tcpip.sys
[2009/07/14 03:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
 
[color=#A23BEC]< MD5 for: TDPIPE.SYS  >[/color]
[2009/07/14 02:16:32 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=3371D21011695B16333A3934340C4E7C -- C:\Windows\winsxs\amd64_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.1.7600.16385_none_37a129135e68497e\tdpipe.sys
 
[color=#A23BEC]< MD5 for: TDTCP.SYS  >[/color]
[2009/07/14 02:16:32 | 000,023,552 | ---- | M] (Microsoft Corporation) MD5=E4245BDA3190A582D55ED09E137401A9 -- C:\Windows\winsxs\amd64_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.1.7600.16385_none_37a129135e68497e\tdtcp.sys
 
[color=#A23BEC]< MD5 for: USBPRINT.SYS  >[/color]
[2009/07/14 02:38:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=73188F58FB384E75C4063D29413CEE3D -- C:\Windows\SysWow64\DriverStore\FileRepository\usbprint.inf_amd64_neutral_54948be2bc4bcdd1\usbprint.sys
[2009/07/14 02:38:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=73188F58FB384E75C4063D29413CEE3D -- C:\Windows\winsxs\amd64_usbprint.inf_31bf3856ad364e35_6.1.7600.16385_none_8eeeb411db1b01c5\usbprint.sys
 
[color=#A23BEC]< MD5 for: USBSCAN.SYS  >[/color]
[2009/07/14 02:35:32 | 000,041,984 | ---- | M] (Microsoft Corporation) MD5=AAA2513C8AED8B54B189FD0C6B1634C0 -- C:\Windows\SysWow64\DriverStore\FileRepository\sti.inf_amd64_neutral_9d9a7113099a28a2\usbscan.sys
[2009/07/14 02:35:32 | 000,041,984 | ---- | M] (Microsoft Corporation) MD5=AAA2513C8AED8B54B189FD0C6B1634C0 -- C:\Windows\winsxs\amd64_sti.inf_31bf3856ad364e35_6.1.7600.16385_none_b5d3c30ffa77a77a\usbscan.sys
 
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
 
[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
 
[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles  >[/color]
< End of report >
 
[color=#A23BEC]< MD5 for: [2009/07/14 01:19:54 | 000,147,456 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2009/07/14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\DriverStore\FileRepository\cdrom.inf_amd64_neutral_8363d00ecae4322d\cdrom.sys
[2009/07/14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys
 
[color=#A23BEC]< MD5 for: [2009/07/14 02:01:02 | 000,016,896 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2009/07/14 02:01:02 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\DriverStore\FileRepository\flpydisk.inf_amd64_neutral_f54222cc59267e1e\sfloppy.sys
[2009/07/14 02:01:02 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\amd64_flpydisk.inf_31bf3856ad364e35_6.1.7600.16385_none_42ff01d4942cc5ea\sfloppy.sys
 
[color=#A23BEC]< MD5 for: [2009/07/14 02:10:09 | 000,014,848 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2009/07/14 02:10:09 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\amd64_microsoft-windows-rasautodial_31bf3856ad364e35_6.1.7600.16385_none_6bcef05d7f04260a\rasacd.sys
 
[color=#A23BEC]< MD5 for: [2009/07/14 02:16:32 | 000,015,872 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2009/07/14 02:16:32 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\amd64_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.1.7600.16385_none_37a129135e68497e\tdpipe.sys
 
[color=#A23BEC]< MD5 for: [2009/07/14 02:16:32 | 000,023,552 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2009/07/14 02:16:32 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\amd64_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.1.7600.16385_none_37a129135e68497e\tdtcp.sys
 
[color=#A23BEC]< MD5 for: [2009/07/14 02:16:48 | 000,204,800 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2009/07/14 02:16:48 | 000,204,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\amd64_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7600.16385_none_a76a79eeeeb38f01\rdpwd.sys
 
[color=#A23BEC]< MD5 for: [2009/07/14 02:35:32 | 000,041,984 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2009/07/14 02:35:32 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\DriverStore\FileRepository\sti.inf_amd64_neutral_9d9a7113099a28a2\usbscan.sys
[2009/07/14 02:35:32 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\amd64_sti.inf_31bf3856ad364e35_6.1.7600.16385_none_b5d3c30ffa77a77a\usbscan.sys
 
[color=#A23BEC]< MD5 for: [2009/07/14 02:38:18 | 000,025,088 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2009/07/14 02:38:18 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\DriverStore\FileRepository\usbprint.inf_amd64_neutral_54948be2bc4bcdd1\usbprint.sys
[2009/07/14 02:38:18 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\amd64_usbprint.inf_31bf3856ad364e35_6.1.7600.16385_none_8eeeb411db1b01c5\usbprint.sys
 
[color=#A23BEC]< MD5 for: [2009/07/14 03:15:06 | 000,012,288 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
[color=#A23BEC]< MD5 for: [2009/07/14 03:16:02 | 000,563,712 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
[color=#A23BEC]< MD5 for: [2009/07/14 03:16:13 | 000,175,616 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
 
[color=#A23BEC]< MD5 for: [2009/07/14 03:40:20 | 000,018,944 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
[color=#A23BEC]< MD5 for: [2009/07/14 03:41:52 | 000,692,736 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2009/07/14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
 
[color=#A23BEC]< MD5 for: [2009/07/14 03:41:53 | 000,232,448 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2009/07/14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
 
[color=#A23BEC]< MD5 for: [2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA CORPORATION)  >[/color]
[2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
 
[color=#A23BEC]< MD5 for: [2009/07/14 03:45:55 | 001,898,576 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2009/07/14 03:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
 
[color=#A23BEC]< MD5 for: [2009/07/14 03:47:48 | 000,073,280 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2009/07/14 03:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\DriverStore\FileRepository\disk.inf_amd64_neutral_10ce25bbc5a9cc43\disk.sys
[2009/07/14 03:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_55bb738b8ddd8a01\disk.sys
 
[color=#A23BEC]< MD5 for: [2009/07/14 03:48:04 | 000,410,688 | ---- | M] (INTEL CORPORATION)  >[/color]
[2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
[color=#A23BEC]< MD5 for: [2009/07/14 03:48:27 | 000,947,776 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2009/07/14 03:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys
 
[color=#A23BEC]< MD5 for: [2009/07/14 03:52:21 | 000,024,128 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
 
[color=#A23BEC]< MD5 for: [2009/07/14 03:52:21 | 000,061,008 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
 
[color=#A23BEC]< MD5 for: [2010/06/14 08:37:36 | 001,896,832 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2010/06/14 08:37:36 | 001,896,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59b7ad7fe2fcc8\tcpip.sys
 
[color=#A23BEC]< MD5 for: [2010/06/14 08:39:16 | 001,889,152 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2010/06/14 08:39:16 | 001,889,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079\tcpip.sys
 
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
 
[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
 
[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles  >[/color]

< End of report >
PRC - C:\Users\Riou Sébastien\Desktop\OTL.exe (OldTimer Tools)
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - C:\Users\Riou Sébastien\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\wpdshext.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\GdiPlus.dll (Microsoft Corporation)
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (Application Updater) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (lxed_device) -- C:\Windows\SysWow64\lxedcoms.exe ( )
SRV - (MDM) -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2297721
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2E AA C4 DE F3 87 CA 01  [binary data]
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "Google Powered Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:1.1.2
FF - prefs.js..extensions.enabledItems: radiobar@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.7.2.0
FF - prefs.js..keyword.URL: "http://fr.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=302398&p="
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/07/23 20:16:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/07/23 20:16:45 | 000,000,000 | ---D | M]
 
[2010/01/03 16:00:19 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\mozilla\Extensions
[2010/08/23 16:00:30 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\mozilla\Firefox\Profiles\xbzwzwe7.default\extensions
[2010/08/03 14:11:49 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Riou Sébastien\AppData\Roaming\mozilla\Firefox\Profiles\xbzwzwe7.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/08/19 12:51:10 | 000,000,000 | ---D | M] (Vuze Remote Toolbar) -- C:\Users\Riou Sébastien\AppData\Roaming\mozilla\Firefox\Profiles\xbzwzwe7.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2010/07/22 18:16:44 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\mozilla\Firefox\Profiles\xbzwzwe7.default\extensions\radiobar@toolbar
[2010/08/19 12:54:16 | 000,000,911 | ---- | M] () -- C:\Users\Riou Sébastien\AppData\Roaming\Mozilla\FireFox\Profiles\xbzwzwe7.default\searchplugins\conduit.xml
[2010/06/30 23:03:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/06/30 23:03:10 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/05/25 08:38:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/12 17:59:34 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2010/04/07 19:33:01 | 000,001,516 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/04/07 19:33:01 | 000,001,822 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/04/07 19:33:01 | 000,000,757 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/04/07 19:33:01 | 000,001,426 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/04/07 19:33:01 | 000,000,652 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-france.xml
 
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Lexmark Barre d'outils) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Lexmark Barre d'outils) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\..\Toolbar\WebBrowser: (Lexmark Barre d'outils) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000..\Run: [Metropolis] C:\Users\RIOUSB~1\AppData\Local\Temp\sshnas21.DLL File not found
O4 - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000..\Run: [XBV6RD5SZF] C:\Users\Riou Sébastien\AppData\Local\Temp\Ul1.exe (ApexDC++ Development Team)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000..\RunOnce: [43278680] C:\Users\Riou Sébastien\AppData\Local\43278680.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1ea19335-078e-11df-b2f0-001a6b7622c5}\Shell - "" = AutoRun
O33 - MountPoints2\{1ea19335-078e-11df-b2f0-001a6b7622c5}\Shell\AutoRun\command - "" = F:\WD SmartWare.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 7 Days ==========[/color]
 
[2010/08/25 11:33:10 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Riou Sébastien\Desktop\OTL.exe
[2010/08/25 11:15:19 | 000,194,560 | ---- | C] (ApexDC++ Development Team) -- C:\Windows\Umuzaf.exe
[2010/08/24 15:37:19 | 000,194,560 | ---- | C] (ApexDC++ Development Team) -- C:\Windows\Umuzae.exe
[2010/08/24 14:54:21 | 000,000,000 | ---D | C] -- C:\Users\Riou Sébastien\AppData\Roaming\Malwarebytes
[2010/08/24 14:54:15 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/08/24 14:54:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/08/24 14:54:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/08/24 14:27:36 | 000,194,560 | ---- | C] (ApexDC++ Development Team) -- C:\Windows\Umuzad.exe
[2010/08/23 23:39:54 | 000,000,000 | ---D | C] -- C:\ProgramData\3ef1bc1
[2010/08/23 23:38:12 | 000,194,560 | ---- | C] (ApexDC++ Development Team) -- C:\Windows\Umuzac.exe
[2010/08/23 23:10:15 | 000,194,560 | ---- | C] (ApexDC++ Development Team) -- C:\Windows\Umuzab.exe
[2010/08/23 22:54:16 | 000,194,560 | ---- | C] (ApexDC++ Development Team) -- C:\Windows\Umuzaa.exe
[2010/08/19 12:52:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUpMedia
[2010/08/19 12:52:48 | 000,000,000 | ---D | C] -- C:\Users\Riou Sébastien\AppData\Roaming\TuneUpMedia
[2010/08/19 12:52:45 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUpMedia
[2010/08/19 12:52:43 | 000,000,000 | ---D | C] -- C:\Users\Riou Sébastien\Documents\Vuze Downloads
[2010/08/19 12:51:49 | 000,000,000 | ---D | C] -- C:\Users\Riou Sébastien\AppData\Roaming\Azureus
[2010/08/19 12:51:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vuze
[2010/08/19 12:51:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2010/08/19 12:51:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vuze_Remote
[2010/04/05 12:06:38 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedinpa.dll
[2010/04/05 12:06:38 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lxediesc.dll
[2010/04/05 12:06:37 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedserv.dll
[2010/04/05 12:06:37 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedusb1.dll
[2010/04/05 12:06:37 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedcomc.dll
[2010/04/05 12:06:37 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedhbn3.dll
[2010/04/05 12:06:37 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedpmui.dll
[2010/04/05 12:06:37 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedlmpm.dll
[2010/04/05 12:06:37 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedcomm.dll
[1 C:\Users\Riou Sébastien\Desktop\*.tmp files -> C:\Users\Riou Sébastien\Desktop\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 7 Days ==========[/color]
 
[2010/08/25 19:24:31 | 003,932,160 | -HS- | M] () -- C:\Users\Riou Sébastien\ntuser.dat
[2010/08/25 19:04:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/25 19:03:47 | 1609,134,080 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/25 19:02:52 | 001,291,340 | -H-- | M] () -- C:\Users\Riou Sébastien\AppData\Local\IconCache.db
[2010/08/25 19:01:08 | 000,000,322 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/08/25 18:58:20 | 000,001,078 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/25 18:58:15 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/25 18:42:04 | 000,000,216 | -H-- | M] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2010/08/25 18:14:07 | 000,001,082 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/25 11:33:16 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Riou Sébastien\Desktop\OTL.exe
[2010/08/24 14:54:17 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/24 14:32:05 | 000,363,520 | ---- | M] () -- C:\Users\Riou Sébastien\Desktop\rkill.com
[2010/08/23 18:49:42 | 001,084,416 | ---- | M] () -- C:\Users\Riou Sébastien\AppData\Local\43278680.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzaf.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzae.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzad.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzac.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzab.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzaa.exe
[2010/08/19 12:51:34 | 000,001,852 | ---- | M] () -- C:\Users\Riou Sébastien\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2010/08/19 12:51:34 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[1 C:\Users\Riou Sébastien\Desktop\*.tmp files -> C:\Users\Riou Sébastien\Desktop\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2010/08/24 14:54:17 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/24 14:32:03 | 000,363,520 | ---- | C] () -- C:\Users\Riou Sébastien\Desktop\rkill.com
[2010/08/23 18:49:42 | 001,084,416 | ---- | C] () -- C:\Users\Riou Sébastien\AppData\Local\43278680.exe
[2010/08/23 18:48:29 | 000,000,322 | -H-- | C] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/08/23 18:48:22 | 000,000,216 | -H-- | C] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2010/08/19 12:51:34 | 000,001,852 | ---- | C] () -- C:\Users\Riou Sébastien\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2010/08/19 12:51:34 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\Vuze.lnk
[2010/06/30 23:09:40 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/04/05 12:28:59 | 000,028,130 | ---- | C] () -- C:\ProgramData\lxedJSW.log
[2010/04/05 12:28:38 | 000,000,252 | ---- | C] () -- C:\ProgramData\FastPics.log
[2010/04/05 12:20:00 | 000,000,077 | ---- | C] () -- C:\ProgramData\lxed.log
[2010/04/05 12:08:12 | 000,033,570 | ---- | C] () -- C:\ProgramData\lxedscan.log
[2010/04/05 12:06:38 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxedcomx.dll
[2010/04/05 12:06:38 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\LXEDinst.dll
[2010/04/05 12:06:38 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\lxedinsr.dll
[2010/04/05 12:06:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxedjswr.dll
[2010/04/05 12:06:38 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxedcur.dll
[2010/04/05 12:06:37 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxedins.dll
[2010/04/05 12:06:37 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxedinsb.dll
[2010/04/05 12:06:37 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxedcu.dll
[2010/04/05 12:06:37 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxedcub.dll
[2010/04/05 12:01:34 | 000,000,000 | ---- | C] () -- C:\ProgramData\cmn_upld.log
[2010/04/05 12:01:33 | 000,000,000 | ---- | C] () -- C:\ProgramData\LxWbGwLog.log
[2010/04/05 12:01:19 | 000,000,000 | ---- | C] () -- C:\ProgramData\UpdaterLog.txt
[2010/04/05 12:01:04 | 000,024,064 | ---- | C] () -- C:\Windows\SysWow64\LXEDsmr.dll
[2010/04/05 12:01:03 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\LXEDsm.dll
[2009/12/27 18:03:45 | 001,503,232 | ---- | C] () -- C:\Windows\SysWow64\nView.dll
[2009/12/27 18:03:45 | 001,101,824 | ---- | C] () -- C:\Windows\SysWow64\nvwimg.dll
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2010/01/14 16:42:01 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\ArchiFacile
[2010/02/01 13:15:18 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Autodesk
[2010/08/19 13:12:10 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Azureus
[2010/08/19 12:48:45 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\BitTorrent
[2009/12/28 19:48:31 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\DAEMON Tools Lite
[2010/01/12 17:59:49 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Foxit
[2010/05/25 10:24:53 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Foxit Software
[2010/05/28 17:47:07 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\PDF Software
[2010/01/11 12:33:47 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Peace Craft
[2010/08/20 15:15:29 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\TuneUpMedia
[2010/07/05 12:13:54 | 000,032,496 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/08/25 19:01:08 | 000,000,322 | -H-- | M] () -- C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/08/25 18:42:04 | 000,000,216 | -H-- | M] () -- C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Custom Scans ==========[/color]
 
 
[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]
 
[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*. >[/color]
 
[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.exe /s >[/color]
 
[color=#A23BEC]< %APPDATA%\*. >[/color]
[2010/05/26 22:41:06 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Adobe
[2010/02/23 21:31:20 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Apple Computer
[2010/01/14 16:42:01 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\ArchiFacile
[2010/02/01 13:15:18 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Autodesk
[2010/08/19 13:12:10 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Azureus
[2010/08/19 12:48:45 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\BitTorrent
[2009/12/28 19:48:31 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\DAEMON Tools Lite
[2010/08/19 13:12:48 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\dvdcss
[2010/01/12 17:59:49 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Foxit
[2010/05/25 10:24:53 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Foxit Software
[2010/01/13 15:38:22 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Google
[2010/07/08 11:34:11 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Identities
[2010/01/03 16:18:29 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Macromedia
[2010/08/24 14:54:21 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Malwarebytes
[2009/07/14 17:35:05 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Media Center Programs
[2010/04/28 15:23:33 | 000,000,000 | --SD | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Microsoft
[2010/08/20 15:15:03 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Mozilla
[2009/12/28 20:25:42 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Nero
[2010/05/28 17:47:07 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\PDF Software
[2010/01/11 12:33:47 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Peace Craft
[2010/08/15 20:15:10 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Skype
[2010/08/15 20:02:13 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\skypePM
[2010/08/20 15:15:29 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\TuneUpMedia
[2010/08/20 15:18:57 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\vlc
[2010/01/01 13:10:28 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\WinRAR
 
[color=#A23BEC]< %APPDATA%\*.exe /s >[/color]
[2010/08/19 13:07:44 | 004,177,856 | ---- | M] () -- C:\Users\Riou Sébastien\AppData\Roaming\Azureus\plugins\azemp\vuzeplayer.exe
[2010/08/19 12:52:21 | 000,310,208 | ---- | M] (Georgia Institute of Technology) -- C:\Users\Riou Sébastien\AppData\Roaming\Azureus\plugins\mlab\ShaperProbeC.exe
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
 
 
[color=#A23BEC]< MD5 for: AGP440.SYS  >[/color]
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
 
[color=#A23BEC]< MD5 for: ATAPI.SYS  >[/color]
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
 
[color=#A23BEC]< MD5 for: CDROM.SYS  >[/color]
[2009/07/14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysWow64\DriverStore\FileRepository\cdrom.inf_amd64_neutral_8363d00ecae4322d\cdrom.sys
[2009/07/14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys
 
[color=#A23BEC]< MD5 for: CNGAUDIT.DLL  >[/color]
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
[color=#A23BEC]< MD5 for: DISK.SYS  >[/color]
[2009/07/14 03:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysWow64\DriverStore\FileRepository\disk.inf_amd64_neutral_10ce25bbc5a9cc43\disk.sys
[2009/07/14 03:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_55bb738b8ddd8a01\disk.sys
 
[color=#A23BEC]< MD5 for: IASTORV.SYS  >[/color]
[2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
[color=#A23BEC]< MD5 for: NDIS.SYS  >[/color]
[2009/07/14 03:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys
 
[color=#A23BEC]< MD5 for: NETLOGON.DLL  >[/color]
[2009/07/14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
[color=#A23BEC]< MD5 for: NVSTOR.SYS  >[/color]
[2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
 
[color=#A23BEC]< MD5 for: RASACD.SYS  >[/color]
[2009/07/14 02:10:09 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=5A0DA8AD5762FA2D91678A8A01311704 -- C:\Windows\winsxs\amd64_microsoft-windows-rasautodial_31bf3856ad364e35_6.1.7600.16385_none_6bcef05d7f04260a\rasacd.sys
 
[color=#A23BEC]< MD5 for: RDPWD.SYS  >[/color]
[2009/07/14 02:16:48 | 000,204,800 | ---- | M] (Microsoft Corporation) MD5=8A3E6BEA1C53EA6177FE2B6EBA2C80D7 -- C:\Windows\winsxs\amd64_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7600.16385_none_a76a79eeeeb38f01\rdpwd.sys
 
[color=#A23BEC]< MD5 for: SCECLI.DLL  >[/color]
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
 
[color=#A23BEC]< MD5 for: SFLOPPY.SYS  >[/color]
[2009/07/14 02:01:02 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=A9D601643A1647211A1EE2EC4E433FF4 -- C:\Windows\SysWow64\DriverStore\FileRepository\flpydisk.inf_amd64_neutral_f54222cc59267e1e\sfloppy.sys
[2009/07/14 02:01:02 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=A9D601643A1647211A1EE2EC4E433FF4 -- C:\Windows\winsxs\amd64_flpydisk.inf_31bf3856ad364e35_6.1.7600.16385_none_42ff01d4942cc5ea\sfloppy.sys
 
[color=#A23BEC]< MD5 for: TCPIP.SYS  >[/color]
[2010/06/14 08:39:16 | 001,889,152 | ---- | M] (Microsoft Corporation) MD5=542C6767C68C9D6AAACA59436B0D15C2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079\tcpip.sys
[2010/06/14 08:37:36 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59b7ad7fe2fcc8\tcpip.sys
[2009/07/14 03:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
 
[color=#A23BEC]< MD5 for: TDPIPE.SYS  >[/color]
[2009/07/14 02:16:32 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=3371D21011695B16333A3934340C4E7C -- C:\Windows\winsxs\amd64_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.1.7600.16385_none_37a129135e68497e\tdpipe.sys
 
[color=#A23BEC]< MD5 for: TDTCP.SYS  >[/color]
[2009/07/14 02:16:32 | 000,023,552 | ---- | M] (Microsoft Corporation) MD5=E4245BDA3190A582D55ED09E137401A9 -- C:\Windows\winsxs\amd64_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.1.7600.16385_none_37a129135e68497e\tdtcp.sys
 
[color=#A23BEC]< MD5 for: USBPRINT.SYS  >[/color]
[2009/07/14 02:38:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=73188F58FB384E75C4063D29413CEE3D -- C:\Windows\SysWow64\DriverStore\FileRepository\usbprint.inf_amd64_neutral_54948be2bc4bcdd1\usbprint.sys
[2009/07/14 02:38:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=73188F58FB384E75C4063D29413CEE3D -- C:\Windows\winsxs\amd64_usbprint.inf_31bf3856ad364e35_6.1.7600.16385_none_8eeeb411db1b01c5\usbprint.sys
 
[color=#A23BEC]< MD5 for: USBSCAN.SYS  >[/color]
[2009/07/14 02:35:32 | 000,041,984 | ---- | M] (Microsoft Corporation) MD5=AAA2513C8AED8B54B189FD0C6B1634C0 -- C:\Windows\SysWow64\DriverStore\FileRepository\sti.inf_amd64_neutral_9d9a7113099a28a2\usbscan.sys
[2009/07/14 02:35:32 | 000,041,984 | ---- | M] (Microsoft Corporation) MD5=AAA2513C8AED8B54B189FD0C6B1634C0 -- C:\Windows\winsxs\amd64_sti.inf_31bf3856ad364e35_6.1.7600.16385_none_b5d3c30ffa77a77a\usbscan.sys
 
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]

[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
 
[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles  >[/color]

< End of report >


Et un dernier que je prépare !
Avatar de l'utilisateur
Skynet
Moderateur
Moderateur
 
Messages: 14807
Inscription: 19 Juil 2007 21:12
 

Message le 25 Aoû 2010 21:44

Impossible d'éditer, je suis obligé de poster à suivre pour ce dernier. Je comprends que clair_ette a eu du mal.

Code: Tout sélectionner
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/07/23 20:16:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/07/23 20:16:45 | 000,000,000 | ---D | M]
 
[2010/01/03 16:00:19 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\mozilla\Extensions
[2010/08/23 16:00:30 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\mozilla\Firefox\Profiles\xbzwzwe7.default\extensions
[2010/08/03 14:11:49 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Riou Sébastien\AppData\Roaming\mozilla\Firefox\Profiles\xbzwzwe7.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/08/19 12:51:10 | 000,000,000 | ---D | M] (Vuze Remote Toolbar) -- C:\Users\Riou Sébastien\AppData\Roaming\mozilla\Firefox\Profiles\xbzwzwe7.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2010/07/22 18:16:44 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\mozilla\Firefox\Profiles\xbzwzwe7.default\extensions\radiobar@toolbar
[2010/08/19 12:54:16 | 000,000,911 | ---- | M] () -- C:\Users\Riou Sébastien\AppData\Roaming\Mozilla\FireFox\Profiles\xbzwzwe7.default\searchplugins\conduit.xml
[2010/06/30 23:03:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/06/30 23:03:10 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/05/25 08:38:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/12 17:59:34 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2010/04/07 19:33:01 | 000,001,516 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/04/07 19:33:01 | 000,001,822 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/04/07 19:33:01 | 000,000,757 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/04/07 19:33:01 | 000,001,426 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/04/07 19:33:01 | 000,000,652 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-france.xml
 
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Lexmark Barre d'outils) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Lexmark Barre d'outils) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
[2010/08/25 19:39:50 | 003,932,160 | -HS- | M] () -- C:\Users\Riou Sébastien\ntuser.dat
[2010/08/25 19:02:52 | 001,291,340 | -H-- | M] () -- C:\Users\Riou Sébastien\AppData\Local\IconCache.db
[2010/08/25 11:33:16 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Riou Sébastien\Desktop\OTL.exe
[2010/08/24 14:54:17 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/24 14:32:05 | 000,363,520 | ---- | M] () -- C:\Users\Riou Sébastien\Desktop\rkill.com
[2010/08/23 18:49:42 | 001,084,416 | ---- | M] () -- C:\Users\Riou Sébastien\AppData\Local\43278680.exe
[2010/08/19 12:51:34 | 000,001,852 | ---- | M] () -- C:\Users\Riou Sébastien\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2010/08/19 12:51:34 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[1 C:\Users\Riou Sébastien\Desktop\*.tmp files -> C:\Users\Riou Sébastien\Desktop\*.tmp -> ]
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2010/01/14 16:42:01 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\ArchiFacile
[2010/02/01 13:15:18 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Autodesk
[2010/08/19 13:12:10 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Azureus
[2010/08/19 12:48:45 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\BitTorrent
[2009/12/28 19:48:31 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\DAEMON Tools Lite
[2010/01/12 17:59:49 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Foxit
[2010/05/25 10:24:53 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Foxit Software
[2010/05/28 17:47:07 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\PDF Software
[2010/01/11 12:33:47 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Peace Craft
[2010/08/20 15:15:29 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\TuneUpMedia
[2010/07/05 12:13:54 | 000,032,496 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/08/25 19:01:08 | 000,000,322 | -H-- | M] () -- C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/08/25 18:42:04 | 000,000,216 | -H-- | M] () -- C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Custom Scans ==========[/color]
 
 
[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]
 
[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*. >[/color]
 
[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.exe /s >[/color]
 
[color=#A23BEC]< %APPDATA%\*. >[/color]
[2010/05/26 22:41:06 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Adobe
[2010/02/23 21:31:20 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Apple Computer
[2010/01/14 16:42:01 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\ArchiFacile
[2010/02/01 13:15:18 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Autodesk
[2010/08/19 13:12:10 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Azureus
[2010/08/19 12:48:45 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\BitTorrent
[2009/12/28 19:48:31 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\DAEMON Tools Lite
[2010/08/19 13:12:48 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\dvdcss
[2010/01/12 17:59:49 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Foxit
[2010/05/25 10:24:53 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Foxit Software
[2010/01/13 15:38:22 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Google
[2010/07/08 11:34:11 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Identities
[2010/01/03 16:18:29 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Macromedia
[2010/08/24 14:54:21 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Malwarebytes
[2009/07/14 17:35:05 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Media Center Programs
[2010/04/28 15:23:33 | 000,000,000 | --SD | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Microsoft
[2010/08/20 15:15:03 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Mozilla
[2009/12/28 20:25:42 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Nero
[2010/05/28 17:47:07 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\PDF Software
[2010/01/11 12:33:47 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Peace Craft
[2010/08/15 20:15:10 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Skype
[2010/08/15 20:02:13 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\skypePM
[2010/08/20 15:15:29 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\TuneUpMedia
[2010/08/20 15:18:57 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\vlc
[2010/01/01 13:10:28 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\WinRAR
 
[color=#A23BEC]< %APPDATA%\*.exe /s >[/color]
[2010/08/19 13:07:44 | 004,177,856 | ---- | M] () -- C:\Users\Riou Sébastien\AppData\Roaming\Azureus\plugins\azemp\vuzeplayer.exe
[2010/08/19 12:52:21 | 000,310,208 | ---- | M] (Georgia Institute of Technology) -- C:\Users\Riou Sébastien\AppData\Roaming\Azureus\plugins\mlab\ShaperProbeC.exe
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
 
 
[color=#A23BEC]< MD5 for: AGP440.SYS  >[/color]
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
 
[color=#A23BEC]< MD5 for: ATAPI.SYS  >[/color]
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
 
[color=#A23BEC]< MD5 for: CDROM.SYS  >[/color]
[2009/07/14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysWow64\DriverStore\FileRepository\cdrom.inf_amd64_neutral_8363d00ecae4322d\cdrom.sys
[2009/07/14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys
 
[color=#A23BEC]< MD5 for: CNGAUDIT.DLL  >[/color]
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
[color=#A23BEC]< MD5 for: DISK.SYS  >[/color]
[2009/07/14 03:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysWow64\DriverStore\FileRepository\disk.inf_amd64_neutral_10ce25bbc5a9cc43\disk.sys
[2009/07/14 03:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_55bb738b8ddd8a01\disk.sys
 
[color=#A23BEC]< MD5 for: IASTORV.SYS  >[/color]
[2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
[color=#A23BEC]< MD5 for: NDIS.SYS  >[/color]
[2009/07/14 03:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys
 
[color=#A23BEC]< MD5 for: NETLOGON.DLL  >[/color]
[2009/07/14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
[color=#A23BEC]< MD5 for: NVSTOR.SYS  >[/color]
[2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
 
[color=#A23BEC]< MD5 for: RASACD.SYS  >[/color]
[2009/07/14 02:10:09 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=5A0DA8AD5762FA2D91678A8A01311704 -- C:\Windows\winsxs\amd64_microsoft-windows-rasautodial_31bf3856ad364e35_6.1.7600.16385_none_6bcef05d7f04260a\rasacd.sys
 
[color=#A23BEC]< MD5 for: RDPWD.SYS  >[/color]
[2009/07/14 02:16:48 | 000,204,800 | ---- | M] (Microsoft Corporation) MD5=8A3E6BEA1C53EA6177FE2B6EBA2C80D7 -- C:\Windows\winsxs\amd64_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7600.16385_none_a76a79eeeeb38f01\rdpwd.sys
 
[color=#A23BEC]< MD5 for: SCECLI.DLL  >[/color]
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
 
[color=#A23BEC]< MD5 for: SFLOPPY.SYS  >[/color]
[2009/07/14 02:01:02 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=A9D601643A1647211A1EE2EC4E433FF4 -- C:\Windows\SysWow64\DriverStore\FileRepository\flpydisk.inf_amd64_neutral_f54222cc59267e1e\sfloppy.sys
[2009/07/14 02:01:02 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=A9D601643A1647211A1EE2EC4E433FF4 -- C:\Windows\winsxs\amd64_flpydisk.inf_31bf3856ad364e35_6.1.7600.16385_none_42ff01d4942cc5ea\sfloppy.sys
 
[color=#A23BEC]< MD5 for: TCPIP.SYS  >[/color]
[2010/06/14 08:39:16 | 001,889,152 | ---- | M] (Microsoft Corporation) MD5=542C6767C68C9D6AAACA59436B0D15C2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079\tcpip.sys
[2010/06/14 08:37:36 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59b7ad7fe2fcc8\tcpip.sys
[2009/07/14 03:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
 
[color=#A23BEC]< MD5 for: TDPIPE.SYS  >[/color]
[2009/07/14 02:16:32 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=3371D21011695B16333A3934340C4E7C -- C:\Windows\winsxs\amd64_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.1.7600.16385_none_37a129135e68497e\tdpipe.sys
 
[color=#A23BEC]< MD5 for: TDTCP.SYS  >[/color]
[2009/07/14 02:16:32 | 000,023,552 | ---- | M] (Microsoft Corporation) MD5=E4245BDA3190A582D55ED09E137401A9 -- C:\Windows\winsxs\amd64_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.1.7600.16385_none_37a129135e68497e\tdtcp.sys
 
[color=#A23BEC]< MD5 for: USBPRINT.SYS  >[/color]
[2009/07/14 02:38:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=73188F58FB384E75C4063D29413CEE3D -- C:\Windows\SysWow64\DriverStore\FileRepository\usbprint.inf_amd64_neutral_54948be2bc4bcdd1\usbprint.sys
[2009/07/14 02:38:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=73188F58FB384E75C4063D29413CEE3D -- C:\Windows\winsxs\amd64_usbprint.inf_31bf3856ad364e35_6.1.7600.16385_none_8eeeb411db1b01c5\usbprint.sys
 
[color=#A23BEC]< MD5 for: USBSCAN.SYS  >[/color]
[2009/07/14 02:35:32 | 000,041,984 | ---- | M] (Microsoft Corporation) MD5=AAA2513C8AED8B54B189FD0C6B1634C0 -- C:\Windows\SysWow64\DriverStore\FileRepository\sti.inf_amd64_neutral_9d9a7113099a28a2\usbscan.sys
[2009/07/14 02:35:32 | 000,041,984 | ---- | M] (Microsoft Corporation) MD5=AAA2513C8AED8B54B189FD0C6B1634C0 -- C:\Windows\winsxs\amd64_sti.inf_31bf3856ad364e35_6.1.7600.16385_none_b5d3c30ffa77a77a\usbscan.sys
 
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
 
[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
 
[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles  >[/color]

< End of report >
[2010/08/25 19:45:51 | 003,932,160 | -HS- | M] () -- C:\Users\Riou Sébastien\ntuser.dat
[2010/08/25 19:45:50 | 000,262,144 | -HS- | M] () -- C:\Users\Riou Sébastien\ntuser.dat.LOG1
[2010/08/25 19:17:34 | 000,000,000 | R--D | M] -- C:\Users\Riou Sébastien\Desktop
[2010/08/25 19:09:11 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Local\Temp
[2010/08/25 19:04:52 | 000,000,000 | R--D | M] -- C:\Users\Riou Sébastien\Downloads
[2010/08/25 19:04:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/25 19:02:52 | 001,291,340 | -H-- | M] () -- C:\Users\Riou Sébastien\AppData\Local\IconCache.db
[2010/08/25 19:01:08 | 000,000,322 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/08/25 19:00:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox
[2010/08/25 18:58:22 | 000,033,570 | ---- | M] () -- C:\ProgramData\lxedscan.log
[2010/08/25 18:58:20 | 000,001,078 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/25 18:58:15 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/25 18:42:04 | 000,000,216 | -H-- | M] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2010/08/25 18:14:07 | 000,001,082 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/25 11:33:16 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Riou Sébastien\Desktop\OTL.exe
[2010/08/24 14:54:21 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Malwarebytes
[2010/08/24 14:54:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/08/24 14:54:17 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/24 14:54:14 | 000,000,000 | ---D | M] -- C:\ProgramData\Malwarebytes
[2010/08/24 14:32:05 | 000,363,520 | ---- | M] () -- C:\Users\Riou Sébastien\Desktop\rkill.com
[2010/08/23 23:39:54 | 000,000,000 | ---D | M] -- C:\ProgramData\3ef1bc1
[2010/08/23 18:49:42 | 001,084,416 | ---- | M] () -- C:\Users\Riou Sébastien\AppData\Local\43278680.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzaf.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzae.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzad.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzac.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzab.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzaa.exe
[2010/08/23 14:11:24 | 000,000,000 | R--D | M] -- C:\Users\Riou Sébastien\Videos
[2010/08/20 15:18:57 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\vlc
[2010/08/20 15:15:29 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\TuneUpMedia
[2010/08/20 15:15:03 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Mozilla
[2010/08/20 15:14:56 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Local\VirtualStore
[2010/08/19 13:12:48 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\dvdcss
[2010/08/19 13:12:10 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Azureus
[2010/08/19 12:53:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\TuneUpMedia
[2010/08/19 12:53:02 | 000,000,000 | ---D | M] -- C:\ProgramData\TuneUpMedia
[2010/08/19 12:53:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\iTunes
[2010/08/19 12:52:43 | 000,000,000 | R--D | M] -- C:\Users\Riou Sébastien\Documents
[2010/08/19 12:51:34 | 000,001,852 | ---- | M] () -- C:\Users\Riou Sébastien\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2010/08/19 12:51:34 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[2010/08/19 12:51:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Vuze
[2010/08/19 12:51:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Vuze_Remote
[2010/08/19 12:51:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Conduit
[2010/08/19 12:48:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\BitTorrent
[2010/08/19 12:48:45 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\BitTorrent
[2010/08/16 17:59:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2010/08/15 20:15:10 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Skype
[2010/08/15 20:02:13 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\skypePM
[2010/08/09 08:09:20 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Local\Diagnostics
[2010/08/09 08:09:19 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Local\Microsoft
[2010/08/07 18:11:51 | 000,000,000 | R--D | M] -- C:\Users\Riou Sébastien\Searches
[2010/08/07 18:11:51 | 000,000,000 | R--D | M] -- C:\Users\Riou Sébastien\Saved Games
[2010/08/07 18:11:51 | 000,000,000 | R--D | M] -- C:\Users\Riou Sébastien\Pictures
[2010/08/07 18:11:51 | 000,000,000 | R--D | M] -- C:\Users\Riou Sébastien\Music
[2010/08/07 18:11:51 | 000,000,000 | R--D | M] -- C:\Users\Riou Sébastien\Links
[2010/08/07 18:11:51 | 000,000,000 | R--D | M] -- C:\Users\Riou Sébastien\Favorites
[2010/08/07 18:11:51 | 000,000,000 | R--D | M] -- C:\Users\Riou Sébastien\Contacts
[2010/07/28 22:40:16 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Local\Zylom Games
[2010/07/07 16:14:10 | 000,028,130 | ---- | M] () -- C:\ProgramData\lxedJSW.log
[2010/06/30 23:09:40 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2010/04/23 16:24:21 | 000,141,248 | ---- | M] () -- C:\Users\Riou Sébastien\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/04/05 12:28:38 | 000,000,252 | ---- | M] () -- C:\ProgramData\FastPics.log
[2010/04/05 12:20:00 | 000,000,077 | ---- | M] () -- C:\ProgramData\lxed.log
[2010/04/05 12:01:34 | 000,000,000 | ---- | M] () -- C:\ProgramData\cmn_upld.log
[2010/04/05 12:01:33 | 000,000,000 | ---- | M] () -- C:\ProgramData\LxWbGwLog.log
[2010/04/05 12:01:19 | 000,000,000 | ---- | M] () -- C:\ProgramData\UpdaterLog.txt
[2009/07/14 06:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
[1 C:\Users\Riou Sébastien\Desktop\*.tmp files -> C:\Users\Riou Sébastien\Desktop\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 7 Days ==========[/color]
 
[2010/08/25 19:46:11 | 003,932,160 | -HS- | M] () -- C:\Users\Riou Sébastien\ntuser.dat
[2010/08/25 19:04:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/25 19:03:47 | 1609,134,080 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/25 19:02:52 | 001,291,340 | -H-- | M] () -- C:\Users\Riou Sébastien\AppData\Local\IconCache.db
[2010/08/25 19:01:08 | 000,000,322 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/08/25 18:58:20 | 000,001,078 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/25 18:58:15 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/25 18:42:04 | 000,000,216 | -H-- | M] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2010/08/25 18:14:07 | 000,001,082 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/25 11:33:16 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Riou Sébastien\Desktop\OTL.exe
[2010/08/24 14:54:17 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/24 14:32:05 | 000,363,520 | ---- | M] () -- C:\Users\Riou Sébastien\Desktop\rkill.com
[2010/08/23 18:49:42 | 001,084,416 | ---- | M] () -- C:\Users\Riou Sébastien\AppData\Local\43278680.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzaf.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzae.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzad.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzac.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzab.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzaa.exe
[2010/08/19 12:51:34 | 000,001,852 | ---- | M] () -- C:\Users\Riou Sébastien\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2010/08/19 12:51:34 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[1 C:\Users\Riou Sébastien\Desktop\*.tmp files -> C:\Users\Riou Sébastien\Desktop\*.tmp -> ]
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2010/01/14 16:42:01 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\ArchiFacile
[2010/02/01 13:15:18 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Autodesk
[2010/08/19 13:12:10 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Azureus
[2010/08/19 12:48:45 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\BitTorrent
[2009/12/28 19:48:31 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\DAEMON Tools Lite
[2010/01/12 17:59:49 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Foxit
[2010/05/25 10:24:53 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Foxit Software
[2010/05/28 17:47:07 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\PDF Software
[2010/01/11 12:33:47 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Peace Craft
[2010/08/20 15:15:29 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\TuneUpMedia
[2010/07/05 12:13:54 | 000,032,496 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/08/25 19:01:08 | 000,000,322 | -H-- | M] () -- C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/08/25 18:42:04 | 000,000,216 | -H-- | M] () -- C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Custom Scans ==========[/color]
 
 
[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]
 
[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*. >[/color]
 
[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.exe /s >[/color]
 
[color=#A23BEC]< %APPDATA%\*. >[/color]
[2010/05/26 22:41:06 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Adobe
[2010/02/23 21:31:20 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Apple Computer
[2010/01/14 16:42:01 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\ArchiFacile
[2010/02/01 13:15:18 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Autodesk
[2010/08/19 13:12:10 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Azureus
[2010/08/19 12:48:45 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\BitTorrent
[2009/12/28 19:48:31 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\DAEMON Tools Lite
[2010/08/19 13:12:48 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\dvdcss
[2010/01/12 17:59:49 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Foxit
[2010/05/25 10:24:53 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Foxit Software
[2010/01/13 15:38:22 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Google
[2010/07/08 11:34:11 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Identities
[2010/01/03 16:18:29 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Macromedia
[2010/08/24 14:54:21 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Malwarebytes
[2009/07/14 17:35:05 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Media Center Programs
[2010/04/28 15:23:33 | 000,000,000 | --SD | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Microsoft
[2010/08/20 15:15:03 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Mozilla
[2009/12/28 20:25:42 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Nero
[2010/05/28 17:47:07 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\PDF Software
[2010/01/11 12:33:47 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Peace Craft
[2010/08/15 20:15:10 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Skype
[2010/08/15 20:02:13 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\skypePM
[2010/08/20 15:15:29 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\TuneUpMedia
[2010/08/20 15:18:57 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\vlc
[2010/01/01 13:10:28 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\WinRAR
 
[color=#A23BEC]< %APPDATA%\*.exe /s >[/color]
[2010/08/19 13:07:44 | 004,177,856 | ---- | M] () -- C:\Users\Riou Sébastien\AppData\Roaming\Azureus\plugins\azemp\vuzeplayer.exe
[2010/08/19 12:52:21 | 000,310,208 | ---- | M] (Georgia Institute of Technology) -- C:\Users\Riou Sébastien\AppData\Roaming\Azureus\plugins\mlab\ShaperProbeC.exe
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
 
 
[color=#A23BEC]< MD5 for: AGP440.SYS  >[/color]
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
 
[color=#A23BEC]< MD5 for: ATAPI.SYS  >[/color]
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
 
[color=#A23BEC]< MD5 for: CDROM.SYS  >[/color]
[2009/07/14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysWow64\DriverStore\FileRepository\cdrom.inf_amd64_neutral_8363d00ecae4322d\cdrom.sys
[2009/07/14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys
 
[color=#A23BEC]< MD5 for: CNGAUDIT.DLL  >[/color]
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
[color=#A23BEC]< MD5 for: DISK.SYS  >[/color]
[2009/07/14 03:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysWow64\DriverStore\FileRepository\disk.inf_amd64_neutral_10ce25bbc5a9cc43\disk.sys
[2009/07/14 03:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_55bb738b8ddd8a01\disk.sys
 
[color=#A23BEC]< MD5 for: IASTORV.SYS  >[/color]
[2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
[color=#A23BEC]< MD5 for: NDIS.SYS  >[/color]
[2009/07/14 03:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys
 
[color=#A23BEC]< MD5 for: NETLOGON.DLL  >[/color]
[2009/07/14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
[color=#A23BEC]< MD5 for: NVSTOR.SYS  >[/color]
[2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
 
[color=#A23BEC]< MD5 for: RASACD.SYS  >[/color]
[2009/07/14 02:10:09 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=5A0DA8AD5762FA2D91678A8A01311704 -- C:\Windows\winsxs\amd64_microsoft-windows-rasautodial_31bf3856ad364e35_6.1.7600.16385_none_6bcef05d7f04260a\rasacd.sys
 
[color=#A23BEC]< MD5 for: RDPWD.SYS  >[/color]
[2009/07/14 02:16:48 | 000,204,800 | ---- | M] (Microsoft Corporation) MD5=8A3E6BEA1C53EA6177FE2B6EBA2C80D7 -- C:\Windows\winsxs\amd64_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7600.16385_none_a76a79eeeeb38f01\rdpwd.sys
 
[color=#A23BEC]< MD5 for: SCECLI.DLL  >[/color]
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
 
[color=#A23BEC]< MD5 for: SFLOPPY.SYS  >[/color]
[2009/07/14 02:01:02 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=A9D601643A1647211A1EE2EC4E433FF4 -- C:\Windows\SysWow64\DriverStore\FileRepository\flpydisk.inf_amd64_neutral_f54222cc59267e1e\sfloppy.sys
[2009/07/14 02:01:02 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=A9D601643A1647211A1EE2EC4E433FF4 -- C:\Windows\winsxs\amd64_flpydisk.inf_31bf3856ad364e35_6.1.7600.16385_none_42ff01d4942cc5ea\sfloppy.sys
 
[color=#A23BEC]< MD5 for: TCPIP.SYS  >[/color]
[2010/06/14 08:39:16 | 001,889,152 | ---- | M] (Microsoft Corporation) MD5=542C6767C68C9D6AAACA59436B0D15C2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079\tcpip.sys
[2010/06/14 08:37:36 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59b7ad7fe2fcc8\tcpip.sys
[2009/07/14 03:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
 
[color=#A23BEC]< MD5 for: TDPIPE.SYS  >[/color]
[2009/07/14 02:16:32 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=3371D21011695B16333A3934340C4E7C -- C:\Windows\winsxs\amd64_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.1.7600.16385_none_37a129135e68497e\tdpipe.sys
 
[color=#A23BEC]< MD5 for: TDTCP.SYS  >[/color]
[2009/07/14 02:16:32 | 000,023,552 | ---- | M] (Microsoft Corporation) MD5=E4245BDA3190A582D55ED09E137401A9 -- C:\Windows\winsxs\amd64_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.1.7600.16385_none_37a129135e68497e\tdtcp.sys
 
[color=#A23BEC]< MD5 for: USBPRINT.SYS  >[/color]
[2009/07/14 02:38:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=73188F58FB384E75C4063D29413CEE3D -- C:\Windows\SysWow64\DriverStore\FileRepository\usbprint.inf_amd64_neutral_54948be2bc4bcdd1\usbprint.sys
[2009/07/14 02:38:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=73188F58FB384E75C4063D29413CEE3D -- C:\Windows\winsxs\amd64_usbprint.inf_31bf3856ad364e35_6.1.7600.16385_none_8eeeb411db1b01c5\usbprint.sys
 
[color=#A23BEC]< MD5 for: USBSCAN.SYS  >[/color]
[2009/07/14 02:35:32 | 000,041,984 | ---- | M] (Microsoft Corporation) MD5=AAA2513C8AED8B54B189FD0C6B1634C0 -- C:\Windows\SysWow64\DriverStore\FileRepository\sti.inf_amd64_neutral_9d9a7113099a28a2\usbscan.sys
[2009/07/14 02:35:32 | 000,041,984 | ---- | M] (Microsoft Corporation) MD5=AAA2513C8AED8B54B189FD0C6B1634C0 -- C:\Windows\winsxs\amd64_sti.inf_31bf3856ad364e35_6.1.7600.16385_none_b5d3c30ffa77a77a\usbscan.sys
 
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
 
[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
 
[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles  >[/color]

< End of report >
[2010/08/25 19:52:07 | 003,932,160 | -HS- | M] () -- C:\Users\Riou Sébastien\ntuser.dat
[2010/08/25 19:52:07 | 000,262,144 | -HS- | M] () -- C:\Users\Riou Sébastien\ntuser.dat.LOG1
[2010/08/25 19:17:34 | 000,000,000 | R--D | M] -- C:\Users\Riou Sébastien\Desktop
[2010/08/25 19:09:11 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Local\Temp
[2010/08/25 19:04:52 | 000,000,000 | R--D | M] -- C:\Users\Riou Sébastien\Downloads
[2010/08/25 19:04:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/25 19:02:52 | 001,291,340 | -H-- | M] () -- C:\Users\Riou Sébastien\AppData\Local\IconCache.db
[2010/08/25 19:01:08 | 000,000,322 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/08/25 19:00:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox
[2010/08/25 18:58:22 | 000,033,570 | ---- | M] () -- C:\ProgramData\lxedscan.log
[2010/08/25 18:58:20 | 000,001,078 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/25 18:58:15 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/25 18:42:04 | 000,000,216 | -H-- | M] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2010/08/25 18:14:07 | 000,001,082 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/25 11:33:16 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Riou Sébastien\Desktop\OTL.exe
[2010/08/24 14:54:21 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Malwarebytes
[2010/08/24 14:54:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/08/24 14:54:17 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/24 14:54:14 | 000,000,000 | ---D | M] -- C:\ProgramData\Malwarebytes
[2010/08/24 14:32:05 | 000,363,520 | ---- | M] () -- C:\Users\Riou Sébastien\Desktop\rkill.com
[2010/08/23 23:39:54 | 000,000,000 | ---D | M] -- C:\ProgramData\3ef1bc1
[2010/08/23 18:49:42 | 001,084,416 | ---- | M] () -- C:\Users\Riou Sébastien\AppData\Local\43278680.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzaf.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzae.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzad.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzac.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzab.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzaa.exe
[2010/08/23 14:11:24 | 000,000,000 | R--D | M] -- C:\Users\Riou Sébastien\Videos
[2010/08/20 15:18:57 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\vlc
[2010/08/20 15:15:29 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\TuneUpMedia
[2010/08/20 15:15:03 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Mozilla
[2010/08/20 15:14:56 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Local\VirtualStore
[2010/08/19 13:12:48 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\dvdcss
[2010/08/19 13:12:10 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Azureus
[2010/08/19 12:53:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\TuneUpMedia

[2010/08/19 12:53:02 | 000,000,000 | ---D | M] -- C:\ProgramData\TuneUpMedia
[2010/08/19 12:53:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\iTunes
[2010/08/19 12:52:43 | 000,000,000 | R--D | M] -- C:\Users\Riou Sébastien\Documents
[2010/08/19 12:51:34 | 000,001,852 | ---- | M] () -- C:\Users\Riou Sébastien\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2010/08/19 12:51:34 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[2010/08/19 12:51:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Vuze
[2010/08/19 12:51:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Vuze_Remote
[2010/08/19 12:51:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Conduit
[2010/08/19 12:48:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\BitTorrent
[2010/08/19 12:48:45 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\BitTorrent
[2010/08/16 17:59:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2010/08/15 20:15:10 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Skype
[2010/08/15 20:02:13 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\skypePM
[2010/08/09 08:09:20 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Local\Diagnostics
[2010/08/09 08:09:19 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Local\Microsoft
[2010/08/07 18:11:51 | 000,000,000 | R--D | M] -- C:\Users\Riou Sébastien\Searches
[2010/08/07 18:11:51 | 000,000,000 | R--D | M] -- C:\Users\Riou Sébastien\Saved Games
[2010/08/07 18:11:51 | 000,000,000 | R--D | M] -- C:\Users\Riou Sébastien\Pictures
[2010/08/07 18:11:51 | 000,000,000 | R--D | M] -- C:\Users\Riou Sébastien\Music
[2010/08/07 18:11:51 | 000,000,000 | R--D | M] -- C:\Users\Riou Sébastien\Links
[2010/08/07 18:11:51 | 000,000,000 | R--D | M] -- C:\Users\Riou Sébastien\Favorites
[2010/08/07 18:11:51 | 000,000,000 | R--D | M] -- C:\Users\Riou Sébastien\Contacts
[2010/07/28 22:40:16 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Local\Zylom Games
[2010/07/07 16:14:10 | 000,028,130 | ---- | M] () -- C:\ProgramData\lxedJSW.log
[2010/06/30 23:09:40 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2010/04/23 16:24:21 | 000,141,248 | ---- | M] () -- C:\Users\Riou Sébastien\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/04/05 12:28:38 | 000,000,252 | ---- | M] () -- C:\ProgramData\FastPics.log
[2010/04/05 12:20:00 | 000,000,077 | ---- | M] () -- C:\ProgramData\lxed.log
[2010/04/05 12:01:34 | 000,000,000 | ---- | M] () -- C:\ProgramData\cmn_upld.log
[2010/04/05 12:01:33 | 000,000,000 | ---- | M] () -- C:\ProgramData\LxWbGwLog.log
[2010/04/05 12:01:19 | 000,000,000 | ---- | M] () -- C:\ProgramData\UpdaterLog.txt
[2009/07/14 06:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
[1 C:\Users\Riou Sébastien\Desktop\*.tmp files -> C:\Users\Riou Sébastien\Desktop\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 7 Days ==========[/color]
 
[2010/08/25 19:52:29 | 003,932,160 | -HS- | M] () -- C:\Users\Riou Sébastien\ntuser.dat
[2010/08/25 19:04:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/25 19:03:47 | 1609,134,080 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/25 19:02:52 | 001,291,340 | -H-- | M] () -- C:\Users\Riou Sébastien\AppData\Local\IconCache.db
[2010/08/25 19:01:08 | 000,000,322 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/08/25 18:58:20 | 000,001,078 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/25 18:58:15 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/25 18:42:04 | 000,000,216 | -H-- | M] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2010/08/25 18:14:07 | 000,001,082 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/25 11:33:16 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Riou Sébastien\Desktop\OTL.exe
[2010/08/24 14:54:17 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/24 14:32:05 | 000,363,520 | ---- | M] () -- C:\Users\Riou Sébastien\Desktop\rkill.com
[2010/08/23 18:49:42 | 001,084,416 | ---- | M] () -- C:\Users\Riou Sébastien\AppData\Local\43278680.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzaf.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzae.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzad.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzac.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzab.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzaa.exe
[2010/08/19 12:51:34 | 000,001,852 | ---- | M] () -- C:\Users\Riou Sébastien\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2010/08/19 12:51:34 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[1 C:\Users\Riou Sébastien\Desktop\*.tmp files -> C:\Users\Riou Sébastien\Desktop\*.tmp -> ]
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2010/01/14 16:42:01 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\ArchiFacile
[2010/02/01 13:15:18 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Autodesk
[2010/08/19 13:12:10 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Azureus
[2010/08/19 12:48:45 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\BitTorrent
[2009/12/28 19:48:31 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\DAEMON Tools Lite
[2010/01/12 17:59:49 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Foxit
[2010/05/25 10:24:53 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Foxit Software
[2010/05/28 17:47:07 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\PDF Software
[2010/01/11 12:33:47 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Peace Craft
[2010/08/20 15:15:29 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\TuneUpMedia
[2010/07/05 12:13:54 | 000,032,496 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/08/25 19:01:08 | 000,000,322 | -H-- | M] () -- C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/08/25 18:42:04 | 000,000,216 | -H-- | M] () -- C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Custom Scans ==========[/color]
 
 
[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]
 
[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*. >[/color]
 
[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.exe /s >[/color]
 
[color=#A23BEC]< %APPDATA%\*. >[/color]
[2010/05/26 22:41:06 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Adobe
[2010/02/23 21:31:20 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Apple Computer
[2010/01/14 16:42:01 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\ArchiFacile
[2010/02/01 13:15:18 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Autodesk
[2010/08/19 13:12:10 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Azureus
[2010/08/19 12:48:45 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\BitTorrent
[2009/12/28 19:48:31 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\DAEMON Tools Lite
[2010/08/19 13:12:48 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\dvdcss
[2010/01/12 17:59:49 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Foxit
[2010/05/25 10:24:53 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Foxit Software
[2010/01/13 15:38:22 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Google
[2010/07/08 11:34:11 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Identities
[2010/01/03 16:18:29 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Macromedia
[2010/08/24 14:54:21 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Malwarebytes
[2009/07/14 17:35:05 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Media Center Programs
[2010/04/28 15:23:33 | 000,000,000 | --SD | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Microsoft
[2010/08/20 15:15:03 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Mozilla
[2009/12/28 20:25:42 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Nero
[2010/05/28 17:47:07 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\PDF Software
[2010/01/11 12:33:47 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Peace Craft
[2010/08/15 20:15:10 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Skype
[2010/08/15 20:02:13 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\skypePM
[2010/08/20 15:15:29 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\TuneUpMedia
[2010/08/20 15:18:57 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\vlc
[2010/01/01 13:10:28 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\WinRAR
 
[color=#A23BEC]< %APPDATA%\*.exe /s >[/color]
[2010/08/19 13:07:44 | 004,177,856 | ---- | M] () -- C:\Users\Riou Sébastien\AppData\Roaming\Azureus\plugins\azemp\vuzeplayer.exe
[2010/08/19 12:52:21 | 000,310,208 | ---- | M] (Georgia Institute of Technology) -- C:\Users\Riou Sébastien\AppData\Roaming\Azureus\plugins\mlab\ShaperProbeC.exe
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
 
 
[color=#A23BEC]< MD5 for: AGP440.SYS  >[/color]
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
 
[color=#A23BEC]< MD5 for: ATAPI.SYS  >[/color]
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
 
[color=#A23BEC]< MD5 for: CDROM.SYS  >[/color]
[2009/07/14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysWow64\DriverStore\FileRepository\cdrom.inf_amd64_neutral_8363d00ecae4322d\cdrom.sys
[2009/07/14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys
 
[color=#A23BEC]< MD5 for: CNGAUDIT.DLL  >[/color]
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
[color=#A23BEC]< MD5 for: DISK.SYS  >[/color]
[2009/07/14 03:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysWow64\DriverStore\FileRepository\disk.inf_amd64_neutral_10ce25bbc5a9cc43\disk.sys
[2009/07/14 03:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_55bb738b8ddd8a01\disk.sys
 
[color=#A23BEC]< MD5 for: IASTORV.SYS  >[/color]
[2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
[color=#A23BEC]< MD5 for: NDIS.SYS  >[/color]
[2009/07/14 03:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys
 
[color=#A23BEC]< MD5 for: NETLOGON.DLL  >[/color]
[2009/07/14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
[color=#A23BEC]< MD5 for: NVSTOR.SYS  >[/color]
[2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
 
[color=#A23BEC]< MD5 for: RASACD.SYS  >[/color]
[2009/07/14 02:10:09 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=5A0DA8AD5762FA2D91678A8A01311704 -- C:\Windows\winsxs\amd64_microsoft-windows-rasautodial_31bf3856ad364e35_6.1.7600.16385_none_6bcef05d7f04260a\rasacd.sys
 
[color=#A23BEC]< MD5 for: RDPWD.SYS  >[/color]
[2009/07/14 02:16:48 | 000,204,800 | ---- | M] (Microsoft Corporation) MD5=8A3E6BEA1C53EA6177FE2B6EBA2C80D7 -- C:\Windows\winsxs\amd64_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7600.16385_none_a76a79eeeeb38f01\rdpwd.sys
 
[color=#A23BEC]< MD5 for: SCECLI.DLL  >[/color]
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
 
[color=#A23BEC]< MD5 for: SFLOPPY.SYS  >[/color]
[2009/07/14 02:01:02 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=A9D601643A1647211A1EE2EC4E433FF4 -- C:\Windows\SysWow64\DriverStore\FileRepository\flpydisk.inf_amd64_neutral_f54222cc59267e1e\sfloppy.sys
[2009/07/14 02:01:02 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=A9D601643A1647211A1EE2EC4E433FF4 -- C:\Windows\winsxs\amd64_flpydisk.inf_31bf3856ad364e35_6.1.7600.16385_none_42ff01d4942cc5ea\sfloppy.sys
 
[color=#A23BEC]< MD5 for: TCPIP.SYS  >[/color]
[2010/06/14 08:39:16 | 001,889,152 | ---- | M] (Microsoft Corporation) MD5=542C6767C68C9D6AAACA59436B0D15C2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079\tcpip.sys
[2010/06/14 08:37:36 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59b7ad7fe2fcc8\tcpip.sys
[2009/07/14 03:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
 
[color=#A23BEC]< MD5 for: TDPIPE.SYS  >[/color]
[2009/07/14 02:16:32 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=3371D21011695B16333A3934340C4E7C -- C:\Windows\winsxs\amd64_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.1.7600.16385_none_37a129135e68497e\tdpipe.sys
 
[color=#A23BEC]< MD5 for: TDTCP.SYS  >[/color]
[2009/07/14 02:16:32 | 000,023,552 | ---- | M] (Microsoft Corporation) MD5=E4245BDA3190A582D55ED09E137401A9 -- C:\Windows\winsxs\amd64_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.1.7600.16385_none_37a129135e68497e\tdtcp.sys
 
[color=#A23BEC]< MD5 for: USBPRINT.SYS  >[/color]
[2009/07/14 02:38:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=73188F58FB384E75C4063D29413CEE3D -- C:\Windows\SysWow64\DriverStore\FileRepository\usbprint.inf_amd64_neutral_54948be2bc4bcdd1\usbprint.sys
[2009/07/14 02:38:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=73188F58FB384E75C4063D29413CEE3D -- C:\Windows\winsxs\amd64_usbprint.inf_31bf3856ad364e35_6.1.7600.16385_none_8eeeb411db1b01c5\usbprint.sys
 
[color=#A23BEC]< MD5 for: USBSCAN.SYS  >[/color]
[2009/07/14 02:35:32 | 000,041,984 | ---- | M] (Microsoft Corporation) MD5=AAA2513C8AED8B54B189FD0C6B1634C0 -- C:\Windows\SysWow64\DriverStore\FileRepository\sti.inf_amd64_neutral_9d9a7113099a28a2\usbscan.sys
[2009/07/14 02:35:32 | 000,041,984 | ---- | M] (Microsoft Corporation) MD5=AAA2513C8AED8B54B189FD0C6B1634C0 -- C:\Windows\winsxs\amd64_sti.inf_31bf3856ad364e35_6.1.7600.16385_none_b5d3c30ffa77a77a\usbscan.sys
 
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
 
[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
 
[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles  >[/color]

< End of report >
SRV:[b]64bit:[/b] - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV:[b]64bit:[/b] - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV:[b]64bit:[/b] - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV:[b]64bit:[/b] - (lxed_device) -- C:\Windows\SysNative\lxedcoms.exe ( )
SRV:[b]64bit:[/b] - (lxedCATSCustConnectService) -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxedserv.exe ()
SRV:[b]64bit:[/b] - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Macrovision Europe Ltd.)
SRV:[b]64bit:[/b] - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (NVIDIA Performance Driver Service) -- C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe ()
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (Application Updater) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (lxed_device) -- C:\Windows\SysWow64\lxedcoms.exe ( )
SRV - (MDM) -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2297721
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2E AA C4 DE F3 87 CA 01  [binary data]
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


Rapport divisé, suite
Code: Tout sélectionner
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "Google Powered Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:1.1.2
FF - prefs.js..extensions.enabledItems: radiobar@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.7.2.0
FF - prefs.js..keyword.URL: "http://fr.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=302398&p="
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/07/23 20:16:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/07/23 20:16:45 | 000,000,000 | ---D | M]
 
[2010/01/03 16:00:19 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\mozilla\Extensions
[2010/08/23 16:00:30 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\mozilla\Firefox\Profiles\xbzwzwe7.default\extensions
[2010/08/03 14:11:49 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Riou Sébastien\AppData\Roaming\mozilla\Firefox\Profiles\xbzwzwe7.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/08/19 12:51:10 | 000,000,000 | ---D | M] (Vuze Remote Toolbar) -- C:\Users\Riou Sébastien\AppData\Roaming\mozilla\Firefox\Profiles\xbzwzwe7.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2010/07/22 18:16:44 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\mozilla\Firefox\Profiles\xbzwzwe7.default\extensions\radiobar@toolbar
[2010/08/19 12:54:16 | 000,000,911 | ---- | M] () -- C:\Users\Riou Sébastien\AppData\Roaming\Mozilla\FireFox\Profiles\xbzwzwe7.default\searchplugins\conduit.xml
[2010/06/30 23:03:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/06/30 23:03:10 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/05/25 08:38:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/12 17:59:34 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2010/04/07 19:33:01 | 000,001,516 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/04/07 19:33:01 | 000,001,822 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/04/07 19:33:01 | 000,000,757 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/04/07 19:33:01 | 000,001,426 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/04/07 19:33:01 | 000,000,652 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-france.xml
 
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Lexmark Barre d'outils) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Lexmark Barre d'outils) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\..\Toolbar\WebBrowser: (Lexmark Barre d'outils) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000..\Run: [Metropolis] C:\Users\RIOUSB~1\AppData\Local\Temp\sshnas21.DLL File not found
O4 - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000..\Run: [XBV6RD5SZF] C:\Users\Riou Sébastien\AppData\Local\Temp\Ul1.exe (ApexDC++ Development Team)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000..\RunOnce: [43278680] C:\Users\Riou Sébastien\AppData\Local\43278680.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1ea19335-078e-11df-b2f0-001a6b7622c5}\Shell - "" = AutoRun
O33 - MountPoints2\{1ea19335-078e-11df-b2f0-001a6b7622c5}\Shell\AutoRun\command - "" = F:\WD SmartWare.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 7 Days ==========[/color]
 
[2010/08/25 11:33:10 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Riou Sébastien\Desktop\OTL.exe
[2010/08/25 11:15:19 | 000,194,560 | ---- | C] (ApexDC++ Development Team) -- C:\Windows\Umuzaf.exe
[2010/08/24 15:37:19 | 000,194,560 | ---- | C] (ApexDC++ Development Team) -- C:\Windows\Umuzae.exe
[2010/08/24 14:54:21 | 000,000,000 | ---D | C] -- C:\Users\Riou Sébastien\AppData\Roaming\Malwarebytes
[2010/08/24 14:54:15 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/08/24 14:54:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/08/24 14:54:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/08/24 14:27:36 | 000,194,560 | ---- | C] (ApexDC++ Development Team) -- C:\Windows\Umuzad.exe
[2010/08/23 23:39:54 | 000,000,000 | ---D | C] -- C:\ProgramData\3ef1bc1
[2010/08/23 23:38:12 | 000,194,560 | ---- | C] (ApexDC++ Development Team) -- C:\Windows\Umuzac.exe
[2010/08/23 23:10:15 | 000,194,560 | ---- | C] (ApexDC++ Development Team) -- C:\Windows\Umuzab.exe
[2010/08/23 22:54:16 | 000,194,560 | ---- | C] (ApexDC++ Development Team) -- C:\Windows\Umuzaa.exe
[2010/08/19 12:52:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUpMedia
[2010/08/19 12:52:48 | 000,000,000 | ---D | C] -- C:\Users\Riou Sébastien\AppData\Roaming\TuneUpMedia
[2010/08/19 12:52:45 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUpMedia
[2010/08/19 12:52:43 | 000,000,000 | ---D | C] -- C:\Users\Riou Sébastien\Documents\Vuze Downloads
[2010/08/19 12:51:49 | 000,000,000 | ---D | C] -- C:\Users\Riou Sébastien\AppData\Roaming\Azureus
[2010/08/19 12:51:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vuze
[2010/08/19 12:51:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2010/08/19 12:51:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vuze_Remote
[2010/04/05 12:06:38 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedinpa.dll
[2010/04/05 12:06:38 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lxediesc.dll
[2010/04/05 12:06:37 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedserv.dll
[2010/04/05 12:06:37 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedusb1.dll
[2010/04/05 12:06:37 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedcomc.dll
[2010/04/05 12:06:37 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedhbn3.dll
[2010/04/05 12:06:37 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedpmui.dll
[2010/04/05 12:06:37 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedlmpm.dll
[2010/04/05 12:06:37 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedcomm.dll
[1 C:\Users\Riou Sébastien\Desktop\*.tmp files -> C:\Users\Riou Sébastien\Desktop\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 7 Days ==========[/color]
 
[2010/08/25 19:59:00 | 003,932,160 | -HS- | M] () -- C:\Users\Riou Sébastien\ntuser.dat
[2010/08/25 19:04:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/25 19:03:47 | 1609,134,080 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/25 19:02:52 | 001,291,340 | -H-- | M] () -- C:\Users\Riou Sébastien\AppData\Local\IconCache.db
[2010/08/25 19:01:08 | 000,000,322 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/08/25 18:58:20 | 000,001,078 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/25 18:58:15 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/25 18:42:04 | 000,000,216 | -H-- | M] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2010/08/25 18:14:07 | 000,001,082 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/25 11:33:16 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Riou Sébastien\Desktop\OTL.exe
[2010/08/24 14:54:17 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/24 14:32:05 | 000,363,520 | ---- | M] () -- C:\Users\Riou Sébastien\Desktop\rkill.com
[2010/08/23 18:49:42 | 001,084,416 | ---- | M] () -- C:\Users\Riou Sébastien\AppData\Local\43278680.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzaf.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzae.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzad.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzac.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzab.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzaa.exe
[2010/08/19 12:51:34 | 000,001,852 | ---- | M] () -- C:\Users\Riou Sébastien\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2010/08/19 12:51:34 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[1 C:\Users\Riou Sébastien\Desktop\*.tmp files -> C:\Users\Riou Sébastien\Desktop\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2010/08/24 14:54:17 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/24 14:32:03 | 000,363,520 | ---- | C] () -- C:\Users\Riou Sébastien\Desktop\rkill.com
[2010/08/23 18:49:42 | 001,084,416 | ---- | C] () -- C:\Users\Riou Sébastien\AppData\Local\43278680.exe
[2010/08/23 18:48:29 | 000,000,322 | -H-- | C] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/08/23 18:48:22 | 000,000,216 | -H-- | C] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2010/08/19 12:51:34 | 000,001,852 | ---- | C] () -- C:\Users\Riou Sébastien\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2010/08/19 12:51:34 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\Vuze.lnk
[2010/06/30 23:09:40 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/04/05 12:28:59 | 000,028,130 | ---- | C] () -- C:\ProgramData\lxedJSW.log
[2010/04/05 12:28:38 | 000,000,252 | ---- | C] () -- C:\ProgramData\FastPics.log
[2010/04/05 12:20:00 | 000,000,077 | ---- | C] () -- C:\ProgramData\lxed.log
[2010/04/05 12:08:12 | 000,033,570 | ---- | C] () -- C:\ProgramData\lxedscan.log
[2010/04/05 12:06:38 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxedcomx.dll
[2010/04/05 12:06:38 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\LXEDinst.dll
[2010/04/05 12:06:38 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\lxedinsr.dll
[2010/04/05 12:06:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxedjswr.dll
[2010/04/05 12:06:38 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxedcur.dll
[2010/04/05 12:06:37 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxedins.dll
[2010/04/05 12:06:37 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxedinsb.dll
[2010/04/05 12:06:37 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxedcu.dll
[2010/04/05 12:06:37 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxedcub.dll
[2010/04/05 12:01:34 | 000,000,000 | ---- | C] () -- C:\ProgramData\cmn_upld.log
[2010/04/05 12:01:33 | 000,000,000 | ---- | C] () -- C:\ProgramData\LxWbGwLog.log
[2010/04/05 12:01:19 | 000,000,000 | ---- | C] () -- C:\ProgramData\UpdaterLog.txt
[2010/04/05 12:01:04 | 000,024,064 | ---- | C] () -- C:\Windows\SysWow64\LXEDsmr.dll
[2010/04/05 12:01:03 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\LXEDsm.dll
[2009/12/27 18:03:45 | 001,503,232 | ---- | C] () -- C:\Windows\SysWow64\nView.dll
[2009/12/27 18:03:45 | 001,101,824 | ---- | C] () -- C:\Windows\SysWow64\nvwimg.dll
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2010/01/14 16:42:01 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\ArchiFacile
[2010/02/01 13:15:18 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Autodesk
[2010/08/19 13:12:10 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Azureus
[2010/08/19 12:48:45 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\BitTorrent
[2009/12/28 19:48:31 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\DAEMON Tools Lite
[2010/01/12 17:59:49 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Foxit
[2010/05/25 10:24:53 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Foxit Software
[2010/05/28 17:47:07 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\PDF Software
[2010/01/11 12:33:47 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Peace Craft
[2010/08/20 15:15:29 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\TuneUpMedia
[2010/07/05 12:13:54 | 000,032,496 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/08/25 19:01:08 | 000,000,322 | -H-- | M] () -- C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/08/25 18:42:04 | 000,000,216 | -H-- | M] () -- C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
[color=#E56717]========== Custom Scans ==========[/color]
 
 
[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]
 
[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*. >[/color]
 
[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.exe /s >[/color]
 
[color=#A23BEC]< %APPDATA%\*. >[/color]
[2010/05/26 22:41:06 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Adobe
[2010/02/23 21:31:20 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Apple Computer
[2010/01/14 16:42:01 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\ArchiFacile
[2010/02/01 13:15:18 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Autodesk
[2010/08/19 13:12:10 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Azureus
[2010/08/19 12:48:45 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\BitTorrent
[2009/12/28 19:48:31 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\DAEMON Tools Lite
[2010/08/19 13:12:48 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\dvdcss
[2010/01/12 17:59:49 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Foxit
[2010/05/25 10:24:53 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Foxit Software
[2010/01/13 15:38:22 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Google
[2010/07/08 11:34:11 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Identities
[2010/01/03 16:18:29 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Macromedia
[2010/08/24 14:54:21 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Malwarebytes
[2009/07/14 17:35:05 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Media Center Programs
[2010/04/28 15:23:33 | 000,000,000 | --SD | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Microsoft
[2010/08/20 15:15:03 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Mozilla
[2009/12/28 20:25:42 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Nero
[2010/05/28 17:47:07 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\PDF Software
[2010/01/11 12:33:47 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Peace Craft
[2010/08/15 20:15:10 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Skype
[2010/08/15 20:02:13 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\skypePM
[2010/08/20 15:15:29 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\TuneUpMedia
[2010/08/20 15:18:57 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\vlc
[2010/01/01 13:10:28 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\WinRAR
 
[color=#A23BEC]< %APPDATA%\*.exe /s >[/color]
[2010/08/19 13:07:44 | 004,177,856 | ---- | M] () -- C:\Users\Riou Sébastien\AppData\Roaming\Azureus\plugins\azemp\vuzeplayer.exe
[2010/08/19 12:52:21 | 000,310,208 | ---- | M] (Georgia Institute of Technology) -- C:\Users\Riou Sébastien\AppData\Roaming\Azureus\plugins\mlab\ShaperProbeC.exe
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
 
 
[color=#A23BEC]< MD5 for: AGP440.SYS  >[/color]
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
 
[color=#A23BEC]< MD5 for: ATAPI.SYS  >[/color]
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
 
[color=#A23BEC]< MD5 for: CDROM.SYS  >[/color]
[2009/07/14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysWow64\DriverStore\FileRepository\cdrom.inf_amd64_neutral_8363d00ecae4322d\cdrom.sys
[2009/07/14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys


Rapport divisé, suite :
Code: Tout sélectionner
[color=#A23BEC]< MD5 for: CNGAUDIT.DLL  >[/color]
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
[color=#A23BEC]< MD5 for: DISK.SYS  >[/color]
[2009/07/14 03:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysWow64\DriverStore\FileRepository\disk.inf_amd64_neutral_10ce25bbc5a9cc43\disk.sys
[2009/07/14 03:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_55bb738b8ddd8a01\disk.sys
 
[color=#A23BEC]< MD5 for: IASTORV.SYS  >[/color]
[2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
[color=#A23BEC]< MD5 for: NDIS.SYS  >[/color]
[2009/07/14 03:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys
 
[color=#A23BEC]< MD5 for: NETLOGON.DLL  >[/color]
[2009/07/14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
[color=#A23BEC]< MD5 for: NVSTOR.SYS  >[/color]
[2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
 
[color=#A23BEC]< MD5 for: RASACD.SYS  >[/color]
[2009/07/14 02:10:09 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=5A0DA8AD5762FA2D91678A8A01311704 -- C:\Windows\winsxs\amd64_microsoft-windows-rasautodial_31bf3856ad364e35_6.1.7600.16385_none_6bcef05d7f04260a\rasacd.sys
 
[color=#A23BEC]< MD5 for: RDPWD.SYS  >[/color]
[2009/07/14 02:16:48 | 000,204,800 | ---- | M] (Microsoft Corporation) MD5=8A3E6BEA1C53EA6177FE2B6EBA2C80D7 -- C:\Windows\winsxs\amd64_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7600.16385_none_a76a79eeeeb38f01\rdpwd.sys
 
[color=#A23BEC]< MD5 for: SCECLI.DLL  >[/color]
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
 
[color=#A23BEC]< MD5 for: SFLOPPY.SYS  >[/color]
[2009/07/14 02:01:02 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=A9D601643A1647211A1EE2EC4E433FF4 -- C:\Windows\SysWow64\DriverStore\FileRepository\flpydisk.inf_amd64_neutral_f54222cc59267e1e\sfloppy.sys
[2009/07/14 02:01:02 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=A9D601643A1647211A1EE2EC4E433FF4 -- C:\Windows\winsxs\amd64_flpydisk.inf_31bf3856ad364e35_6.1.7600.16385_none_42ff01d4942cc5ea\sfloppy.sys
 
[color=#A23BEC]< MD5 for: TCPIP.SYS  >[/color]
[2010/06/14 08:39:16 | 001,889,152 | ---- | M] (Microsoft Corporation) MD5=542C6767C68C9D6AAACA59436B0D15C2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079\tcpip.sys
[2010/06/14 08:37:36 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59b7ad7fe2fcc8\tcpip.sys
[2009/07/14 03:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
 
[color=#A23BEC]< MD5 for: TDPIPE.SYS  >[/color]
[2009/07/14 02:16:32 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=3371D21011695B16333A3934340C4E7C -- C:\Windows\winsxs\amd64_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.1.7600.16385_none_37a129135e68497e\tdpipe.sys
 
[color=#A23BEC]< MD5 for: TDTCP.SYS  >[/color]
[2009/07/14 02:16:32 | 000,023,552 | ---- | M] (Microsoft Corporation) MD5=E4245BDA3190A582D55ED09E137401A9 -- C:\Windows\winsxs\amd64_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.1.7600.16385_none_37a129135e68497e\tdtcp.sys
 
[color=#A23BEC]< MD5 for: USBPRINT.SYS  >[/color]
[2009/07/14 02:38:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=73188F58FB384E75C4063D29413CEE3D -- C:\Windows\SysWow64\DriverStore\FileRepository\usbprint.inf_amd64_neutral_54948be2bc4bcdd1\usbprint.sys
[2009/07/14 02:38:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=73188F58FB384E75C4063D29413CEE3D -- C:\Windows\winsxs\amd64_usbprint.inf_31bf3856ad364e35_6.1.7600.16385_none_8eeeb411db1b01c5\usbprint.sys
 
[color=#A23BEC]< MD5 for: USBSCAN.SYS  >[/color]
[2009/07/14 02:35:32 | 000,041,984 | ---- | M] (Microsoft Corporation) MD5=AAA2513C8AED8B54B189FD0C6B1634C0 -- C:\Windows\SysWow64\DriverStore\FileRepository\sti.inf_amd64_neutral_9d9a7113099a28a2\usbscan.sys
[2009/07/14 02:35:32 | 000,041,984 | ---- | M] (Microsoft Corporation) MD5=AAA2513C8AED8B54B189FD0C6B1634C0 -- C:\Windows\winsxs\amd64_sti.inf_31bf3856ad364e35_6.1.7600.16385_none_b5d3c30ffa77a77a\usbscan.sys
 
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
 
[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
 
[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles  >[/color]

< End of report >
[2010/08/19 12:54:16 | 000,000,911 | ---- | M] () -- C:\Users\Riou Sébastien\AppData\Roaming\Mozilla\FireFox\Profiles\xbzwzwe7.default\searchplugins\conduit.xml
[2010/06/30 23:03:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/06/30 23:03:10 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/05/25 08:38:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/12 17:59:34 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2010/04/07 19:33:01 | 000,001,516 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/04/07 19:33:01 | 000,001,822 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/04/07 19:33:01 | 000,000,757 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/04/07 19:33:01 | 000,001,426 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/04/07 19:33:01 | 000,000,652 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-france.xml
 
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Lexmark Barre d'outils) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Lexmark Barre d'outils) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
SRV:[b]64bit:[/b] - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV:[b]64bit:[/b] - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV:[b]64bit:[/b] - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV:[b]64bit:[/b] - (lxed_device) -- C:\Windows\SysNative\lxedcoms.exe ( )
SRV:[b]64bit:[/b] - (lxedCATSCustConnectService) -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxedserv.exe ()
SRV:[b]64bit:[/b] - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Macrovision Europe Ltd.)
SRV:[b]64bit:[/b] - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (NVIDIA Performance Driver Service) -- C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe ()
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (Application Updater) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (lxed_device) -- C:\Windows\SysWow64\lxedcoms.exe ( )
SRV - (MDM) -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2297721
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2E AA C4 DE F3 87 CA 01  [binary data]
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "Google Powered Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:1.1.2
FF - prefs.js..extensions.enabledItems: radiobar@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.7.2.0
FF - prefs.js..keyword.URL: "http://fr.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=302398&p="
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/07/23 20:16:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/07/23 20:16:45 | 000,000,000 | ---D | M]
 
[2010/01/03 16:00:19 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\mozilla\Extensions
[2010/08/23 16:00:30 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\mozilla\Firefox\Profiles\xbzwzwe7.default\extensions
[2010/08/03 14:11:49 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Riou Sébastien\AppData\Roaming\mozilla\Firefox\Profiles\xbzwzwe7.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/08/19 12:51:10 | 000,000,000 | ---D | M] (Vuze Remote Toolbar) -- C:\Users\Riou Sébastien\AppData\Roaming\mozilla\Firefox\Profiles\xbzwzwe7.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2010/07/22 18:16:44 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\mozilla\Firefox\Profiles\xbzwzwe7.default\extensions\radiobar@toolbar
[2010/08/19 12:54:16 | 000,000,911 | ---- | M] () -- C:\Users\Riou Sébastien\AppData\Roaming\Mozilla\FireFox\Profiles\xbzwzwe7.default\searchplugins\conduit.xml
[2010/06/30 23:03:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/06/30 23:03:10 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/05/25 08:38:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/12 17:59:34 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2010/04/07 19:33:01 | 000,001,516 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/04/07 19:33:01 | 000,001,822 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/04/07 19:33:01 | 000,000,757 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/04/07 19:33:01 | 000,001,426 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/04/07 19:33:01 | 000,000,652 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-france.xml
 
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Lexmark Barre d'outils) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Lexmark Barre d'outils) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\..\Toolbar\WebBrowser: (Lexmark Barre d'outils) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000..\Run: [Metropolis] C:\Users\RIOUSB~1\AppData\Local\Temp\sshnas21.DLL File not found
O4 - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000..\Run: [XBV6RD5SZF] C:\Users\Riou Sébastien\AppData\Local\Temp\Ul1.exe (ApexDC++ Development Team)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000..\RunOnce: [43278680] C:\Users\Riou Sébastien\AppData\Local\43278680.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1ea19335-078e-11df-b2f0-001a6b7622c5}\Shell - "" = AutoRun
O33 - MountPoints2\{1ea19335-078e-11df-b2f0-001a6b7622c5}\Shell\AutoRun\command - "" = F:\WD SmartWare.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 7 Days ==========[/color]
 
[2010/08/25 11:33:10 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Riou Sébastien\Desktop\OTL.exe
[2010/08/25 11:15:19 | 000,194,560 | ---- | C] (ApexDC++ Development Team) -- C:\Windows\Umuzaf.exe
[2010/08/24 15:37:19 | 000,194,560 | ---- | C] (ApexDC++ Development Team) -- C:\Windows\Umuzae.exe
[2010/08/24 14:54:21 | 000,000,000 | ---D | C] -- C:\Users\Riou Sébastien\AppData\Roaming\Malwarebytes
[2010/08/24 14:54:15 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/08/24 14:54:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/08/24 14:54:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/08/24 14:27:36 | 000,194,560 | ---- | C] (ApexDC++ Development Team) -- C:\Windows\Umuzad.exe
[2010/08/23 23:39:54 | 000,000,000 | ---D | C] -- C:\ProgramData\3ef1bc1
[2010/08/23 23:38:12 | 000,194,560 | ---- | C] (ApexDC++ Development Team) -- C:\Windows\Umuzac.exe
[2010/08/23 23:10:15 | 000,194,560 | ---- | C] (ApexDC++ Development Team) -- C:\Windows\Umuzab.exe
[2010/08/23 22:54:16 | 000,194,560 | ---- | C] (ApexDC++ Development Team) -- C:\Windows\Umuzaa.exe
[2010/08/19 12:52:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUpMedia
[2010/08/19 12:52:48 | 000,000,000 | ---D | C] -- C:\Users\Riou Sébastien\AppData\Roaming\TuneUpMedia
[2010/08/19 12:52:45 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUpMedia
[2010/08/19 12:52:43 | 000,000,000 | ---D | C] -- C:\Users\Riou Sébastien\Documents\Vuze Downloads
[2010/08/19 12:51:49 | 000,000,000 | ---D | C] -- C:\Users\Riou Sébastien\AppData\Roaming\Azureus
[2010/08/19 12:51:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vuze
[2010/08/19 12:51:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2010/08/19 12:51:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vuze_Remote
[2010/04/05 12:06:38 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedinpa.dll
[2010/04/05 12:06:38 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lxediesc.dll
[2010/04/05 12:06:37 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedserv.dll
[2010/04/05 12:06:37 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedusb1.dll
[2010/04/05 12:06:37 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedcomc.dll
[2010/04/05 12:06:37 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedhbn3.dll
[2010/04/05 12:06:37 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedpmui.dll
[2010/04/05 12:06:37 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedlmpm.dll
[2010/04/05 12:06:37 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedcomm.dll
[1 C:\Users\Riou Sébastien\Desktop\*.tmp files -> C:\Users\Riou Sébastien\Desktop\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 7 Days ==========[/color]
 
[2010/08/25 20:37:13 | 003,932,160 | -HS- | M] () -- C:\Users\Riou Sébastien\ntuser.dat
[2010/08/25 19:04:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/25 19:03:47 | 1609,134,080 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/25 19:02:52 | 001,291,340 | -H-- | M] () -- C:\Users\Riou Sébastien\AppData\Local\IconCache.db
[2010/08/25 19:01:08 | 000,000,322 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/08/25 18:58:20 | 000,001,078 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/25 18:58:15 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/25 18:42:04 | 000,000,216 | -H-- | M] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2010/08/25 18:14:07 | 000,001,082 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/25 11:33:16 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Riou Sébastien\Desktop\OTL.exe
[2010/08/24 14:54:17 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/24 14:32:05 | 000,363,520 | ---- | M] () -- C:\Users\Riou Sébastien\Desktop\rkill.com
[2010/08/23 18:49:42 | 001,084,416 | ---- | M] () -- C:\Users\Riou Sébastien\AppData\Local\43278680.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzaf.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzae.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzad.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzac.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzab.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzaa.exe
[2010/08/19 12:51:34 | 000,001,852 | ---- | M] () -- C:\Users\Riou Sébastien\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2010/08/19 12:51:34 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[1 C:\Users\Riou Sébastien\Desktop\*.tmp files -> C:\Users\Riou Sébastien\Desktop\*.tmp -> ]


Rapport divisé, suite :
Code: Tout sélectionner
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2010/08/24 14:54:17 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/24 14:32:03 | 000,363,520 | ---- | C] () -- C:\Users\Riou Sébastien\Desktop\rkill.com
[2010/08/23 18:49:42 | 001,084,416 | ---- | C] () -- C:\Users\Riou Sébastien\AppData\Local\43278680.exe
[2010/08/23 18:48:29 | 000,000,322 | -H-- | C] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/08/23 18:48:22 | 000,000,216 | -H-- | C] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2010/08/19 12:51:34 | 000,001,852 | ---- | C] () -- C:\Users\Riou Sébastien\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2010/08/19 12:51:34 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\Vuze.lnk
[2010/06/30 23:09:40 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/04/05 12:28:59 | 000,028,130 | ---- | C] () -- C:\ProgramData\lxedJSW.log
[2010/04/05 12:28:38 | 000,000,252 | ---- | C] () -- C:\ProgramData\FastPics.log
[2010/04/05 12:20:00 | 000,000,077 | ---- | C] () -- C:\ProgramData\lxed.log
[2010/04/05 12:08:12 | 000,033,570 | ---- | C] () -- C:\ProgramData\lxedscan.log
[2010/04/05 12:06:38 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxedcomx.dll
[2010/04/05 12:06:38 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\LXEDinst.dll
[2010/04/05 12:06:38 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\lxedinsr.dll
[2010/04/05 12:06:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxedjswr.dll
[2010/04/05 12:06:38 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxedcur.dll
[2010/04/05 12:06:37 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxedins.dll
[2010/04/05 12:06:37 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxedinsb.dll
[2010/04/05 12:06:37 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxedcu.dll
[2010/04/05 12:06:37 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxedcub.dll
[2010/04/05 12:01:34 | 000,000,000 | ---- | C] () -- C:\ProgramData\cmn_upld.log
[2010/04/05 12:01:33 | 000,000,000 | ---- | C] () -- C:\ProgramData\LxWbGwLog.log
[2010/04/05 12:01:19 | 000,000,000 | ---- | C] () -- C:\ProgramData\UpdaterLog.txt
[2010/04/05 12:01:04 | 000,024,064 | ---- | C] () -- C:\Windows\SysWow64\LXEDsmr.dll
[2010/04/05 12:01:03 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\LXEDsm.dll
[2009/12/27 18:03:45 | 001,503,232 | ---- | C] () -- C:\Windows\SysWow64\nView.dll
[2009/12/27 18:03:45 | 001,101,824 | ---- | C] () -- C:\Windows\SysWow64\nvwimg.dll
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2010/01/14 16:42:01 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\ArchiFacile
[2010/02/01 13:15:18 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Autodesk
[2010/08/19 13:12:10 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Azureus
[2010/08/19 12:48:45 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\BitTorrent
[2009/12/28 19:48:31 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\DAEMON Tools Lite
[2010/01/12 17:59:49 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Foxit
[2010/05/25 10:24:53 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Foxit Software
[2010/05/28 17:47:07 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\PDF Software
[2010/01/11 12:33:47 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Peace Craft
[2010/08/20 15:15:29 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\TuneUpMedia
[2010/07/05 12:13:54 | 000,032,496 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/08/25 19:01:08 | 000,000,322 | -H-- | M] () -- C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/08/25 18:42:04 | 000,000,216 | -H-- | M] () -- C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Custom Scans ==========[/color]
 
 
[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]
 
[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*. >[/color]
 
[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.exe /s >[/color]
 
[color=#A23BEC]< %APPDATA%\*. >[/color]
[2010/05/26 22:41:06 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Adobe
[2010/02/23 21:31:20 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Apple Computer
[2010/01/14 16:42:01 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\ArchiFacile
[2010/02/01 13:15:18 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Autodesk
[2010/08/19 13:12:10 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Azureus
[2010/08/19 12:48:45 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\BitTorrent
[2009/12/28 19:48:31 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\DAEMON Tools Lite
[2010/08/19 13:12:48 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\dvdcss
[2010/01/12 17:59:49 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Foxit
[2010/05/25 10:24:53 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Foxit Software
[2010/01/13 15:38:22 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Google
[2010/07/08 11:34:11 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Identities
[2010/01/03 16:18:29 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Macromedia
[2010/08/24 14:54:21 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Malwarebytes
[2009/07/14 17:35:05 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Media Center Programs
[2010/04/28 15:23:33 | 000,000,000 | --SD | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Microsoft
[2010/08/20 15:15:03 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Mozilla
[2009/12/28 20:25:42 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Nero
[2010/05/28 17:47:07 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\PDF Software
[2010/01/11 12:33:47 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Peace Craft
[2010/08/15 20:15:10 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Skype
[2010/08/15 20:02:13 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\skypePM
[2010/08/20 15:15:29 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\TuneUpMedia
[2010/08/20 15:18:57 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\vlc
[2010/01/01 13:10:28 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\WinRAR
 
[color=#A23BEC]< %APPDATA%\*.exe /s >[/color]
[2010/08/19 13:07:44 | 004,177,856 | ---- | M] () -- C:\Users\Riou Sébastien\AppData\Roaming\Azureus\plugins\azemp\vuzeplayer.exe
[2010/08/19 12:52:21 | 000,310,208 | ---- | M] (Georgia Institute of Technology) -- C:\Users\Riou Sébastien\AppData\Roaming\Azureus\plugins\mlab\ShaperProbeC.exe
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
 
 
[color=#A23BEC]< MD5 for: AGP440.SYS  >[/color]
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
 
[color=#A23BEC]< MD5 for: ATAPI.SYS  >[/color]
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
 
[color=#A23BEC]< MD5 for: CDROM.SYS  >[/color]
[2009/07/14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysWow64\DriverStore\FileRepository\cdrom.inf_amd64_neutral_8363d00ecae4322d\cdrom.sys
[2009/07/14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys
 
[color=#A23BEC]< MD5 for: CNGAUDIT.DLL  >[/color]
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
[color=#A23BEC]< MD5 for: DISK.SYS  >[/color]
[2009/07/14 03:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysWow64\DriverStore\FileRepository\disk.inf_amd64_neutral_10ce25bbc5a9cc43\disk.sys
[2009/07/14 03:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_55bb738b8ddd8a01\disk.sys
 
[color=#A23BEC]< MD5 for: IASTORV.SYS  >[/color]
[2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
[color=#A23BEC]< MD5 for: NDIS.SYS  >[/color]
[2009/07/14 03:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys
 
[color=#A23BEC]< MD5 for: NETLOGON.DLL  >[/color]
[2009/07/14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
[color=#A23BEC]< MD5 for: NVSTOR.SYS  >[/color]
[2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
 
[color=#A23BEC]< MD5 for: RASACD.SYS  >[/color]
[2009/07/14 02:10:09 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=5A0DA8AD5762FA2D91678A8A01311704 -- C:\Windows\winsxs\amd64_microsoft-windows-rasautodial_31bf3856ad364e35_6.1.7600.16385_none_6bcef05d7f04260a\rasacd.sys
 
[color=#A23BEC]< MD5 for: RDPWD.SYS  >[/color]
[2009/07/14 02:16:48 | 000,204,800 | ---- | M] (Microsoft Corporation) MD5=8A3E6BEA1C53EA6177FE2B6EBA2C80D7 -- C:\Windows\winsxs\amd64_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7600.16385_none_a76a79eeeeb38f01\rdpwd.sys
 
[color=#A23BEC]< MD5 for: SCECLI.DLL  >[/color]
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
 
[color=#A23BEC]< MD5 for: SFLOPPY.SYS  >[/color]
[2009/07/14 02:01:02 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=A9D601643A1647211A1EE2EC4E433FF4 -- C:\Windows\SysWow64\DriverStore\FileRepository\flpydisk.inf_amd64_neutral_f54222cc59267e1e\sfloppy.sys
[2009/07/14 02:01:02 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=A9D601643A1647211A1EE2EC4E433FF4 -- C:\Windows\winsxs\amd64_flpydisk.inf_31bf3856ad364e35_6.1.7600.16385_none_42ff01d4942cc5ea\sfloppy.sys
 
[color=#A23BEC]< MD5 for: TCPIP.SYS  >[/color]
[2010/06/14 08:39:16 | 001,889,152 | ---- | M] (Microsoft Corporation) MD5=542C6767C68C9D6AAACA59436B0D15C2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079\tcpip.sys
[2010/06/14 08:37:36 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59b7ad7fe2fcc8\tcpip.sys
[2009/07/14 03:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
 
[color=#A23BEC]< MD5 for: TDPIPE.SYS  >[/color]
[2009/07/14 02:16:32 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=3371D21011695B16333A3934340C4E7C -- C:\Windows\winsxs\amd64_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.1.7600.16385_none_37a129135e68497e\tdpipe.sys
 
[color=#A23BEC]< MD5 for: TDTCP.SYS  >[/color]
[2009/07/14 02:16:32 | 000,023,552 | ---- | M] (Microsoft Corporation) MD5=E4245BDA3190A582D55ED09E137401A9 -- C:\Windows\winsxs\amd64_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.1.7600.16385_none_37a129135e68497e\tdtcp.sys
 
[color=#A23BEC]< MD5 for: USBPRINT.SYS  >[/color]
[2009/07/14 02:38:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=73188F58FB384E75C4063D29413CEE3D -- C:\Windows\SysWow64\DriverStore\FileRepository\usbprint.inf_amd64_neutral_54948be2bc4bcdd1\usbprint.sys
[2009/07/14 02:38:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=73188F58FB384E75C4063D29413CEE3D -- C:\Windows\winsxs\amd64_usbprint.inf_31bf3856ad364e35_6.1.7600.16385_none_8eeeb411db1b01c5\usbprint.sys
 
[color=#A23BEC]< MD5 for: USBSCAN.SYS  >[/color]
[2009/07/14 02:35:32 | 000,041,984 | ---- | M] (Microsoft Corporation) MD5=AAA2513C8AED8B54B189FD0C6B1634C0 -- C:\Windows\SysWow64\DriverStore\FileRepository\sti.inf_amd64_neutral_9d9a7113099a28a2\usbscan.sys
[2009/07/14 02:35:32 | 000,041,984 | ---- | M] (Microsoft Corporation) MD5=AAA2513C8AED8B54B189FD0C6B1634C0 -- C:\Windows\winsxs\amd64_sti.inf_31bf3856ad364e35_6.1.7600.16385_none_b5d3c30ffa77a77a\usbscan.sys
 
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
 
[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
 
[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles  >[/color]

< End of report >
SRV:[b]64bit:[/b] - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV:[b]64bit:[/b] - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV:[b]64bit:[/b] - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV:[b]64bit:[/b] - (lxed_device) -- C:\Windows\SysNative\lxedcoms.exe ( )
SRV:[b]64bit:[/b] - (lxedCATSCustConnectService) -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxedserv.exe ()
SRV:[b]64bit:[/b] - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Macrovision Europe Ltd.)
SRV:[b]64bit:[/b] - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (NVIDIA Performance Driver Service) -- C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe ()
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (Application Updater) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (lxed_device) -- C:\Windows\SysWow64\lxedcoms.exe ( )
SRV - (MDM) -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2297721
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2E AA C4 DE F3 87 CA 01  [binary data]
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "Google Powered Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:1.1.2
FF - prefs.js..extensions.enabledItems: radiobar@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.7.2.0
FF - prefs.js..keyword.URL: "http://fr.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=302398&p="
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/07/23 20:16:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/07/23 20:16:45 | 000,000,000 | ---D | M]
 
[2010/01/03 16:00:19 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\mozilla\Extensions
[2010/08/23 16:00:30 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\mozilla\Firefox\Profiles\xbzwzwe7.default\extensions
[2010/08/03 14:11:49 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Riou Sébastien\AppData\Roaming\mozilla\Firefox\Profiles\xbzwzwe7.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/08/19 12:51:10 | 000,000,000 | ---D | M] (Vuze Remote Toolbar) -- C:\Users\Riou Sébastien\AppData\Roaming\mozilla\Firefox\Profiles\xbzwzwe7.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2010/07/22 18:16:44 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\mozilla\Firefox\Profiles\xbzwzwe7.default\extensions\radiobar@toolbar
[2010/08/19 12:54:16 | 000,000,911 | ---- | M] () -- C:\Users\Riou Sébastien\AppData\Roaming\Mozilla\FireFox\Profiles\xbzwzwe7.default\searchplugins\conduit.xml
[2010/06/30 23:03:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/06/30 23:03:10 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/05/25 08:38:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/12 17:59:34 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2010/04/07 19:33:01 | 000,001,516 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/04/07 19:33:01 | 000,001,822 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/04/07 19:33:01 | 000,000,757 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/04/07 19:33:01 | 000,001,426 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/04/07 19:33:01 | 000,000,652 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-france.xml
 
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Lexmark Barre d'outils) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Lexmark Barre d'outils) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\..\Toolbar\WebBrowser: (Lexmark Barre d'outils) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000..\Run: [Metropolis] C:\Users\RIOUSB~1\AppData\Local\Temp\sshnas21.DLL File not found
O4 - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000..\Run: [XBV6RD5SZF] C:\Users\Riou Sébastien\AppData\Local\Temp\Ul1.exe (ApexDC++ Development Team)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000..\RunOnce: [43278680] C:\Users\Riou Sébastien\AppData\Local\43278680.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1ea19335-078e-11df-b2f0-001a6b7622c5}\Shell - "" = AutoRun
O33 - MountPoints2\{1ea19335-078e-11df-b2f0-001a6b7622c5}\Shell\AutoRun\command - "" = F:\WD SmartWare.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 7 Days ==========[/color]
 
[2010/08/25 11:33:10 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Riou Sébastien\Desktop\OTL.exe
[2010/08/25 11:15:19 | 000,194,560 | ---- | C] (ApexDC++ Development Team) -- C:\Windows\Umuzaf.exe
[2010/08/24 15:37:19 | 000,194,560 | ---- | C] (ApexDC++ Development Team) -- C:\Windows\Umuzae.exe
[2010/08/24 14:54:21 | 000,000,000 | ---D | C] -- C:\Users\Riou Sébastien\AppData\Roaming\Malwarebytes
[2010/08/24 14:54:15 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/08/24 14:54:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/08/24 14:54:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/08/24 14:27:36 | 000,194,560 | ---- | C] (ApexDC++ Development Team) -- C:\Windows\Umuzad.exe
[2010/08/23 23:39:54 | 000,000,000 | ---D | C] -- C:\ProgramData\3ef1bc1
[2010/08/23 23:38:12 | 000,194,560 | ---- | C] (ApexDC++ Development Team) -- C:\Windows\Umuzac.exe
[2010/08/23 23:10:15 | 000,194,560 | ---- | C] (ApexDC++ Development Team) -- C:\Windows\Umuzab.exe
[2010/08/23 22:54:16 | 000,194,560 | ---- | C] (ApexDC++ Development Team) -- C:\Windows\Umuzaa.exe
[2010/08/19 12:52:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUpMedia
[2010/08/19 12:52:48 | 000,000,000 | ---D | C] -- C:\Users\Riou Sébastien\AppData\Roaming\TuneUpMedia
[2010/08/19 12:52:45 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUpMedia
[2010/08/19 12:52:43 | 000,000,000 | ---D | C] -- C:\Users\Riou Sébastien\Documents\Vuze Downloads
[2010/08/19 12:51:49 | 000,000,000 | ---D | C] -- C:\Users\Riou Sébastien\AppData\Roaming\Azureus
[2010/08/19 12:51:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vuze
[2010/08/19 12:51:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2010/08/19 12:51:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vuze_Remote
[2010/04/05 12:06:38 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedinpa.dll
[2010/04/05 12:06:38 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lxediesc.dll
[2010/04/05 12:06:37 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedserv.dll
[2010/04/05 12:06:37 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedusb1.dll
[2010/04/05 12:06:37 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedcomc.dll
[2010/04/05 12:06:37 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedhbn3.dll
[2010/04/05 12:06:37 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedpmui.dll
[2010/04/05 12:06:37 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedlmpm.dll
[2010/04/05 12:06:37 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedcomm.dll
[1 C:\Users\Riou Sébastien\Desktop\*.tmp files -> C:\Users\Riou Sébastien\Desktop\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 7 Days ==========[/color]
 
[2010/08/25 20:43:58 | 003,932,160 | -HS- | M] () -- C:\Users\Riou Sébastien\ntuser.dat
[2010/08/25 19:04:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/25 19:03:47 | 1609,134,080 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/25 19:02:52 | 001,291,340 | -H-- | M] () -- C:\Users\Riou Sébastien\AppData\Local\IconCache.db
[2010/08/25 19:01:08 | 000,000,322 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/08/25 18:58:20 | 000,001,078 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/25 18:58:15 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/25 18:42:04 | 000,000,216 | -H-- | M] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2010/08/25 18:14:07 | 000,001,082 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/25 11:33:16 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Riou Sébastien\Desktop\OTL.exe
[2010/08/24 14:54:17 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/24 14:32:05 | 000,363,520 | ---- | M] () -- C:\Users\Riou Sébastien\Desktop\rkill.com
[2010/08/23 18:49:42 | 001,084,416 | ---- | M] () -- C:\Users\Riou Sébastien\AppData\Local\43278680.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzaf.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzae.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzad.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzac.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzab.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzaa.exe
[2010/08/19 12:51:34 | 000,001,852 | ---- | M] () -- C:\Users\Riou Sébastien\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2010/08/19 12:51:34 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[1 C:\Users\Riou Sébastien\Desktop\*.tmp files -> C:\Users\Riou Sébastien\Desktop\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2010/08/24 14:54:17 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/24 14:32:03 | 000,363,520 | ---- | C] () -- C:\Users\Riou Sébastien\Desktop\rkill.com
[2010/08/23 18:49:42 | 001,084,416 | ---- | C] () -- C:\Users\Riou Sébastien\AppData\Local\43278680.exe
[2010/08/23 18:48:29 | 000,000,322 | -H-- | C] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/08/23 18:48:22 | 000,000,216 | -H-- | C] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2010/08/19 12:51:34 | 000,001,852 | ---- | C] () -- C:\Users\Riou Sébastien\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2010/08/19 12:51:34 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\Vuze.lnk
[2010/06/30 23:09:40 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/04/05 12:28:59 | 000,028,130 | ---- | C] () -- C:\ProgramData\lxedJSW.log
[2010/04/05 12:28:38 | 000,000,252 | ---- | C] () -- C:\ProgramData\FastPics.log
[2010/04/05 12:20:00 | 000,000,077 | ---- | C] () -- C:\ProgramData\lxed.log
[2010/04/05 12:08:12 | 000,033,570 | ---- | C] () -- C:\ProgramData\lxedscan.log
[2010/04/05 12:06:38 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxedcomx.dll
[2010/04/05 12:06:38 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\LXEDinst.dll
[2010/04/05 12:06:38 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\lxedinsr.dll
[2010/04/05 12:06:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxedjswr.dll
[2010/04/05 12:06:38 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxedcur.dll
[2010/04/05 12:06:37 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxedins.dll
[2010/04/05 12:06:37 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxedinsb.dll
[2010/04/05 12:06:37 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxedcu.dll
[2010/04/05 12:06:37 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxedcub.dll
[2010/04/05 12:01:34 | 000,000,000 | ---- | C] () -- C:\ProgramData\cmn_upld.log
[2010/04/05 12:01:33 | 000,000,000 | ---- | C] () -- C:\ProgramData\LxWbGwLog.log
[2010/04/05 12:01:19 | 000,000,000 | ---- | C] () -- C:\ProgramData\UpdaterLog.txt
[2010/04/05 12:01:04 | 000,024,064 | ---- | C] () -- C:\Windows\SysWow64\LXEDsmr.dll
[2010/04/05 12:01:03 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\LXEDsm.dll
[2009/12/27 18:03:45 | 001,503,232 | ---- | C] () -- C:\Windows\SysWow64\nView.dll
[2009/12/27 18:03:45 | 001,101,824 | ---- | C] () -- C:\Windows\SysWow64\nvwimg.dll
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2010/01/14 16:42:01 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\ArchiFacile
[2010/02/01 13:15:18 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Autodesk
[2010/08/19 13:12:10 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Azureus
[2010/08/19 12:48:45 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\BitTorrent
[2009/12/28 19:48:31 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\DAEMON Tools Lite
[2010/01/12 17:59:49 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Foxit
[2010/05/25 10:24:53 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Foxit Software
[2010/05/28 17:47:07 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\PDF Software
[2010/01/11 12:33:47 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Peace Craft
[2010/08/20 15:15:29 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\TuneUpMedia
[2010/07/05 12:13:54 | 000,032,496 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/08/25 19:01:08 | 000,000,322 | -H-- | M] () -- C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/08/25 18:42:04 | 000,000,216 | -H-- | M] () -- C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Custom Scans ==========[/color]
 
 
[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]
 
[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*. >[/color]
 
[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.exe /s >[/color]
 
[color=#A23BEC]< %APPDATA%\*. >[/color]
[2010/05/26 22:41:06 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Adobe
[2010/02/23 21:31:20 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Apple Computer
[2010/01/14 16:42:01 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\ArchiFacile
[2010/02/01 13:15:18 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Autodesk
[2010/08/19 13:12:10 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Azureus
[2010/08/19 12:48:45 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\BitTorrent
[2009/12/28 19:48:31 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\DAEMON Tools Lite
[2010/08/19 13:12:48 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\dvdcss
[2010/01/12 17:59:49 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Foxit
[2010/05/25 10:24:53 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Foxit Software
[2010/01/13 15:38:22 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Google
[2010/07/08 11:34:11 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Identities
[2010/01/03 16:18:29 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Macromedia
[2010/08/24 14:54:21 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Malwarebytes
[2009/07/14 17:35:05 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Media Center Programs
[2010/04/28 15:23:33 | 000,000,000 | --SD | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Microsoft
[2010/08/20 15:15:03 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Mozilla
[2009/12/28 20:25:42 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Nero
[2010/05/28 17:47:07 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\PDF Software
[2010/01/11 12:33:47 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Peace Craft
[2010/08/15 20:15:10 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Skype
[2010/08/15 20:02:13 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\skypePM
[2010/08/20 15:15:29 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\TuneUpMedia
[2010/08/20 15:18:57 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\vlc
[2010/01/01 13:10:28 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\WinRAR
 
[color=#A23BEC]< %APPDATA%\*.exe /s >[/color]
[2010/08/19 13:07:44 | 004,177,856 | ---- | M] () -- C:\Users\Riou Sébastien\AppData\Roaming\Azureus\plugins\azemp\vuzeplayer.exe
[2010/08/19 12:52:21 | 000,310,208 | ---- | M] (Georgia Institute of Technology) -- C:\Users\Riou Sébastien\AppData\Roaming\Azureus\plugins\mlab\ShaperProbeC.exe
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
 
 
[color=#A23BEC]< MD5 for: AGP440.SYS  >[/color]
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
 
[color=#A23BEC]< MD5 for: ATAPI.SYS  >[/color]
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
 
[color=#A23BEC]< MD5 for: CDROM.SYS  >[/color]
[2009/07/14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysWow64\DriverStore\FileRepository\cdrom.inf_amd64_neutral_8363d00ecae4322d\cdrom.sys
[2009/07/14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys
 
[color=#A23BEC]< MD5 for: CNGAUDIT.DLL  >[/color]
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
[color=#A23BEC]< MD5 for: DISK.SYS  >[/color]
[2009/07/14 03:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysWow64\DriverStore\FileRepository\disk.inf_amd64_neutral_10ce25bbc5a9cc43\disk.sys
[2009/07/14 03:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_55bb738b8ddd8a01\disk.sys
 
[color=#A23BEC]< MD5 for: IASTORV.SYS  >[/color]
[2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
[color=#A23BEC]< MD5 for: NDIS.SYS  >[/color]
[2009/07/14 03:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys
 
[color=#A23BEC]< MD5 for: NETLOGON.DLL  >[/color]
[2009/07/14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
[color=#A23BEC]< MD5 for: NVSTOR.SYS  >[/color]
[2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
 
[color=#A23BEC]< MD5 for: RASACD.SYS  >[/color]
[2009/07/14 02:10:09 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=5A0DA8AD5762FA2D91678A8A01311704 -- C:\Windows\winsxs\amd64_microsoft-windows-rasautodial_31bf3856ad364e35_6.1.7600.16385_none_6bcef05d7f04260a\rasacd.sys
 
[color=#A23BEC]< MD5 for: RDPWD.SYS  >[/color]
[2009/07/14 02:16:48 | 000,204,800 | ---- | M] (Microsoft Corporation) MD5=8A3E6BEA1C53EA6177FE2B6EBA2C80D7 -- C:\Windows\winsxs\amd64_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7600.16385_none_a76a79eeeeb38f01\rdpwd.sys
 
[color=#A23BEC]< MD5 for: SCECLI.DLL  >[/color]
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
 
[color=#A23BEC]< MD5 for: SFLOPPY.SYS  >[/color]
[2009/07/14 02:01:02 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=A9D601643A1647211A1EE2EC4E433FF4 -- C:\Windows\SysWow64\DriverStore\FileRepository\flpydisk.inf_amd64_neutral_f54222cc59267e1e\sfloppy.sys
[2009/07/14 02:01:02 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=A9D601643A1647211A1EE2EC4E433FF4 -- C:\Windows\winsxs\amd64_flpydisk.inf_31bf3856ad364e35_6.1.7600.16385_none_42ff01d4942cc5ea\sfloppy.sys
 
[color=#A23BEC]< MD5 for: TCPIP.SYS  >[/color]
[2010/06/14 08:39:16 | 001,889,152 | ---- | M] (Microsoft Corporation) MD5=542C6767C68C9D6AAACA59436B0D15C2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079\tcpip.sys
[2010/06/14 08:37:36 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59b7ad7fe2fcc8\tcpip.sys
[2009/07/14 03:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
 
[color=#A23BEC]< MD5 for: TDPIPE.SYS  >[/color]
[2009/07/14 02:16:32 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=3371D21011695B16333A3934340C4E7C -- C:\Windows\winsxs\amd64_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.1.7600.16385_none_37a129135e68497e\tdpipe.sys
 
[color=#A23BEC]< MD5 for: TDTCP.SYS  >[/color]
[2009/07/14 02:16:32 | 000,023,552 | ---- | M] (Microsoft Corporation) MD5=E4245BDA3190A582D55ED09E137401A9 -- C:\Windows\winsxs\amd64_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.1.7600.16385_none_37a129135e68497e\tdtcp.sys
 
[color=#A23BEC]< MD5 for: USBPRINT.SYS  >[/color]
[2009/07/14 02:38:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=73188F58FB384E75C4063D29413CEE3D -- C:\Windows\SysWow64\DriverStore\FileRepository\usbprint.inf_amd64_neutral_54948be2bc4bcdd1\usbprint.sys
[2009/07/14 02:38:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=73188F58FB384E75C4063D29413CEE3D -- C:\Windows\winsxs\amd64_usbprint.inf_31bf3856ad364e35_6.1.7600.16385_none_8eeeb411db1b01c5\usbprint.sys
 
[color=#A23BEC]< MD5 for: USBSCAN.SYS  >[/color]
[2009/07/14 02:35:32 | 000,041,984 | ---- | M] (Microsoft Corporation) MD5=AAA2513C8AED8B54B189FD0C6B1634C0 -- C:\Windows\SysWow64\DriverStore\FileRepository\sti.inf_amd64_neutral_9d9a7113099a28a2\usbscan.sys
[2009/07/14 02:35:32 | 000,041,984 | ---- | M] (Microsoft Corporation) MD5=AAA2513C8AED8B54B189FD0C6B1634C0 -- C:\Windows\winsxs\amd64_sti.inf_31bf3856ad364e35_6.1.7600.16385_none_b5d3c30ffa77a77a\usbscan.sys
 
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
 
[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
 
[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles  >[/color]

< End of report >
SRV:[b]64bit:[/b] - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV:[b]64bit:[/b] - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV:[b]64bit:[/b] - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV:[b]64bit:[/b] - (lxed_device) -- C:\Windows\SysNative\lxedcoms.exe ( )
SRV:[b]64bit:[/b] - (lxedCATSCustConnectService) -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxedserv.exe ()
SRV:[b]64bit:[/b] - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Macrovision Europe Ltd.)
SRV:[b]64bit:[/b] - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (NVIDIA Performance Driver Service) -- C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe ()
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (Application Updater) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (lxed_device) -- C:\Windows\SysWow64\lxedcoms.exe ( )
SRV - (MDM) -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2297721
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2E AA C4 DE F3 87 CA 01  [binary data]
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "Google Powered Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:1.1.2
FF - prefs.js..extensions.enabledItems: radiobar@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.7.2.0
FF - prefs.js..keyword.URL: "http://fr.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=302398&p="
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/07/23 20:16:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/07/23 20:16:45 | 000,000,000 | ---D | M]
 
[2010/01/03 16:00:19 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\mozilla\Extensions
[2010/08/23 16:00:30 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\mozilla\Firefox\Profiles\xbzwzwe7.default\extensions
[2010/08/03 14:11:49 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Riou Sébastien\AppData\Roaming\mozilla\Firefox\Profiles\xbzwzwe7.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/08/19 12:51:10 | 000,000,000 | ---D | M] (Vuze Remote Toolbar) -- C:\Users\Riou Sébastien\AppData\Roaming\mozilla\Firefox\Profiles\xbzwzwe7.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2010/07/22 18:16:44 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\mozilla\Firefox\Profiles\xbzwzwe7.default\extensions\radiobar@toolbar
[2010/08/19 12:54:16 | 000,000,911 | ---- | M] () -- C:\Users\Riou Sébastien\AppData\Roaming\Mozilla\FireFox\Profiles\xbzwzwe7.default\searchplugins\conduit.xml
[2010/06/30 23:03:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/06/30 23:03:10 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/05/25 08:38:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/12 17:59:34 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2010/04/07 19:33:01 | 000,001,516 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/04/07 19:33:01 | 000,001,822 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/04/07 19:33:01 | 000,000,757 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/04/07 19:33:01 | 000,001,426 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/04/07 19:33:01 | 000,000,652 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-france.xml
 
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Lexmark Barre d'outils) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Lexmark Barre d'outils) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\..\Toolbar\WebBrowser: (Lexmark Barre d'outils) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000..\Run: [Metropolis] C:\Users\RIOUSB~1\AppData\Local\Temp\sshnas21.DLL File not found
O4 - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000..\Run: [XBV6RD5SZF] C:\Users\Riou Sébastien\AppData\Local\Temp\Ul1.exe (ApexDC++ Development Team)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000..\RunOnce: [43278680] C:\Users\Riou Sébastien\AppData\Local\43278680.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1ea19335-078e-11df-b2f0-001a6b7622c5}\Shell - "" = AutoRun
O33 - MountPoints2\{1ea19335-078e-11df-b2f0-001a6b7622c5}\Shell\AutoRun\command - "" = F:\WD SmartWare.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 7 Days ==========[/color]
 
[2010/08/25 11:33:10 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Riou Sébastien\Desktop\OTL.exe
[2010/08/25 11:15:19 | 000,194,560 | ---- | C] (ApexDC++ Development Team) -- C:\Windows\Umuzaf.exe
[2010/08/24 15:37:19 | 000,194,560 | ---- | C] (ApexDC++ Development Team) -- C:\Windows\Umuzae.exe
[2010/08/24 14:54:21 | 000,000,000 | ---D | C] -- C:\Users\Riou Sébastien\AppData\Roaming\Malwarebytes
[2010/08/24 14:54:15 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/08/24 14:54:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/08/24 14:54:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/08/24 14:27:36 | 000,194,560 | ---- | C] (ApexDC++ Development Team) -- C:\Windows\Umuzad.exe
[2010/08/23 23:39:54 | 000,000,000 | ---D | C] -- C:\ProgramData\3ef1bc1
[2010/08/23 23:38:12 | 000,194,560 | ---- | C] (ApexDC++ Development Team) -- C:\Windows\Umuzac.exe
[2010/08/23 23:10:15 | 000,194,560 | ---- | C] (ApexDC++ Development Team) -- C:\Windows\Umuzab.exe
[2010/08/23 22:54:16 | 000,194,560 | ---- | C] (ApexDC++ Development Team) -- C:\Windows\Umuzaa.exe
[2010/08/19 12:52:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUpMedia
[2010/08/19 12:52:48 | 000,000,000 | ---D | C] -- C:\Users\Riou Sébastien\AppData\Roaming\TuneUpMedia
[2010/08/19 12:52:45 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUpMedia
[2010/08/19 12:52:43 | 000,000,000 | ---D | C] -- C:\Users\Riou Sébastien\Documents\Vuze Downloads
[2010/08/19 12:51:49 | 000,000,000 | ---D | C] -- C:\Users\Riou Sébastien\AppData\Roaming\Azureus
[2010/08/19 12:51:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vuze
[2010/08/19 12:51:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2010/08/19 12:51:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vuze_Remote
[2010/04/05 12:06:38 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedinpa.dll
[2010/04/05 12:06:38 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lxediesc.dll
[2010/04/05 12:06:37 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedserv.dll
[2010/04/05 12:06:37 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedusb1.dll
[2010/04/05 12:06:37 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedcomc.dll
[2010/04/05 12:06:37 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedhbn3.dll
[2010/04/05 12:06:37 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedpmui.dll
[2010/04/05 12:06:37 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedlmpm.dll
[2010/04/05 12:06:37 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedcomm.dll
[1 C:\Users\Riou Sébastien\Desktop\*.tmp files -> C:\Users\Riou Sébastien\Desktop\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 7 Days ==========[/color]
 
[2010/08/25 20:50:40 | 003,932,160 | -HS- | M] () -- C:\Users\Riou Sébastien\ntuser.dat
[2010/08/25 19:04:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/25 19:03:47 | 1609,134,080 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/25 19:02:52 | 001,291,340 | -H-- | M] () -- C:\Users\Riou Sébastien\AppData\Local\IconCache.db
[2010/08/25 19:01:08 | 000,000,322 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/08/25 18:58:20 | 000,001,078 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/25 18:58:15 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/25 18:42:04 | 000,000,216 | -H-- | M] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2010/08/25 18:14:07 | 000,001,082 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/25 11:33:16 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Riou Sébastien\Desktop\OTL.exe
[2010/08/24 14:54:17 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/24 14:32:05 | 000,363,520 | ---- | M] () -- C:\Users\Riou Sébastien\Desktop\rkill.com
[2010/08/23 18:49:42 | 001,084,416 | ---- | M] () -- C:\Users\Riou Sébastien\AppData\Local\43278680.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzaf.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzae.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzad.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzac.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzab.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzaa.exe
[2010/08/19 12:51:34 | 000,001,852 | ---- | M] () -- C:\Users\Riou Sébastien\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2010/08/19 12:51:34 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[1 C:\Users\Riou Sébastien\Desktop\*.tmp files -> C:\Users\Riou Sébastien\Desktop\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2010/08/24 14:54:17 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/24 14:32:03 | 000,363,520 | ---- | C] () -- C:\Users\Riou Sébastien\Desktop\rkill.com
[2010/08/23 18:49:42 | 001,084,416 | ---- | C] () -- C:\Users\Riou Sébastien\AppData\Local\43278680.exe
[2010/08/23 18:48:29 | 000,000,322 | -H-- | C] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/08/23 18:48:22 | 000,000,216 | -H-- | C] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2010/08/19 12:51:34 | 000,001,852 | ---- | C] () -- C:\Users\Riou Sébastien\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2010/08/19 12:51:34 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\Vuze.lnk
[2010/06/30 23:09:40 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/04/05 12:28:59 | 000,028,130 | ---- | C] () -- C:\ProgramData\lxedJSW.log
[2010/04/05 12:28:38 | 000,000,252 | ---- | C] () -- C:\ProgramData\FastPics.log
[2010/04/05 12:20:00 | 000,000,077 | ---- | C] () -- C:\ProgramData\lxed.log
[2010/04/05 12:08:12 | 000,033,570 | ---- | C] () -- C:\ProgramData\lxedscan.log
[2010/04/05 12:06:38 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxedcomx.dll
[2010/04/05 12:06:38 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\LXEDinst.dll
[2010/04/05 12:06:38 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\lxedinsr.dll
[2010/04/05 12:06:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxedjswr.dll
[2010/04/05 12:06:38 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxedcur.dll
[2010/04/05 12:06:37 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxedins.dll
[2010/04/05 12:06:37 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxedinsb.dll
[2010/04/05 12:06:37 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxedcu.dll
[2010/04/05 12:06:37 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxedcub.dll
[2010/04/05 12:01:34 | 000,000,000 | ---- | C] () -- C:\ProgramData\cmn_upld.log
[2010/04/05 12:01:33 | 000,000,000 | ---- | C] () -- C:\ProgramData\LxWbGwLog.log
[2010/04/05 12:01:19 | 000,000,000 | ---- | C] () -- C:\ProgramData\UpdaterLog.txt
[2010/04/05 12:01:04 | 000,024,064 | ---- | C] () -- C:\Windows\SysWow64\LXEDsmr.dll
[2010/04/05 12:01:03 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\LXEDsm.dll
[2009/12/27 18:03:45 | 001,503,232 | ---- | C] () -- C:\Windows\SysWow64\nView.dll
[2009/12/27 18:03:45 | 001,101,824 | ---- | C] () -- C:\Windows\SysWow64\nvwimg.dll
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2010/01/14 16:42:01 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\ArchiFacile
[2010/02/01 13:15:18 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Autodesk
[2010/08/19 13:12:10 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Azureus
[2010/08/19 12:48:45 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\BitTorrent
[2009/12/28 19:48:31 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\DAEMON Tools Lite
[2010/01/12 17:59:49 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Foxit
[2010/05/25 10:24:53 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Foxit Software
[2010/05/28 17:47:07 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\PDF Software
[2010/01/11 12:33:47 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Peace Craft
[2010/08/20 15:15:29 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\TuneUpMedia
[2010/07/05 12:13:54 | 000,032,496 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/08/25 19:01:08 | 000,000,322 | -H-- | M] () -- C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/08/25 18:42:04 | 000,000,216 | -H-- | M] () -- C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Custom Scans ==========[/color]
 
 
[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]
 
[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*. >[/color]
 
[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.exe /s >[/color]
 
[color=#A23BEC]< %APPDATA%\*. >[/color]
[2010/05/26 22:41:06 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Adobe
[2010/02/23 21:31:20 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Apple Computer
[2010/01/14 16:42:01 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\ArchiFacile
[2010/02/01 13:15:18 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Autodesk
[2010/08/19 13:12:10 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Azureus
[2010/08/19 12:48:45 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\BitTorrent
[2009/12/28 19:48:31 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\DAEMON Tools Lite
[2010/08/19 13:12:48 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\dvdcss
[2010/01/12 17:59:49 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Foxit
[2010/05/25 10:24:53 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Foxit Software
[2010/01/13 15:38:22 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Google
[2010/07/08 11:34:11 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Identities
[2010/01/03 16:18:29 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Macromedia
[2010/08/24 14:54:21 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Malwarebytes
[2009/07/14 17:35:05 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Media Center Programs
[2010/04/28 15:23:33 | 000,000,000 | --SD | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Microsoft
[2010/08/20 15:15:03 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Mozilla
[2009/12/28 20:25:42 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Nero
[2010/05/28 17:47:07 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\PDF Software
[2010/01/11 12:33:47 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Peace Craft
[2010/08/15 20:15:10 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Skype
[2010/08/15 20:02:13 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\skypePM
[2010/08/20 15:15:29 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\TuneUpMedia
[2010/08/20 15:18:57 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\vlc
[2010/01/01 13:10:28 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\WinRAR
 
[color=#A23BEC]< %APPDATA%\*.exe /s >[/color]
[2010/08/19 13:07:44 | 004,177,856 | ---- | M] () -- C:\Users\Riou Sébastien\AppData\Roaming\Azureus\plugins\azemp\vuzeplayer.exe
[2010/08/19 12:52:21 | 000,310,208 | ---- | M] (Georgia Institute of Technology) -- C:\Users\Riou Sébastien\AppData\Roaming\Azureus\plugins\mlab\ShaperProbeC.exe
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
 
 
[color=#A23BEC]< MD5 for: AGP440.SYS  >[/color]
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
 
[color=#A23BEC]< MD5 for: ATAPI.SYS  >[/color]
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
 
[color=#A23BEC]< MD5 for: CDROM.SYS  >[/color]
[2009/07/14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysWow64\DriverStore\FileRepository\cdrom.inf_amd64_neutral_8363d00ecae4322d\cdrom.sys
[2009/07/14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys
 
[color=#A23BEC]< MD5 for: CNGAUDIT.DLL  >[/color]
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
[color=#A23BEC]< MD5 for: DISK.SYS  >[/color]
[2009/07/14 03:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysWow64\DriverStore\FileRepository\disk.inf_amd64_neutral_10ce25bbc5a9cc43\disk.sys
[2009/07/14 03:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_55bb738b8ddd8a01\disk.sys
 
[color=#A23BEC]< MD5 for: IASTORV.SYS  >[/color]
[2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
[color=#A23BEC]< MD5 for: NDIS.SYS  >[/color]
[2009/07/14 03:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys
 
[color=#A23BEC]< MD5 for: NETLOGON.DLL  >[/color]
[2009/07/14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
[color=#A23BEC]< MD5 for: NVSTOR.SYS  >[/color]
[2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
 
[color=#A23BEC]< MD5 for: RASACD.SYS  >[/color]
[2009/07/14 02:10:09 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=5A0DA8AD5762FA2D91678A8A01311704 -- C:\Windows\winsxs\amd64_microsoft-windows-rasautodial_31bf3856ad364e35_6.1.7600.16385_none_6bcef05d7f04260a\rasacd.sys
 
[color=#A23BEC]< MD5 for: RDPWD.SYS  >[/color]
[2009/07/14 02:16:48 | 000,204,800 | ---- | M] (Microsoft Corporation) MD5=8A3E6BEA1C53EA6177FE2B6EBA2C80D7 -- C:\Windows\winsxs\amd64_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7600.16385_none_a76a79eeeeb38f01\rdpwd.sys
 
[color=#A23BEC]< MD5 for: SCECLI.DLL  >[/color]
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
 
[color=#A23BEC]< MD5 for: SFLOPPY.SYS  >[/color]
[2009/07/14 02:01:02 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=A9D601643A1647211A1EE2EC4E433FF4 -- C:\Windows\SysWow64\DriverStore\FileRepository\flpydisk.inf_amd64_neutral_f54222cc59267e1e\sfloppy.sys
[2009/07/14 02:01:02 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=A9D601643A1647211A1EE2EC4E433FF4 -- C:\Windows\winsxs\amd64_flpydisk.inf_31bf3856ad364e35_6.1.7600.16385_none_42ff01d4942cc5ea\sfloppy.sys
 
[color=#A23BEC]< MD5 for: TCPIP.SYS  >[/color]
[2010/06/14 08:39:16 | 001,889,152 | ---- | M] (Microsoft Corporation) MD5=542C6767C68C9D6AAACA59436B0D15C2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079\tcpip.sys
[2010/06/14 08:37:36 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59b7ad7fe2fcc8\tcpip.sys
[2009/07/14 03:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
 
[color=#A23BEC]< MD5 for: TDPIPE.SYS  >[/color]
[2009/07/14 02:16:32 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=3371D21011695B16333A3934340C4E7C -- C:\Windows\winsxs\amd64_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.1.7600.16385_none_37a129135e68497e\tdpipe.sys
 
[color=#A23BEC]< MD5 for: TDTCP.SYS  >[/color]
[2009/07/14 02:16:32 | 000,023,552 | ---- | M] (Microsoft Corporation) MD5=E4245BDA3190A582D55ED09E137401A9 -- C:\Windows\winsxs\amd64_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.1.7600.16385_none_37a129135e68497e\tdtcp.sys
 
[color=#A23BEC]< MD5 for: USBPRINT.SYS  >[/color]
[2009/07/14 02:38:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=73188F58FB384E75C4063D29413CEE3D -- C:\Windows\SysWow64\DriverStore\FileRepository\usbprint.inf_amd64_neutral_54948be2bc4bcdd1\usbprint.sys
[2009/07/14 02:38:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=73188F58FB384E75C4063D29413CEE3D -- C:\Windows\winsxs\amd64_usbprint.inf_31bf3856ad364e35_6.1.7600.16385_none_8eeeb411db1b01c5\usbprint.sys
 
[color=#A23BEC]< MD5 for: USBSCAN.SYS  >[/color]
[2009/07/14 02:35:32 | 000,041,984 | ---- | M] (Microsoft Corporation) MD5=AAA2513C8AED8B54B189FD0C6B1634C0 -- C:\Windows\SysWow64\DriverStore\FileRepository\sti.inf_amd64_neutral_9d9a7113099a28a2\usbscan.sys
[2009/07/14 02:35:32 | 000,041,984 | ---- | M] (Microsoft Corporation) MD5=AAA2513C8AED8B54B189FD0C6B1634C0 -- C:\Windows\winsxs\amd64_sti.inf_31bf3856ad364e35_6.1.7600.16385_none_b5d3c30ffa77a77a\usbscan.sys
 
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
 
[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
 
[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles  >[/color]

< End of report>
Avatar de l'utilisateur
Skynet
Moderateur
Moderateur
 
Messages: 14807
Inscription: 19 Juil 2007 21:12
 

Suivante


Sujets similaires

Message [résolu] Appels indésirables
Bonsoir? J'ai besoin d'aide, je n'en peux plus, mon portable est sur liste rouge, j'ai plusieurs appels par jour, d'un cabinet de santé, "santénéa", ils demandent à parler à ma femme, qui est décédée en octobre 2022, je ne comprends pas le lien entre mon numéro de portable et ma femme. ? J ...
Réponses: 27

Message Problème USB 3 sur mini PC (SSD M2 externe)
Bonjour a tous, j'ai un problème sur un mini PC fonctionnant sur un Intel N100. Il y a 2 port usb2 et 2 ports usb3. Mon problème ? Il semble que certains perifériques ne fonctionnent pas correctement (en l'occurence, les boitiers externes pour SSD M2).Si le SSD M2 est connecté sur un USB3 j'obtiens ...
Réponses: 5

Message probleme avec le logiciel nvidia
Bonjour,Oui DDU est très efficace , on s'en sert surtout quand on change de fabricant de carte graphique de AMD vers Nvidia par exemple. Il nettoie tout.Bonne journée.
Réponses: 13

Message [Résolu] Récupération du dual boot
Bonjour,Pourriez-vous m'aider à remettre le dual boot" sur un pc portable HP modèle G7 1235 SF" qui a Windows 10 et Ubuntu 24.04 que j'ai installé dans " l'espace libre" du disque dur mais au démarrage c'est Ubuntu qui est démarre directement, comment faire ?J'aurai voulu garder ...
Réponses: 13

Message [Réglé] probleme windows update recherche sans fin
Salut tout le monde depuis quelques jours lorsque je clique sur Windows update et recherche de mise à jour en cours cela se mets en recherche sans fin voir ma capture écran Rien n'y fait, j'ai beau exécuter l'utilitaire de dépannage Windows update rien n'y fait? Il me détecte en effet un incident, m ...
Réponses: 14

Message [résolu] Inscris à l'insu de mon plein gré
Bonjour J'ai un souci, qui m'énerve vraiment, ma fille m'a réglé une smart TV, pour que le Chromecast intégré fonctionne elle m'a créé un compte sur google. Presque sur chaque site, j'ai ceci :Sur le site TV loisir, je n'ai pas fait exprès, j'ai cliqué sur ok, au lieu de la croix, ça m'a créé un com ...
Réponses: 3


Qui est en ligne

Utilisateurs parcourant ce forum: routman54 et 11 invités


.: Nous contacter :: Flux RSS :: Données personnelles :.