Lundi 31 Mars 2025
Problème Security Tool [Résolu]

Un ordinateur qui ralentit, des écrans publicitaires qui apparaissent, des applications qui refusent de démarrer ou encore votre navigateur qui s'obstine à ouvrir une page douteuse sont autant d'éléments qui indiquent que l'intégrité de votre ordinateur est menacée par un virus. Vous trouverez dans ce forum quelques conseils et logiciels pour surfer tranquillement.
Pour afficher un rapport d'analyse ou un rapport d'infection (HijackThis, OTL, AdwCleaner etc...)‎, veuillez utiliser le système de fichiers joints interne au forum.

Problème Security Tool [Résolu]

Message le 23 Aoû 2010 23:02


Je souhaiterais savoir s'il est possible d'enlever ce virus de malheur. Je pense que je l'ai attrapé sur allostreaming pour les films car il est apparu à ce moment là !!! Enfin je sais pas mais là j'ai fait le tour des forums pour lire les aides pour supprimer ce virus mais je n'y arrive pas ca ne marche jamais !

Donc mon système d'exploitation est WINDOWS 7

J'ai essayé tout d'abord de supprimer les fichiers dans application data et desktop mais c'est pas possible

Ensuite j'ai téléchargé les deux logiciels RSIT.exe puis Malwarebyte's mais le fait est que le virus est bien installé et refuse donc le lancement de ces logiciels.

Du coup j'ai essayé la méthode mode sans échec_msconfig et là il m'est impossible de trouver cette ligne avec ces numéros que je dois décocher.

Voilà, je suis dans l'impasse totale et je ne trouve plus de solutions dans les forums de plus la page "security analysis" dans oogle s'affiche maintenant et je peux pas faire la mise à jour.

Je suis complétement perdue et je vous serais reconnaissante si vous pouviez me venir en aide.

Merci d'avance

Re: Problème Security Tool

Message le 23 Aoû 2010 23:29

salut en attendant les pro de la desinfection, telecharges hijackthis et lance le.
postes nous le rapport generé.
Re: Problème Security Tool

Message le 24 Aoû 2010 07:17

hello vous deux,

Fais cela stp...

Télécharger Rkill de Grinler sur le bureau,

Redémarres ton pc en mode sans échec....

Fais un clic droit sur le fichier rkill téléchargé puis choisir "Exécuter en tant qu'administrateur" pour lancer l'outil.

puis re-tentes de lancer malwarebyte, fais le scan....supprimes ce qu'il trouve et postes le rapport :wink:
Re: Problème Security Tool

Message le 24 Aoû 2010 14:41


Merci pour toutes ces informations. J'ai fait ce que vous m'avez dit en mode sans échec, le virus est toujours présent !!

Malwarebytes' Anti-Malware 1.46

Version de la base de données: 4052

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

24/08/2010 15:35:27
mbam-log-2010-08-24 (15-35-27).txt

Type d'examen: Examen complet (C:\|)
Elément(s) analysé(s): 260909
Temps écoulé: 39 minute(s), 43 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 7

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ujesocubuworu (Trojan.Agent.U) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Users\Riou Sébastien\Documents\sketch up 5\InstallSketchUpW5.0.232ENA__________\InstallSketchUpW5.0.232ENA__________\ac-sk515.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Riou Sébastien\Downloads\A graver\Autodesk AutoCAD 2010- Keygens only (X-FORCE 32-64bits) [RH]\AAC2010_Keygen-32bits.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Riou Sébastien\Downloads\A graver\Autodesk AutoCAD 2010- Keygens only (X-FORCE 32-64bits) [RH]\AAC2010_Keygen-64bits.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
C:\Users\Riou Sébastien\Downloads\A graver\Nero9426\Keymaker.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Riou Sébastien\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Riou Sébastien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Users\Riou Sébastien\AppData\Local\KBDcap.dll (Trojan.Agent.U) -> Quarantined and deleted successfully.
Re: Problème Security Tool

Message le 24 Aoû 2010 16:49

le virus est toujours présent !!

ho, sans blagues...? :o

Malwarebytes c'était pour dégrossir, ça serait trop facile si il faisait tout :wink:

Fais une sauvegarde des documents important si tu en as sur ce PC.


fais cela en mode normal....(on oublie le mode sans échec)

* Télécharge >> OTL <<sur ton bureau.

* Fait un double-clic sur l'icône d'OTL pour le lancer

Si OTL ne se lance pas, relance et retente le lancement d'OTL

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case "rapport minimal " soit cochée.

* Coches les case situées devant "Tous les utilisateurs", " Recherche LOP" et "Recherche Purity".

* Copier et colle le contenue de cette citation dans la partie inférieure d'OTL "personnalisation"

%systemroot%\system32\drivers\*.sys /lockedfiles
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles

* Cliques sur l'icône "Analyse" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan deux rapports vont s'ouvrir "OTL.Txt" et ( ou ) "Extras.Txt"( réduit dans la barre des taches).
* Copie et colle les rapports dans ta réponse stp...
* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés
Re: Problème Security Tool

Message le 25 Aoû 2010 10:48

Impossible d'ouvrir OTL même en lancant Rkill avant le virus le bloque.

Merci encore d'avance
Re: Problème Security Tool

Message le 25 Aoû 2010 15:00


et si tu essais en mode sans échec...

tu lances RKill et juste après tu relance OTL...

ça fonctionne ou non ?
Re: Problème Security Tool

Message le 25 Aoû 2010 17:17

Oui ca marche sans soucis en mode sans échec !!
Re: Problème Security Tool

Message le 25 Aoû 2010 17:19

clair_ette a écrit:Oui ca marche sans soucis en mode sans échec !!

ok, fais le scan et envoie le rapport, on ne verra pas toute la partie active de l'infection, mais on devrait pouvoir la neutraliser :wink:
Message le 25 Aoû 2010 20:24

Code: Tout sélectionner
OTL Extras logfile created on: 25/08/2010 19:09:52 - Run 1
OTL by OldTimer - Version     Folder = C:\Users\Riou Sébastien\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 72,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,05 Gb Total Space | 99,92 Gb Free Space | 67,04% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Current User Name: Riou Sébastien
Logged in as Administrator.
Current Boot Mode: SafeMode
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Minimal
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
[color=#E56717]========== File Associations ==========[/color]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[color=#E56717]========== Shell Spawning ==========[/color]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[color=#E56717]========== Security Center Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DisableNotifications" = 0
"EnableFirewall" = 1
[color=#E56717]========== Authorized Applications List ==========[/color]
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Barre d'outils
"{10812DE7-2E57-4740-B226-6B3BE34AF9D7}" = Lexmark Tools for Office
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 20
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{42c0e32e-6685-41f1-b962-61fb3c40ccc0}" = Nero 9 Trial
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{5791B7D3-8B34-4218-9750-6A8E45D0AD32}" = pdfforge Toolbar v1.1.2
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CE08C3C-8FF4-45D9-925E-4F3CE2D7FA7D}" = Adobe Setup
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2a31ae7a5c43ff52d8577782dd34e04" = Adobe Illustrator CS4
"avast5" = avast! Free Antivirus
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Foxit Reader" = Foxit Reader
"Google Chrome" = Google Chrome
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.11)" = Mozilla Firefox (3.5.11)
"Picasa 3" = Picasa 3
"PROPLUS" = Microsoft Office Professional Plus 2007
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"TuneUpMedia" = TuneUp Companion 1.7.1
"VLC media player" = VLC media player 1.0.3
"Vuze_Remote Toolbar" = Vuze Remote Toolbar
"WinRAR archiver" = Logiciel d'archivage WinRAR
[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
[ Application Events ]
Error - 25/08/2010 06:43:45 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 25/08/2010 06:43:45 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 14274
Error - 25/08/2010 06:43:45 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 14274
Error - 25/08/2010 06:43:49 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 25/08/2010 06:43:49 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 18283
Error - 25/08/2010 06:43:49 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 18283
Error - 25/08/2010 06:43:55 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 25/08/2010 06:43:55 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 24149
Error - 25/08/2010 06:43:55 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 24149
Error - 25/08/2010 12:37:40 | Computer Name = RiouSébastien | Source = Microsoft-Windows-CAPI2 | ID = 512
Description = Le service Services de chiffrement n’a pas pu initialiser l’objet
sauvegarde VSS « System Writer ».  Details: Could not query the status of the EventSystem
 service.  System Error: Un arrêt système est en cours.  .
[ OSession Events ]
Error - 31/03/2010 17:47:43 | Computer Name = RiouSébastien | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 104
 seconds with 0 seconds of active time.  This session ended with a crash.
Error - 14/04/2010 10:51:33 | Computer Name = RiouSébastien | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 10873
 seconds with 960 seconds of active time.  This session ended with a crash.
Error - 29/04/2010 13:19:24 | Computer Name = RiouSébastien | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3312
 seconds with 120 seconds of active time.  This session ended with a crash.
Error - 06/05/2010 08:00:01 | Computer Name = RiouSébastien | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4710
 seconds with 0 seconds of active time.  This session ended with a crash.
[ System Events ]
Error - 25/05/2010 14:12:27 | Computer Name = RiouSébastien | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 16:23:42 le ?25/?05/?2010 n’était pas
Error - 28/05/2010 05:28:56 | Computer Name = RiouSébastien | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 22:49:06 le ?27/?05/?2010 n’était pas
Error - 28/05/2010 11:50:28 | Computer Name = RiouSébastien | Source = Microsoft-Windows-HAL | ID = 12
Description = Le microprogramme de la plateforme a endommagé la mémoire lors de
la précédente transition d’alimentation du système. Recherchez un microprogramme
 plus récent à utiliser pour votre système.
Error - 29/05/2010 04:06:50 | Computer Name = RiouSébastien | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 19:32:49 le ?28/?05/?2010 n’était pas
Error - 31/05/2010 07:12:44 | Computer Name = RiouSébastien | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 13:03:42 le ?31/?05/?2010 n’était pas
Error - 01/06/2010 08:02:39 | Computer Name = RiouSébastien | Source = Microsoft-Windows-HAL | ID = 12
Description = Le microprogramme de la plateforme a endommagé la mémoire lors de
la précédente transition d’alimentation du système. Recherchez un microprogramme
 plus récent à utiliser pour votre système.
Error - 02/06/2010 14:33:58 | Computer Name = RiouSébastien | Source = Microsoft-Windows-HAL | ID = 12
Description = Le microprogramme de la plateforme a endommagé la mémoire lors de
la précédente transition d’alimentation du système. Recherchez un microprogramme
 plus récent à utiliser pour votre système.
Error - 03/06/2010 11:12:01 | Computer Name = RiouSébastien | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 15:57:16 le ?03/?06/?2010 n’était pas
Error - 04/06/2010 07:42:21 | Computer Name = RiouSébastien | Source = Microsoft-Windows-HAL | ID = 12
Description = Le microprogramme de la plateforme a endommagé la mémoire lors de
la précédente transition d’alimentation du système. Recherchez un microprogramme
 plus récent à utiliser pour votre système.
Error - 07/06/2010 04:25:01 | Computer Name = RiouSébastien | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 17:01:20 le ?05/?06/?2010 n’était pas
< End of report >
[ System Events ]
Error - 25/05/2010 14:12:27 | Computer Name = RiouSébastien | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 16:23:42 le ?25/?05/?2010 n’était pas
Error - 28/05/2010 05:28:56 | Computer Name = RiouSébastien | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 22:49:06 le ?27/?05/?2010 n’était pas
Error - 28/05/2010 11:50:28 | Computer Name = RiouSébastien | Source = Microsoft-Windows-HAL | ID = 12
Description = Le microprogramme de la plateforme a endommagé la mémoire lors de
la précédente transition d’alimentation du système. Recherchez un microprogramme
 plus récent à utiliser pour votre système.
Error - 29/05/2010 04:06:50 | Computer Name = RiouSébastien | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 19:32:49 le ?28/?05/?2010 n’était pas
Error - 31/05/2010 07:12:44 | Computer Name = RiouSébastien | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 13:03:42 le ?31/?05/?2010 n’était pas
Error - 01/06/2010 08:02:39 | Computer Name = RiouSébastien | Source = Microsoft-Windows-HAL | ID = 12
Description = Le microprogramme de la plateforme a endommagé la mémoire lors de
la précédente transition d’alimentation du système. Recherchez un microprogramme
 plus récent à utiliser pour votre système.
Error - 02/06/2010 14:33:58 | Computer Name = RiouSébastien | Source = Microsoft-Windows-HAL | ID = 12
Description = Le microprogramme de la plateforme a endommagé la mémoire lors de
la précédente transition d’alimentation du système. Recherchez un microprogramme
 plus récent à utiliser pour votre système.
Error - 03/06/2010 11:12:01 | Computer Name = RiouSébastien | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 15:57:16 le ?03/?06/?2010 n’était pas
Error - 04/06/2010 07:42:21 | Computer Name = RiouSébastien | Source = Microsoft-Windows-HAL | ID = 12
Description = Le microprogramme de la plateforme a endommagé la mémoire lors de
la précédente transition d’alimentation du système. Recherchez un microprogramme
 plus récent à utiliser pour votre système.
Error - 07/06/2010 04:25:01 | Computer Name = RiouSébastien | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 17:01:20 le ?05/?06/?2010 n’était pas
< End of report >
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
[color=#E56717]========== File Associations ==========[/color]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[color=#E56717]========== Shell Spawning ==========[/color]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[color=#E56717]========== Security Center Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DisableNotifications" = 0
"EnableFirewall" = 1
[color=#E56717]========== Authorized Applications List ==========[/color]
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Barre d'outils
"{10812DE7-2E57-4740-B226-6B3BE34AF9D7}" = Lexmark Tools for Office
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 20
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{42c0e32e-6685-41f1-b962-61fb3c40ccc0}" = Nero 9 Trial
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{5791B7D3-8B34-4218-9750-6A8E45D0AD32}" = pdfforge Toolbar v1.1.2
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CE08C3C-8FF4-45D9-925E-4F3CE2D7FA7D}" = Adobe Setup
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2a31ae7a5c43ff52d8577782dd34e04" = Adobe Illustrator CS4
"avast5" = avast! Free Antivirus
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Foxit Reader" = Foxit Reader
"Google Chrome" = Google Chrome
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.11)" = Mozilla Firefox (3.5.11)
"Picasa 3" = Picasa 3
"PROPLUS" = Microsoft Office Professional Plus 2007
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"TuneUpMedia" = TuneUp Companion 1.7.1
"VLC media player" = VLC media player 1.0.3
"Vuze_Remote Toolbar" = Vuze Remote Toolbar
"WinRAR archiver" = Logiciel d'archivage WinRAR
[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
[ Application Events ]
Error - 25/08/2010 06:43:45 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 25/08/2010 06:43:45 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 14274
Error - 25/08/2010 06:43:45 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 14274
Error - 25/08/2010 06:43:49 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 25/08/2010 06:43:49 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 18283
Error - 25/08/2010 06:43:49 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 18283
Error - 25/08/2010 06:43:55 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 25/08/2010 06:43:55 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 24149
Error - 25/08/2010 06:43:55 | Computer Name = RiouSébastien | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 24149
Error - 25/08/2010 12:37:40 | Computer Name = RiouSébastien | Source = Microsoft-Windows-CAPI2 | ID = 512
Description = Le service Services de chiffrement n’a pas pu initialiser l’objet
sauvegarde VSS « System Writer ».  Details: Could not query the status of the EventSystem
 service.  System Error: Un arrêt système est en cours.  .
[ OSession Events ]
Error - 31/03/2010 17:47:43 | Computer Name = RiouSébastien | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 104
 seconds with 0 seconds of active time.  This session ended with a crash.
Error - 14/04/2010 10:51:33 | Computer Name = RiouSébastien | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 10873
 seconds with 960 seconds of active time.  This session ended with a crash.
Error - 29/04/2010 13:19:24 | Computer Name = RiouSébastien | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3312
 seconds with 120 seconds of active time.  This session ended with a crash.
Error - 06/05/2010 08:00:01 | Computer Name = RiouSébastien | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4710
 seconds with 0 seconds of active time.  This session ended with a crash.
[ System Events ]
Error - 25/05/2010 14:12:27 | Computer Name = RiouSébastien | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 16:23:42 le ?25/?05/?2010 n’était pas
Error - 28/05/2010 05:28:56 | Computer Name = RiouSébastien | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 22:49:06 le ?27/?05/?2010 n’était pas
Error - 28/05/2010 11:50:28 | Computer Name = RiouSébastien | Source = Microsoft-Windows-HAL | ID = 12
Description = Le microprogramme de la plateforme a endommagé la mémoire lors de
la précédente transition d’alimentation du système. Recherchez un microprogramme
 plus récent à utiliser pour votre système.
Error - 29/05/2010 04:06:50 | Computer Name = RiouSébastien | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 19:32:49 le ?28/?05/?2010 n’était pas
Error - 31/05/2010 07:12:44 | Computer Name = RiouSébastien | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 13:03:42 le ?31/?05/?2010 n’était pas
Error - 01/06/2010 08:02:39 | Computer Name = RiouSébastien | Source = Microsoft-Windows-HAL | ID = 12
Description = Le microprogramme de la plateforme a endommagé la mémoire lors de
la précédente transition d’alimentation du système. Recherchez un microprogramme
 plus récent à utiliser pour votre système.
Error - 02/06/2010 14:33:58 | Computer Name = RiouSébastien | Source = Microsoft-Windows-HAL | ID = 12
Description = Le microprogramme de la plateforme a endommagé la mémoire lors de
la précédente transition d’alimentation du système. Recherchez un microprogramme
 plus récent à utiliser pour votre système.
Error - 03/06/2010 11:12:01 | Computer Name = RiouSébastien | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 15:57:16 le ?03/?06/?2010 n’était pas
Error - 04/06/2010 07:42:21 | Computer Name = RiouSébastien | Source = Microsoft-Windows-HAL | ID = 12
Description = Le microprogramme de la plateforme a endommagé la mémoire lors de
la précédente transition d’alimentation du système. Recherchez un microprogramme
 plus récent à utiliser pour votre système.
Error - 07/06/2010 04:25:01 | Computer Name = RiouSébastien | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 17:01:20 le ?05/?06/?2010 n’était pas
< End of report >
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
[color=#E56717]========== File Associations ==========[/color]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[color=#E56717]========== Shell Spawning ==========[/color]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[color=#E56717]========== Security Center Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DisableNotifications" = 0
"EnableFirewall" = 1
[color=#E56717]========== Authorized Applications List ==========[/color]
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Barre d'outils
"{10812DE7-2E57-4740-B226-6B3BE34AF9D7}" = Lexmark Tools for Office
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 20
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{42c0e32e-6685-41f1-b962-61fb3c40ccc0}" = Nero 9 Trial
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{5791B7D3-8B34-4218-9750-6A8E45D0AD32}" = pdfforge Toolbar v1.1.2
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CE08C3C-8FF4-45D9-925E-4F3CE2D7FA7D}" = Adobe Setup
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
Code: Tout sélectionner
OTL logfile created on: 25/08/2010 19:09:52 - Run 1
OTL by OldTimer - Version     Folder = C:\Users\Riou Sébastien\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 72,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,05 Gb Total Space | 99,92 Gb Free Space | 67,04% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Current User Name: Riou Sébastien
Logged in as Administrator.
Current Boot Mode: SafeMode
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Minimal

Merci d'avance.

EDIT Skynet : erreur dans les balises [code], c'est corrigé ;).
Visiteur Confirmé
Visiteur Confirmé
Messages: 10
Inscription: 23 Aoû 2010 22:48

Re: Problème Security Tool

Message le 25 Aoû 2010 20:56

Oulala !! Il y a du boulot la dedans :o

Bon Travaille et bonne chance Jeanmimi :D
Avatar de l'utilisateur
Messages: 1833
Inscription: 08 Juin 2009 06:46
Localisation: Nord-(59)

Re: Problème Security Tool

Message le 25 Aoû 2010 21:24

Arrrgh!!Punaise de punaise. En voulant "compacter" ton rapport ...
...La honte sur moi je l'ai scratché... :oops: Désolé!!

Edit AtOM:Et bien non, c'est le Cyborg qui était en train de le traiter...

Sauvé !! Merci Skynet !!
Avatar de l'utilisateur
Ask to Old Man
Messages: 19970
Inscription: 14 Mar 2004 10:06
Localisation: Argenteuil,Val d'Oise

Re: Problème Security Tool

Message le 25 Aoû 2010 21:28


pour le rapport extrat.txt c'est OK, il est complet

par contre le rapport OTL.txt n'est pas complet, il y a juste l'entête, peux tu me le re-poster stp.... :wink:

Avatar de l'utilisateur
Messages: 2986
Inscription: 29 Nov 2009 12:05

Message le 25 Aoû 2010 21:37

De rien AtOM ;), et voici un autre rapport trop long qui ne passait pas :

Code: Tout sélectionner
OTL logfile created on: 25/08/2010 19:09:52 - Run 1
    OTL by OldTimer - Version     Folder = C:\Users\Riou Sébastien\Desktop
    64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

    2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 72,00% Memory free
    4,00 Gb Paging File | 3,00 Gb Available in Paging File | 87,00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 149,05 Gb Total Space | 99,92 Gb Free Space | 67,04% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: RIOUSÉBASTIEN
    Current User Name: Riou Sébastien
    Logged in as Administrator.

    Current Boot Mode: SafeMode
    Scan Mode: All users
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 7 Days
    Output = Minimal

[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - C:\Users\Riou Sébastien\Desktop\OTL.exe (OldTimer Tools)
[color=#E56717]========== Modules (SafeList) ==========[/color]
MOD - C:\Users\Riou Sébastien\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\wpdshext.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\\GdiPlus.dll (Microsoft Corporation)
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (Application Updater) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (lxed_device) -- C:\Windows\SysWow64\lxedcoms.exe ( )
SRV - (MDM) -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.)
[color=#E56717]========== Standard Registry (All) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2E AA C4 DE F3 87 CA 01  [binary data]
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
[color=#E56717]========== FireFox ==========[/color]
FF - "Yahoo"
FF - "Google Powered Search"
FF - "{searchTerms}"
FF - "chr-greentree_ff&type=302398"
FF - "Yahoo"
FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:7.1.20100723W
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: radiobar@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:
FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.11
FF - prefs.js..keyword.URL: ""
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/07/23 20:16:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/07/23 20:16:45 | 000,000,000 | ---D | M]
[2010/01/03 16:00:19 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\mozilla\Extensions
[2010/01/03 16:00:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Riou Sébastien\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/08/23 16:00:30 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\mozilla\Firefox\Profiles\xbzwzwe7.default\extensions
[2010/08/03 14:11:49 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Riou Sébastien\AppData\Roaming\mozilla\Firefox\Profiles\xbzwzwe7.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/08/19 12:51:10 | 000,000,000 | ---D | M] (Vuze Remote Toolbar) -- C:\Users\Riou Sébastien\AppData\Roaming\mozilla\Firefox\Profiles\xbzwzwe7.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2010/07/22 18:16:44 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\mozilla\Firefox\Profiles\xbzwzwe7.default\extensions\radiobar@toolbar
[2010/08/19 12:54:16 | 000,000,911 | ---- | M] () -- C:\Users\Riou Sébastien\AppData\Roaming\Mozilla\FireFox\Profiles\xbzwzwe7.default\searchplugins\conduit.xml
[2010/06/30 23:03:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/07/22 18:16:38 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/06/30 23:03:10 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/01/08 12:39:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010/05/25 08:38:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/07/22 18:16:37 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browserdirprovider.dll
[2010/07/22 18:16:37 | 000,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\brwsrcmp.dll
[2007/04/10 18:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/12 17:59:34 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2010/07/22 18:16:37 | 000,064,984 | ---- | M] ( -- C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll
[2010/07/23 20:16:44 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
[2010/07/23 20:16:44 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
[2010/07/23 20:16:45 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
[2010/07/23 20:16:45 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
[2010/07/23 20:16:45 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
[2010/07/23 20:16:45 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
[2010/07/23 20:16:45 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
[2010/04/07 19:33:01 | 000,001,516 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/04/07 19:33:01 | 000,001,822 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/04/07 19:33:01 | 000,000,757 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/04/07 19:33:01 | 000,002,371 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google.xml
[2010/04/07 19:33:01 | 000,001,426 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/04/07 19:33:01 | 000,000,652 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-france.xml
[2010/04/26 14:17:59 | 000,000,811 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo.xml
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Lexmark Barre d'outils) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Lexmark Barre d'outils) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\..\Toolbar\WebBrowser: (Lexmark Barre d'outils) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000..\Run: [Metropolis] C:\Users\RIOUSB~1\AppData\Local\Temp\sshnas21.DLL File not found
O4 - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000..\Run: [XBV6RD5SZF] C:\Users\Riou Sébastien\AppData\Local\Temp\Ul1.exe (ApexDC++ Development Team)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000..\RunOnce: [43278680] C:\Users\Riou Sébastien\AppData\Local\43278680.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer =
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1ea19335-078e-11df-b2f0-001a6b7622c5}\Shell - "" = AutoRun
O33 - MountPoints2\{1ea19335-078e-11df-b2f0-001a6b7622c5}\Shell\AutoRun\command - "" = F:\WD SmartWare.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\ [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
[color=#E56717]========== Files/Folders - Created Within 7 Days ==========[/color]
[2010/08/25 19:02:52 | 001,291,340 | -H-- | C] () -- C:\Users\Riou Sébastien\AppData\Local\IconCache.db
[2010/08/25 11:33:10 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Riou Sébastien\Desktop\OTL.exe
[2010/08/25 11:15:19 | 000,194,560 | ---- | C] (ApexDC++ Development Team) -- C:\Windows\Umuzaf.exe
[2010/08/24 15:37:19 | 000,194,560 | ---- | C] (ApexDC++ Development Team) -- C:\Windows\Umuzae.exe
[2010/08/24 14:54:21 | 000,000,000 | ---D | C] -- C:\Users\Riou Sébastien\AppData\Roaming\Malwarebytes
[2010/08/24 14:54:15 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/08/24 14:54:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/08/24 14:54:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/08/24 14:27:36 | 000,194,560 | ---- | C] (ApexDC++ Development Team) -- C:\Windows\Umuzad.exe
[2010/08/23 23:39:54 | 000,000,000 | ---D | C] -- C:\ProgramData\3ef1bc1
[2010/08/23 23:38:12 | 000,194,560 | ---- | C] (ApexDC++ Development Team) -- C:\Windows\Umuzac.exe
[2010/08/23 23:10:15 | 000,194,560 | ---- | C] (ApexDC++ Development Team) -- C:\Windows\Umuzab.exe
[2010/08/23 22:54:16 | 000,194,560 | ---- | C] (ApexDC++ Development Team) -- C:\Windows\Umuzaa.exe
[2010/08/23 18:49:42 | 001,084,416 | ---- | C] () -- C:\Users\Riou Sébastien\AppData\Local\43278680.exe
[2010/08/19 12:52:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUpMedia
[2010/08/19 12:52:48 | 000,000,000 | ---D | C] -- C:\Users\Riou Sébastien\AppData\Roaming\TuneUpMedia
[2010/08/19 12:52:45 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUpMedia
[2010/08/19 12:52:43 | 000,000,000 | ---D | C] -- C:\Users\Riou Sébastien\Documents\Vuze Downloads
[2010/08/19 12:51:49 | 000,000,000 | ---D | C] -- C:\Users\Riou Sébastien\AppData\Roaming\Azureus
[2010/08/19 12:51:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vuze
[2010/08/19 12:51:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2010/08/19 12:51:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vuze_Remote
[2010/06/30 23:09:40 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/04/05 12:28:59 | 000,028,130 | ---- | C] () -- C:\ProgramData\lxedJSW.log
[2010/04/05 12:28:38 | 000,000,252 | ---- | C] () -- C:\ProgramData\FastPics.log
[2010/04/05 12:20:00 | 000,000,077 | ---- | C] () -- C:\ProgramData\lxed.log
[2010/04/05 12:08:12 | 000,033,570 | ---- | C] () -- C:\ProgramData\lxedscan.log
[2010/04/05 12:06:38 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedinpa.dll
[2010/04/05 12:06:38 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lxediesc.dll
[2010/04/05 12:06:37 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedserv.dll
[2010/04/05 12:06:37 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedusb1.dll
[2010/04/05 12:06:37 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedcomc.dll
[2010/04/05 12:06:37 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedhbn3.dll
[2010/04/05 12:06:37 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedpmui.dll
[2010/04/05 12:06:37 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedlmpm.dll
[2010/04/05 12:06:37 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedcomm.dll
[2010/04/05 12:01:34 | 000,000,000 | ---- | C] () -- C:\ProgramData\cmn_upld.log
[2010/04/05 12:01:33 | 000,000,000 | ---- | C] () -- C:\ProgramData\LxWbGwLog.log
[2010/04/05 12:01:19 | 000,000,000 | ---- | C] () -- C:\ProgramData\UpdaterLog.txt
[2009/12/28 19:14:55 | 000,141,248 | ---- | C] () -- C:\Users\Riou Sébastien\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/07/14 06:54:24 | 000,000,174 | -HS- | C] () -- C:\Program Files (x86)\desktop.ini
[1 C:\Users\Riou Sébastien\Desktop\*.tmp files -> C:\Users\Riou Sébastien\Desktop\*.tmp -> ]
[color=#E56717]========== Files - Modified Within 7 Days ==========[/color]
[2010/08/25 19:04:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/25 19:03:47 | 1609,134,080 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/25 19:03:10 | 003,932,160 | -HS- | M] () -- C:\Users\Riou Sébastien\ntuser.dat
[2010/08/25 19:02:52 | 001,291,340 | -H-- | M] () -- C:\Users\Riou Sébastien\AppData\Local\IconCache.db
[2010/08/25 19:01:08 | 000,000,322 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/08/25 18:58:20 | 000,001,078 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/25 18:58:15 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/25 18:42:04 | 000,000,216 | -H-- | M] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2010/08/25 18:14:07 | 000,001,082 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/25 11:33:16 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Riou Sébastien\Desktop\OTL.exe
[2010/08/24 14:54:17 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/24 14:32:05 | 000,363,520 | ---- | M] () -- C:\Users\Riou Sébastien\Desktop\
[2010/08/23 18:49:42 | 001,084,416 | ---- | M] () -- C:\Users\Riou Sébastien\AppData\Local\43278680.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzaf.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzae.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzad.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzac.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzab.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzaa.exe
[2010/08/19 12:51:34 | 000,001,852 | ---- | M] () -- C:\Users\Riou Sébastien\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2010/08/19 12:51:34 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[1 C:\Users\Riou Sébastien\Desktop\*.tmp files -> C:\Users\Riou Sébastien\Desktop\*.tmp -> ]
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2010/08/24 14:54:17 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/24 14:32:03 | 000,363,520 | ---- | C] () -- C:\Users\Riou Sébastien\Desktop\
[2010/08/23 18:48:29 | 000,000,322 | -H-- | C] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/08/23 18:48:22 | 000,000,216 | -H-- | C] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2010/08/19 12:51:34 | 000,001,852 | ---- | C] () -- C:\Users\Riou Sébastien\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2010/08/19 12:51:34 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\Vuze.lnk
[2010/04/05 12:06:38 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxedcomx.dll
[2010/04/05 12:06:38 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\LXEDinst.dll
[2010/04/05 12:06:38 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\lxedinsr.dll
[2010/04/05 12:06:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxedjswr.dll
[2010/04/05 12:06:38 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxedcur.dll
[2010/04/05 12:06:37 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxedins.dll
[2010/04/05 12:06:37 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxedinsb.dll
[2010/04/05 12:06:37 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxedcu.dll
[2010/04/05 12:06:37 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxedcub.dll
[2010/04/05 12:01:04 | 000,024,064 | ---- | C] () -- C:\Windows\SysWow64\LXEDsmr.dll
[2010/04/05 12:01:03 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\LXEDsm.dll
[2009/12/27 18:03:45 | 001,503,232 | ---- | C] () -- C:\Windows\SysWow64\nView.dll
[2009/12/27 18:03:45 | 001,101,824 | ---- | C] () -- C:\Windows\SysWow64\nvwimg.dll
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[color=#E56717]========== LOP Check ==========[/color]
[2010/01/14 16:42:01 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\ArchiFacile
[2010/02/01 13:15:18 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Autodesk
[2010/08/19 13:12:10 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Azureus
[2010/08/19 12:48:45 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\BitTorrent
[2009/12/28 19:48:31 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\DAEMON Tools Lite
[2010/01/12 17:59:49 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Foxit
[2010/05/25 10:24:53 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Foxit Software
[2010/05/28 17:47:07 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\PDF Software
[2010/01/11 12:33:47 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Peace Craft
[2010/08/20 15:15:29 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\TuneUpMedia
[2010/07/05 12:13:54 | 000,032,496 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/08/25 19:01:08 | 000,000,322 | -H-- | M] () -- C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/08/25 18:42:04 | 000,000,216 | -H-- | M] () -- C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[color=#E56717]========== Purity Check ==========[/color]
[color=#E56717]========== Custom Scans ==========[/color]
[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]
[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*. >[/color]
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles  >[/color]

< End of report >
PRC - C:\Users\Riou Sébastien\Desktop\OTL.exe (OldTimer Tools)
[color=#E56717]========== Modules (SafeList) ==========[/color]
MOD - C:\Users\Riou Sébastien\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\wpdshext.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\\GdiPlus.dll (Microsoft Corporation)
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (Application Updater) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (lxed_device) -- C:\Windows\SysWow64\lxedcoms.exe ( )
SRV - (MDM) -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2E AA C4 DE F3 87 CA 01  [binary data]
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
[color=#E56717]========== FireFox ==========[/color]
FF - "Yahoo"
FF - "Google Powered Search"
FF - "{searchTerms}"
FF - "chr-greentree_ff&type=302398"
FF - "Yahoo"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: radiobar@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:
FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:
FF - prefs.js..keyword.URL: ""
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/07/23 20:16:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/07/23 20:16:45 | 000,000,000 | ---D | M]
[2010/01/03 16:00:19 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\mozilla\Extensions
[2010/08/23 16:00:30 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\mozilla\Firefox\Profiles\xbzwzwe7.default\extensions
[2010/08/03 14:11:49 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Riou Sébastien\AppData\Roaming\mozilla\Firefox\Profiles\xbzwzwe7.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/08/19 12:51:10 | 000,000,000 | ---D | M] (Vuze Remote Toolbar) -- C:\Users\Riou Sébastien\AppData\Roaming\mozilla\Firefox\Profiles\xbzwzwe7.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2010/07/22 18:16:44 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\mozilla\Firefox\Profiles\xbzwzwe7.default\extensions\radiobar@toolbar
[2010/08/19 12:54:16 | 000,000,911 | ---- | M] () -- C:\Users\Riou Sébastien\AppData\Roaming\Mozilla\FireFox\Profiles\xbzwzwe7.default\searchplugins\conduit.xml
[2010/06/30 23:03:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/06/30 23:03:10 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/05/25 08:38:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/12 17:59:34 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2010/04/07 19:33:01 | 000,001,516 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/04/07 19:33:01 | 000,001,822 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/04/07 19:33:01 | 000,000,757 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/04/07 19:33:01 | 000,001,426 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/04/07 19:33:01 | 000,000,652 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-france.xml
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Lexmark Barre d'outils) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Lexmark Barre d'outils) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\..\Toolbar\WebBrowser: (Lexmark Barre d'outils) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000..\Run: [Metropolis] C:\Users\RIOUSB~1\AppData\Local\Temp\sshnas21.DLL File not found
O4 - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000..\Run: [XBV6RD5SZF] C:\Users\Riou Sébastien\AppData\Local\Temp\Ul1.exe (ApexDC++ Development Team)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000..\RunOnce: [43278680] C:\Users\Riou Sébastien\AppData\Local\43278680.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer =
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1ea19335-078e-11df-b2f0-001a6b7622c5}\Shell - "" = AutoRun
O33 - MountPoints2\{1ea19335-078e-11df-b2f0-001a6b7622c5}\Shell\AutoRun\command - "" = F:\WD SmartWare.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\ [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
[color=#E56717]========== Files/Folders - Created Within 7 Days ==========[/color]
[2010/08/25 11:33:10 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Riou Sébastien\Desktop\OTL.exe
[2010/08/25 11:15:19 | 000,194,560 | ---- | C] (ApexDC++ Development Team) -- C:\Windows\Umuzaf.exe
[2010/08/24 15:37:19 | 000,194,560 | ---- | C] (ApexDC++ Development Team) -- C:\Windows\Umuzae.exe
[2010/08/24 14:54:21 | 000,000,000 | ---D | C] -- C:\Users\Riou Sébastien\AppData\Roaming\Malwarebytes
[2010/08/24 14:54:15 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/08/24 14:54:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/08/24 14:54:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/08/24 14:27:36 | 000,194,560 | ---- | C] (ApexDC++ Development Team) -- C:\Windows\Umuzad.exe
[2010/08/23 23:39:54 | 000,000,000 | ---D | C] -- C:\ProgramData\3ef1bc1
[2010/08/23 23:38:12 | 000,194,560 | ---- | C] (ApexDC++ Development Team) -- C:\Windows\Umuzac.exe
[2010/08/23 23:10:15 | 000,194,560 | ---- | C] (ApexDC++ Development Team) -- C:\Windows\Umuzab.exe
[2010/08/23 22:54:16 | 000,194,560 | ---- | C] (ApexDC++ Development Team) -- C:\Windows\Umuzaa.exe
[2010/08/19 12:52:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUpMedia
[2010/08/19 12:52:48 | 000,000,000 | ---D | C] -- C:\Users\Riou Sébastien\AppData\Roaming\TuneUpMedia
[2010/08/19 12:52:45 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUpMedia
[2010/08/19 12:52:43 | 000,000,000 | ---D | C] -- C:\Users\Riou Sébastien\Documents\Vuze Downloads
[2010/08/19 12:51:49 | 000,000,000 | ---D | C] -- C:\Users\Riou Sébastien\AppData\Roaming\Azureus
[2010/08/19 12:51:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vuze
[2010/08/19 12:51:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2010/08/19 12:51:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vuze_Remote
[2010/04/05 12:06:38 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedinpa.dll
[2010/04/05 12:06:38 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lxediesc.dll
[2010/04/05 12:06:37 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedserv.dll
[2010/04/05 12:06:37 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedusb1.dll
[2010/04/05 12:06:37 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedcomc.dll
[2010/04/05 12:06:37 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedhbn3.dll
[2010/04/05 12:06:37 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedpmui.dll
[2010/04/05 12:06:37 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedlmpm.dll
[2010/04/05 12:06:37 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedcomm.dll
[1 C:\Users\Riou Sébastien\Desktop\*.tmp files -> C:\Users\Riou Sébastien\Desktop\*.tmp -> ]
[color=#E56717]========== Files - Modified Within 7 Days ==========[/color]
[2010/08/25 19:24:31 | 003,932,160 | -HS- | M] () -- C:\Users\Riou Sébastien\ntuser.dat
[2010/08/25 19:04:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/25 19:03:47 | 1609,134,080 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/25 19:02:52 | 001,291,340 | -H-- | M] () -- C:\Users\Riou Sébastien\AppData\Local\IconCache.db
[2010/08/25 19:01:08 | 000,000,322 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/08/25 18:58:20 | 000,001,078 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/25 18:58:15 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/25 18:42:04 | 000,000,216 | -H-- | M] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2010/08/25 18:14:07 | 000,001,082 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/25 11:33:16 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Riou Sébastien\Desktop\OTL.exe
[2010/08/24 14:54:17 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/24 14:32:05 | 000,363,520 | ---- | M] () -- C:\Users\Riou Sébastien\Desktop\
[2010/08/23 18:49:42 | 001,084,416 | ---- | M] () -- C:\Users\Riou Sébastien\AppData\Local\43278680.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzaf.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzae.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzad.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzac.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzab.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzaa.exe
[2010/08/19 12:51:34 | 000,001,852 | ---- | M] () -- C:\Users\Riou Sébastien\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2010/08/19 12:51:34 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[1 C:\Users\Riou Sébastien\Desktop\*.tmp files -> C:\Users\Riou Sébastien\Desktop\*.tmp -> ]
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2010/08/24 14:54:17 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/24 14:32:03 | 000,363,520 | ---- | C] () -- C:\Users\Riou Sébastien\Desktop\
[2010/08/23 18:49:42 | 001,084,416 | ---- | C] () -- C:\Users\Riou Sébastien\AppData\Local\43278680.exe
[2010/08/23 18:48:29 | 000,000,322 | -H-- | C] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/08/23 18:48:22 | 000,000,216 | -H-- | C] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2010/08/19 12:51:34 | 000,001,852 | ---- | C] () -- C:\Users\Riou Sébastien\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2010/08/19 12:51:34 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\Vuze.lnk
[2010/06/30 23:09:40 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/04/05 12:28:59 | 000,028,130 | ---- | C] () -- C:\ProgramData\lxedJSW.log
[2010/04/05 12:28:38 | 000,000,252 | ---- | C] () -- C:\ProgramData\FastPics.log
[2010/04/05 12:20:00 | 000,000,077 | ---- | C] () -- C:\ProgramData\lxed.log
[2010/04/05 12:08:12 | 000,033,570 | ---- | C] () -- C:\ProgramData\lxedscan.log
[2010/04/05 12:06:38 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxedcomx.dll
[2010/04/05 12:06:38 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\LXEDinst.dll
[2010/04/05 12:06:38 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\lxedinsr.dll
[2010/04/05 12:06:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxedjswr.dll
[2010/04/05 12:06:38 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxedcur.dll
[2010/04/05 12:06:37 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxedins.dll
[2010/04/05 12:06:37 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxedinsb.dll
[2010/04/05 12:06:37 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxedcu.dll
[2010/04/05 12:06:37 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxedcub.dll
[2010/04/05 12:01:34 | 000,000,000 | ---- | C] () -- C:\ProgramData\cmn_upld.log
[2010/04/05 12:01:33 | 000,000,000 | ---- | C] () -- C:\ProgramData\LxWbGwLog.log
[2010/04/05 12:01:19 | 000,000,000 | ---- | C] () -- C:\ProgramData\UpdaterLog.txt
[2010/04/05 12:01:04 | 000,024,064 | ---- | C] () -- C:\Windows\SysWow64\LXEDsmr.dll
[2010/04/05 12:01:03 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\LXEDsm.dll
[2009/12/27 18:03:45 | 001,503,232 | ---- | C] () -- C:\Windows\SysWow64\nView.dll
[2009/12/27 18:03:45 | 001,101,824 | ---- | C] () -- C:\Windows\SysWow64\nvwimg.dll
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[color=#E56717]========== LOP Check ==========[/color]
[2010/01/14 16:42:01 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\ArchiFacile
[2010/02/01 13:15:18 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Autodesk
[2010/08/19 13:12:10 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Azureus
[2010/08/19 12:48:45 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\BitTorrent
[2009/12/28 19:48:31 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\DAEMON Tools Lite
[2010/01/12 17:59:49 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Foxit
[2010/05/25 10:24:53 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Foxit Software
[2010/05/28 17:47:07 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\PDF Software
[2010/01/11 12:33:47 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Peace Craft
[2010/08/20 15:15:29 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\TuneUpMedia
[2010/07/05 12:13:54 | 000,032,496 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/08/25 19:01:08 | 000,000,322 | -H-- | M] () -- C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/08/25 18:42:04 | 000,000,216 | -H-- | M] () -- C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[color=#E56717]========== Purity Check ==========[/color]
[color=#E56717]========== Custom Scans ==========[/color]
[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]
[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*. >[/color]
[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.exe /s >[/color]
[color=#A23BEC]< %APPDATA%\*. >[/color]
[2010/05/26 22:41:06 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Adobe
[2010/02/23 21:31:20 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Apple Computer
[2010/01/14 16:42:01 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\ArchiFacile
[2010/02/01 13:15:18 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Autodesk
[2010/08/19 13:12:10 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Azureus
[2010/08/19 12:48:45 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\BitTorrent
[2009/12/28 19:48:31 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\DAEMON Tools Lite
[2010/08/19 13:12:48 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\dvdcss
[2010/01/12 17:59:49 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Foxit
[2010/05/25 10:24:53 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Foxit Software
[2010/01/13 15:38:22 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Google
[2010/07/08 11:34:11 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Identities
[2010/01/03 16:18:29 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Macromedia
[2010/08/24 14:54:21 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Malwarebytes
[2009/07/14 17:35:05 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Media Center Programs
[2010/04/28 15:23:33 | 000,000,000 | --SD | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Microsoft
[2010/08/20 15:15:03 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Mozilla
[2009/12/28 20:25:42 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Nero
[2010/05/28 17:47:07 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\PDF Software
[2010/01/11 12:33:47 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Peace Craft
[2010/08/15 20:15:10 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Skype
[2010/08/15 20:02:13 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\skypePM
[2010/08/20 15:15:29 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\TuneUpMedia
[2010/08/20 15:18:57 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\vlc
[2010/01/01 13:10:28 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\WinRAR
[color=#A23BEC]< %APPDATA%\*.exe /s >[/color]
[2010/08/19 13:07:44 | 004,177,856 | ---- | M] () -- C:\Users\Riou Sébastien\AppData\Roaming\Azureus\plugins\azemp\vuzeplayer.exe
[2010/08/19 12:52:21 | 000,310,208 | ---- | M] (Georgia Institute of Technology) -- C:\Users\Riou Sébastien\AppData\Roaming\Azureus\plugins\mlab\ShaperProbeC.exe
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
[color=#A23BEC]< MD5 for: AGP440.SYS  >[/color]
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[color=#A23BEC]< MD5 for: ATAPI.SYS  >[/color]
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[color=#A23BEC]< MD5 for: CDROM.SYS  >[/color]
[2009/07/14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysWow64\DriverStore\FileRepository\cdrom.inf_amd64_neutral_8363d00ecae4322d\cdrom.sys
[2009/07/14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys
[color=#A23BEC]< MD5 for: CNGAUDIT.DLL  >[/color]
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
[color=#A23BEC]< MD5 for: DISK.SYS  >[/color]
[2009/07/14 03:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysWow64\DriverStore\FileRepository\disk.inf_amd64_neutral_10ce25bbc5a9cc43\disk.sys
[2009/07/14 03:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_55bb738b8ddd8a01\disk.sys
[color=#A23BEC]< MD5 for: IASTORV.SYS  >[/color]
[2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
[color=#A23BEC]< MD5 for: NDIS.SYS  >[/color]
[2009/07/14 03:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys
[color=#A23BEC]< MD5 for: NETLOGON.DLL  >[/color]
[2009/07/14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
[color=#A23BEC]< MD5 for: NVSTOR.SYS  >[/color]
[2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[color=#A23BEC]< MD5 for: RASACD.SYS  >[/color]
[2009/07/14 02:10:09 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=5A0DA8AD5762FA2D91678A8A01311704 -- C:\Windows\winsxs\amd64_microsoft-windows-rasautodial_31bf3856ad364e35_6.1.7600.16385_none_6bcef05d7f04260a\rasacd.sys
[color=#A23BEC]< MD5 for: RDPWD.SYS  >[/color]
[2009/07/14 02:16:48 | 000,204,800 | ---- | M] (Microsoft Corporation) MD5=8A3E6BEA1C53EA6177FE2B6EBA2C80D7 -- C:\Windows\winsxs\amd64_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7600.16385_none_a76a79eeeeb38f01\rdpwd.sys
[color=#A23BEC]< MD5 for: SCECLI.DLL  >[/color]
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[color=#A23BEC]< MD5 for: SFLOPPY.SYS  >[/color]
[2009/07/14 02:01:02 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=A9D601643A1647211A1EE2EC4E433FF4 -- C:\Windows\SysWow64\DriverStore\FileRepository\flpydisk.inf_amd64_neutral_f54222cc59267e1e\sfloppy.sys
[2009/07/14 02:01:02 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=A9D601643A1647211A1EE2EC4E433FF4 -- C:\Windows\winsxs\amd64_flpydisk.inf_31bf3856ad364e35_6.1.7600.16385_none_42ff01d4942cc5ea\sfloppy.sys
[color=#A23BEC]< MD5 for: TCPIP.SYS  >[/color]
[2010/06/14 08:39:16 | 001,889,152 | ---- | M] (Microsoft Corporation) MD5=542C6767C68C9D6AAACA59436B0D15C2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079\tcpip.sys
[2010/06/14 08:37:36 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59b7ad7fe2fcc8\tcpip.sys
[2009/07/14 03:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
[color=#A23BEC]< MD5 for: TDPIPE.SYS  >[/color]
[2009/07/14 02:16:32 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=3371D21011695B16333A3934340C4E7C -- C:\Windows\winsxs\\tdpipe.sys
[color=#A23BEC]< MD5 for: TDTCP.SYS  >[/color]
[2009/07/14 02:16:32 | 000,023,552 | ---- | M] (Microsoft Corporation) MD5=E4245BDA3190A582D55ED09E137401A9 -- C:\Windows\winsxs\\tdtcp.sys
[color=#A23BEC]< MD5 for: USBPRINT.SYS  >[/color]
[2009/07/14 02:38:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=73188F58FB384E75C4063D29413CEE3D -- C:\Windows\SysWow64\DriverStore\FileRepository\usbprint.inf_amd64_neutral_54948be2bc4bcdd1\usbprint.sys
[2009/07/14 02:38:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=73188F58FB384E75C4063D29413CEE3D -- C:\Windows\winsxs\amd64_usbprint.inf_31bf3856ad364e35_6.1.7600.16385_none_8eeeb411db1b01c5\usbprint.sys
[color=#A23BEC]< MD5 for: USBSCAN.SYS  >[/color]
[2009/07/14 02:35:32 | 000,041,984 | ---- | M] (Microsoft Corporation) MD5=AAA2513C8AED8B54B189FD0C6B1634C0 -- C:\Windows\SysWow64\DriverStore\FileRepository\sti.inf_amd64_neutral_9d9a7113099a28a2\usbscan.sys
[2009/07/14 02:35:32 | 000,041,984 | ---- | M] (Microsoft Corporation) MD5=AAA2513C8AED8B54B189FD0C6B1634C0 -- C:\Windows\winsxs\amd64_sti.inf_31bf3856ad364e35_6.1.7600.16385_none_b5d3c30ffa77a77a\usbscan.sys
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]

[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles  >[/color]

< End of report >

Et un dernier que je prépare !
Messages: 14807
Messages: 14807
Inscription: 19 Juil 2007 21:12

Message le 25 Aoû 2010 21:44

Code: Tout sélectionner
[2009/07/14 03:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_55bb738b8ddd8a01\disk.sys
[color=#A23BEC]< MD5 for: IASTORV.SYS  >[/color]
[2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
[color=#A23BEC]< MD5 for: NDIS.SYS  >[/color]
[2009/07/14 03:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys
[color=#A23BEC]< MD5 for: NETLOGON.DLL  >[/color]
[2009/07/14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
[color=#A23BEC]< MD5 for: NVSTOR.SYS  >[/color]
[2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[color=#A23BEC]< MD5 for: RASACD.SYS  >[/color]
[2009/07/14 02:10:09 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=5A0DA8AD5762FA2D91678A8A01311704 -- C:\Windows\winsxs\amd64_microsoft-windows-rasautodial_31bf3856ad364e35_6.1.7600.16385_none_6bcef05d7f04260a\rasacd.sys
[color=#A23BEC]< MD5 for: RDPWD.SYS  >[/color]
[2009/07/14 02:16:48 | 000,204,800 | ---- | M] (Microsoft Corporation) MD5=8A3E6BEA1C53EA6177FE2B6EBA2C80D7 -- C:\Windows\winsxs\amd64_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7600.16385_none_a76a79eeeeb38f01\rdpwd.sys
[color=#A23BEC]< MD5 for: SCECLI.DLL  >[/color]
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[color=#A23BEC]< MD5 for: SFLOPPY.SYS  >[/color]
[2009/07/14 02:01:02 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=A9D601643A1647211A1EE2EC4E433FF4 -- C:\Windows\SysWow64\DriverStore\FileRepository\flpydisk.inf_amd64_neutral_f54222cc59267e1e\sfloppy.sys
[2009/07/14 02:01:02 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=A9D601643A1647211A1EE2EC4E433FF4 -- C:\Windows\winsxs\amd64_flpydisk.inf_31bf3856ad364e35_6.1.7600.16385_none_42ff01d4942cc5ea\sfloppy.sys
[color=#A23BEC]< MD5 for: TCPIP.SYS  >[/color]
[2010/06/14 08:39:16 | 001,889,152 | ---- | M] (Microsoft Corporation) MD5=542C6767C68C9D6AAACA59436B0D15C2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079\tcpip.sys
[2010/06/14 08:37:36 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59b7ad7fe2fcc8\tcpip.sys
[2009/07/14 03:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
[color=#A23BEC]< MD5 for: TDPIPE.SYS  >[/color]
[2009/07/14 02:16:32 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=3371D21011695B16333A3934340C4E7C -- C:\Windows\winsxs\\tdpipe.sys
[color=#A23BEC]< MD5 for: TDTCP.SYS  >[/color]
[2009/07/14 02:16:32 | 000,023,552 | ---- | M] (Microsoft Corporation) MD5=E4245BDA3190A582D55ED09E137401A9 -- C:\Windows\winsxs\\tdtcp.sys
[color=#A23BEC]< MD5 for: USBPRINT.SYS  >[/color]
[2009/07/14 02:38:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=73188F58FB384E75C4063D29413CEE3D -- C:\Windows\SysWow64\DriverStore\FileRepository\usbprint.inf_amd64_neutral_54948be2bc4bcdd1\usbprint.sys
[2009/07/14 02:38:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=73188F58FB384E75C4063D29413CEE3D -- C:\Windows\winsxs\amd64_usbprint.inf_31bf3856ad364e35_6.1.7600.16385_none_8eeeb411db1b01c5\usbprint.sys
[color=#A23BEC]< MD5 for: USBSCAN.SYS  >[/color]
[2009/07/14 02:35:32 | 000,041,984 | ---- | M] (Microsoft Corporation) MD5=AAA2513C8AED8B54B189FD0C6B1634C0 -- C:\Windows\SysWow64\DriverStore\FileRepository\sti.inf_amd64_neutral_9d9a7113099a28a2\usbscan.sys
[2009/07/14 02:35:32 | 000,041,984 | ---- | M] (Microsoft Corporation) MD5=AAA2513C8AED8B54B189FD0C6B1634C0 -- C:\Windows\winsxs\amd64_sti.inf_31bf3856ad364e35_6.1.7600.16385_none_b5d3c30ffa77a77a\usbscan.sys
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles  >[/color]

< End of report >
[2010/08/25 19:52:07 | 003,932,160 | -HS- | M] () -- C:\Users\Riou Sébastien\ntuser.dat
[2010/08/25 19:52:07 | 000,262,144 | -HS- | M] () -- C:\Users\Riou Sébastien\ntuser.dat.LOG1
[2010/08/25 19:17:34 | 000,000,000 | R--D | M] -- C:\Users\Riou Sébastien\Desktop
[2010/08/25 19:09:11 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Local\Temp
[2010/08/25 19:04:52 | 000,000,000 | R--D | M] -- C:\Users\Riou Sébastien\Downloads
[2010/08/25 19:04:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/25 19:02:52 | 001,291,340 | -H-- | M] () -- C:\Users\Riou Sébastien\AppData\Local\IconCache.db
[2010/08/25 19:01:08 | 000,000,322 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/08/25 19:00:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox
[2010/08/25 18:58:22 | 000,033,570 | ---- | M] () -- C:\ProgramData\lxedscan.log
[2010/08/25 18:58:20 | 000,001,078 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/25 18:58:15 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/25 18:42:04 | 000,000,216 | -H-- | M] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2010/08/25 18:14:07 | 000,001,082 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/25 11:33:16 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Riou Sébastien\Desktop\OTL.exe
[2010/08/24 14:54:21 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Malwarebytes
[2010/08/24 14:54:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/08/24 14:54:17 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/24 14:54:14 | 000,000,000 | ---D | M] -- C:\ProgramData\Malwarebytes
[2010/08/24 14:32:05 | 000,363,520 | ---- | M] () -- C:\Users\Riou Sébastien\Desktop\
[2010/08/23 23:39:54 | 000,000,000 | ---D | M] -- C:\ProgramData\3ef1bc1
[2010/08/23 18:49:42 | 001,084,416 | ---- | M] () -- C:\Users\Riou Sébastien\AppData\Local\43278680.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzaf.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzae.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzad.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzac.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzab.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzaa.exe
[2010/08/23 14:11:24 | 000,000,000 | R--D | M] -- C:\Users\Riou Sébastien\Videos
[2010/08/20 15:18:57 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\vlc
[2010/08/20 15:15:29 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\TuneUpMedia
[2010/08/20 15:15:03 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Mozilla
[2010/08/20 15:14:56 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Local\VirtualStore
[2010/08/19 13:12:48 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\dvdcss
[2010/08/19 13:12:10 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Azureus
[2010/08/19 12:53:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\TuneUpMedia

[2010/08/19 12:53:02 | 000,000,000 | ---D | M] -- C:\ProgramData\TuneUpMedia
[2010/08/19 12:53:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\iTunes
[2010/08/19 12:52:43 | 000,000,000 | R--D | M] -- C:\Users\Riou Sébastien\Documents
[2010/08/19 12:51:34 | 000,001,852 | ---- | M] () -- C:\Users\Riou Sébastien\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2010/08/19 12:51:34 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[2010/08/19 12:51:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Vuze
[2010/08/19 12:51:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Vuze_Remote
[2010/08/19 12:51:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Conduit
[2010/08/19 12:48:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\BitTorrent
[2010/08/19 12:48:45 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\BitTorrent
[2010/08/16 17:59:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2010/08/15 20:15:10 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Skype
[2010/08/15 20:02:13 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\skypePM
[2010/08/09 08:09:20 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Local\Diagnostics
[2010/08/09 08:09:19 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Local\Microsoft
[2010/08/07 18:11:51 | 000,000,000 | R--D | M] -- C:\Users\Riou Sébastien\Searches
[2010/08/07 18:11:51 | 000,000,000 | R--D | M] -- C:\Users\Riou Sébastien\Saved Games
[2010/08/07 18:11:51 | 000,000,000 | R--D | M] -- C:\Users\Riou Sébastien\Pictures
[2010/08/07 18:11:51 | 000,000,000 | R--D | M] -- C:\Users\Riou Sébastien\Music
[2010/08/07 18:11:51 | 000,000,000 | R--D | M] -- C:\Users\Riou Sébastien\Links
[2010/08/07 18:11:51 | 000,000,000 | R--D | M] -- C:\Users\Riou Sébastien\Favorites
[2010/08/07 18:11:51 | 000,000,000 | R--D | M] -- C:\Users\Riou Sébastien\Contacts
[2010/07/28 22:40:16 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Local\Zylom Games
[2010/07/07 16:14:10 | 000,028,130 | ---- | M] () -- C:\ProgramData\lxedJSW.log
[2010/06/30 23:09:40 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2010/04/23 16:24:21 | 000,141,248 | ---- | M] () -- C:\Users\Riou Sébastien\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/04/05 12:28:38 | 000,000,252 | ---- | M] () -- C:\ProgramData\FastPics.log
[2010/04/05 12:20:00 | 000,000,077 | ---- | M] () -- C:\ProgramData\lxed.log
[2010/04/05 12:01:34 | 000,000,000 | ---- | M] () -- C:\ProgramData\cmn_upld.log
[2010/04/05 12:01:33 | 000,000,000 | ---- | M] () -- C:\ProgramData\LxWbGwLog.log
[2010/04/05 12:01:19 | 000,000,000 | ---- | M] () -- C:\ProgramData\UpdaterLog.txt
[2009/07/14 06:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
[1 C:\Users\Riou Sébastien\Desktop\*.tmp files -> C:\Users\Riou Sébastien\Desktop\*.tmp -> ]
[color=#E56717]========== Files - Modified Within 7 Days ==========[/color]
[2010/08/25 19:52:29 | 003,932,160 | -HS- | M] () -- C:\Users\Riou Sébastien\ntuser.dat
[2010/08/25 19:04:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/25 19:03:47 | 1609,134,080 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/25 19:02:52 | 001,291,340 | -H-- | M] () -- C:\Users\Riou Sébastien\AppData\Local\IconCache.db
[2010/08/25 19:01:08 | 000,000,322 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/08/25 18:58:20 | 000,001,078 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/25 18:58:15 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/25 18:42:04 | 000,000,216 | -H-- | M] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2010/08/25 18:14:07 | 000,001,082 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/25 11:33:16 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Riou Sébastien\Desktop\OTL.exe
[2010/08/24 14:54:17 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/24 14:32:05 | 000,363,520 | ---- | M] () -- C:\Users\Riou Sébastien\Desktop\
[2010/08/23 18:49:42 | 001,084,416 | ---- | M] () -- C:\Users\Riou Sébastien\AppData\Local\43278680.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzaf.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzae.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzad.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzac.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzab.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzaa.exe
[2010/08/19 12:51:34 | 000,001,852 | ---- | M] () -- C:\Users\Riou Sébastien\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2010/08/19 12:51:34 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[1 C:\Users\Riou Sébastien\Desktop\*.tmp files -> C:\Users\Riou Sébastien\Desktop\*.tmp -> ]
[color=#E56717]========== LOP Check ==========[/color]
[2010/01/14 16:42:01 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\ArchiFacile
[2010/02/01 13:15:18 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Autodesk
[2010/08/19 13:12:10 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Azureus
[2010/08/19 12:48:45 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\BitTorrent
[2009/12/28 19:48:31 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\DAEMON Tools Lite
[2010/01/12 17:59:49 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Foxit
[2010/05/25 10:24:53 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Foxit Software
[2010/05/28 17:47:07 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\PDF Software
[2010/01/11 12:33:47 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Peace Craft
[2010/08/20 15:15:29 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\TuneUpMedia
[2010/07/05 12:13:54 | 000,032,496 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/08/25 19:01:08 | 000,000,322 | -H-- | M] () -- C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/08/25 18:42:04 | 000,000,216 | -H-- | M] () -- C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[color=#E56717]========== Purity Check ==========[/color]
[color=#E56717]========== Custom Scans ==========[/color]
[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]
[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*. >[/color]
[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.exe /s >[/color]
[color=#A23BEC]< %APPDATA%\*. >[/color]
[2010/05/26 22:41:06 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Adobe
[2010/02/23 21:31:20 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Apple Computer
[2010/01/14 16:42:01 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\ArchiFacile
[2010/02/01 13:15:18 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Autodesk
[2010/08/19 13:12:10 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Azureus
[2010/08/19 12:48:45 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\BitTorrent
[2009/12/28 19:48:31 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\DAEMON Tools Lite
[2010/08/19 13:12:48 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\dvdcss
[2010/01/12 17:59:49 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Foxit
[2010/05/25 10:24:53 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Foxit Software
[2010/01/13 15:38:22 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Google
[2010/07/08 11:34:11 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Identities
[2010/01/03 16:18:29 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Macromedia
[2010/08/24 14:54:21 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Malwarebytes
[2009/07/14 17:35:05 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Media Center Programs
[2010/04/28 15:23:33 | 000,000,000 | --SD | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Microsoft
[2010/08/20 15:15:03 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Mozilla
[2009/12/28 20:25:42 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Nero
[2010/05/28 17:47:07 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\PDF Software
[2010/01/11 12:33:47 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Peace Craft
[2010/08/15 20:15:10 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Skype
[2010/08/15 20:02:13 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\skypePM
[2010/08/20 15:15:29 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\TuneUpMedia
[2010/08/20 15:18:57 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\vlc
[2010/01/01 13:10:28 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\WinRAR
[color=#A23BEC]< %APPDATA%\*.exe /s >[/color]
[2010/08/19 13:07:44 | 004,177,856 | ---- | M] () -- C:\Users\Riou Sébastien\AppData\Roaming\Azureus\plugins\azemp\vuzeplayer.exe
[2010/08/19 12:52:21 | 000,310,208 | ---- | M] (Georgia Institute of Technology) -- C:\Users\Riou Sébastien\AppData\Roaming\Azureus\plugins\mlab\ShaperProbeC.exe
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
[color=#A23BEC]< MD5 for: AGP440.SYS  >[/color]
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[color=#A23BEC]< MD5 for: ATAPI.SYS  >[/color]
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[color=#A23BEC]< MD5 for: CDROM.SYS  >[/color]
[2009/07/14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysWow64\DriverStore\FileRepository\cdrom.inf_amd64_neutral_8363d00ecae4322d\cdrom.sys
[2009/07/14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys
[color=#A23BEC]< MD5 for: CNGAUDIT.DLL  >[/color]
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
[color=#A23BEC]< MD5 for: DISK.SYS  >[/color]
[2009/07/14 03:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysWow64\DriverStore\FileRepository\disk.inf_amd64_neutral_10ce25bbc5a9cc43\disk.sys
[2009/07/14 03:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_55bb738b8ddd8a01\disk.sys
[color=#A23BEC]< MD5 for: IASTORV.SYS  >[/color]
[2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
[color=#A23BEC]< MD5 for: NDIS.SYS  >[/color]
[2009/07/14 03:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys
[color=#A23BEC]< MD5 for: NETLOGON.DLL  >[/color]
[2009/07/14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
[color=#A23BEC]< MD5 for: NVSTOR.SYS  >[/color]
[2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[color=#A23BEC]< MD5 for: RASACD.SYS  >[/color]
[2009/07/14 02:10:09 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=5A0DA8AD5762FA2D91678A8A01311704 -- C:\Windows\winsxs\amd64_microsoft-windows-rasautodial_31bf3856ad364e35_6.1.7600.16385_none_6bcef05d7f04260a\rasacd.sys
[color=#A23BEC]< MD5 for: RDPWD.SYS  >[/color]
[2009/07/14 02:16:48 | 000,204,800 | ---- | M] (Microsoft Corporation) MD5=8A3E6BEA1C53EA6177FE2B6EBA2C80D7 -- C:\Windows\winsxs\amd64_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7600.16385_none_a76a79eeeeb38f01\rdpwd.sys
[color=#A23BEC]< MD5 for: SCECLI.DLL  >[/color]
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[color=#A23BEC]< MD5 for: SFLOPPY.SYS  >[/color]
[2009/07/14 02:01:02 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=A9D601643A1647211A1EE2EC4E433FF4 -- C:\Windows\SysWow64\DriverStore\FileRepository\flpydisk.inf_amd64_neutral_f54222cc59267e1e\sfloppy.sys
[2009/07/14 02:01:02 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=A9D601643A1647211A1EE2EC4E433FF4 -- C:\Windows\winsxs\amd64_flpydisk.inf_31bf3856ad364e35_6.1.7600.16385_none_42ff01d4942cc5ea\sfloppy.sys
[color=#A23BEC]< MD5 for: TCPIP.SYS  >[/color]
[2010/06/14 08:39:16 | 001,889,152 | ---- | M] (Microsoft Corporation) MD5=542C6767C68C9D6AAACA59436B0D15C2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079\tcpip.sys
[2010/06/14 08:37:36 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59b7ad7fe2fcc8\tcpip.sys
[2009/07/14 03:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
[color=#A23BEC]< MD5 for: TDPIPE.SYS  >[/color]
[2009/07/14 02:16:32 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=3371D21011695B16333A3934340C4E7C -- C:\Windows\winsxs\\tdpipe.sys
[color=#A23BEC]< MD5 for: TDTCP.SYS  >[/color]
[2009/07/14 02:16:32 | 000,023,552 | ---- | M] (Microsoft Corporation) MD5=E4245BDA3190A582D55ED09E137401A9 -- C:\Windows\winsxs\\tdtcp.sys
[color=#A23BEC]< MD5 for: USBPRINT.SYS  >[/color]
[2009/07/14 02:38:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=73188F58FB384E75C4063D29413CEE3D -- C:\Windows\SysWow64\DriverStore\FileRepository\usbprint.inf_amd64_neutral_54948be2bc4bcdd1\usbprint.sys
[2009/07/14 02:38:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=73188F58FB384E75C4063D29413CEE3D -- C:\Windows\winsxs\amd64_usbprint.inf_31bf3856ad364e35_6.1.7600.16385_none_8eeeb411db1b01c5\usbprint.sys
[color=#A23BEC]< MD5 for: USBSCAN.SYS  >[/color]
[2009/07/14 02:35:32 | 000,041,984 | ---- | M] (Microsoft Corporation) MD5=AAA2513C8AED8B54B189FD0C6B1634C0 -- C:\Windows\SysWow64\DriverStore\FileRepository\sti.inf_amd64_neutral_9d9a7113099a28a2\usbscan.sys
[2009/07/14 02:35:32 | 000,041,984 | ---- | M] (Microsoft Corporation) MD5=AAA2513C8AED8B54B189FD0C6B1634C0 -- C:\Windows\winsxs\amd64_sti.inf_31bf3856ad364e35_6.1.7600.16385_none_b5d3c30ffa77a77a\usbscan.sys
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles  >[/color]

< End of report >
SRV:[b]64bit:[/b] - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV:[b]64bit:[/b] - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV:[b]64bit:[/b] - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV:[b]64bit:[/b] - (lxed_device) -- C:\Windows\SysNative\lxedcoms.exe ( )
SRV:[b]64bit:[/b] - (lxedCATSCustConnectService) -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxedserv.exe ()
SRV:[b]64bit:[/b] - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Macrovision Europe Ltd.)
SRV:[b]64bit:[/b] - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (NVIDIA Performance Driver Service) -- C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe ()
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (Application Updater) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (lxed_device) -- C:\Windows\SysWow64\lxedcoms.exe ( )
SRV - (MDM) -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2E AA C4 DE F3 87 CA 01  [binary data]
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

Rapport divisé, suite
[color=#E56717]========== FireFox ==========[/color]
FF - "Yahoo"
FF - "Google Powered Search"
FF - "{searchTerms}"
FF - "chr-greentree_ff&type=302398"
FF - "Yahoo"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: radiobar@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:
FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:
FF - prefs.js..keyword.URL: ""
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/07/23 20:16:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/07/23 20:16:45 | 000,000,000 | ---D | M]
[2010/01/03 16:00:19 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\mozilla\Extensions
[2010/08/23 16:00:30 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\mozilla\Firefox\Profiles\xbzwzwe7.default\extensions
[2010/08/03 14:11:49 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Riou Sébastien\AppData\Roaming\mozilla\Firefox\Profiles\xbzwzwe7.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/08/19 12:51:10 | 000,000,000 | ---D | M] (Vuze Remote Toolbar) -- C:\Users\Riou Sébastien\AppData\Roaming\mozilla\Firefox\Profiles\xbzwzwe7.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2010/07/22 18:16:44 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\mozilla\Firefox\Profiles\xbzwzwe7.default\extensions\radiobar@toolbar
[2010/08/19 12:54:16 | 000,000,911 | ---- | M] () -- C:\Users\Riou Sébastien\AppData\Roaming\Mozilla\FireFox\Profiles\xbzwzwe7.default\searchplugins\conduit.xml
[2010/06/30 23:03:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/06/30 23:03:10 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/05/25 08:38:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/12 17:59:34 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2010/04/07 19:33:01 | 000,001,516 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/04/07 19:33:01 | 000,001,822 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/04/07 19:33:01 | 000,000,757 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/04/07 19:33:01 | 000,001,426 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/04/07 19:33:01 | 000,000,652 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-france.xml
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Lexmark Barre d'outils) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Lexmark Barre d'outils) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\..\Toolbar\WebBrowser: (Lexmark Barre d'outils) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000..\Run: [Metropolis] C:\Users\RIOUSB~1\AppData\Local\Temp\sshnas21.DLL File not found
O4 - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000..\Run: [XBV6RD5SZF] C:\Users\Riou Sébastien\AppData\Local\Temp\Ul1.exe (ApexDC++ Development Team)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000..\RunOnce: [43278680] C:\Users\Riou Sébastien\AppData\Local\43278680.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer =
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1ea19335-078e-11df-b2f0-001a6b7622c5}\Shell - "" = AutoRun
O33 - MountPoints2\{1ea19335-078e-11df-b2f0-001a6b7622c5}\Shell\AutoRun\command - "" = F:\WD SmartWare.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\ [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
[color=#E56717]========== Files/Folders - Created Within 7 Days ==========[/color]
[2010/08/25 11:33:10 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Riou Sébastien\Desktop\OTL.exe
[2010/08/25 11:15:19 | 000,194,560 | ---- | C] (ApexDC++ Development Team) -- C:\Windows\Umuzaf.exe
[2010/08/24 15:37:19 | 000,194,560 | ---- | C] (ApexDC++ Development Team) -- C:\Windows\Umuzae.exe
[2010/08/24 14:54:21 | 000,000,000 | ---D | C] -- C:\Users\Riou Sébastien\AppData\Roaming\Malwarebytes
[2010/08/24 14:54:15 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/08/24 14:54:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/08/24 14:54:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/08/24 14:27:36 | 000,194,560 | ---- | C] (ApexDC++ Development Team) -- C:\Windows\Umuzad.exe
[2010/08/23 23:39:54 | 000,000,000 | ---D | C] -- C:\ProgramData\3ef1bc1
[2010/08/23 23:38:12 | 000,194,560 | ---- | C] (ApexDC++ Development Team) -- C:\Windows\Umuzac.exe
[2010/08/23 23:10:15 | 000,194,560 | ---- | C] (ApexDC++ Development Team) -- C:\Windows\Umuzab.exe
[2010/08/23 22:54:16 | 000,194,560 | ---- | C] (ApexDC++ Development Team) -- C:\Windows\Umuzaa.exe
[2010/08/19 12:52:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUpMedia
[2010/08/19 12:52:48 | 000,000,000 | ---D | C] -- C:\Users\Riou Sébastien\AppData\Roaming\TuneUpMedia
[2010/08/19 12:52:45 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUpMedia
[2010/08/19 12:52:43 | 000,000,000 | ---D | C] -- C:\Users\Riou Sébastien\Documents\Vuze Downloads
[2010/08/19 12:51:49 | 000,000,000 | ---D | C] -- C:\Users\Riou Sébastien\AppData\Roaming\Azureus
[2010/08/19 12:51:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vuze
[2010/08/19 12:51:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2010/08/19 12:51:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vuze_Remote
[2010/04/05 12:06:38 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedinpa.dll
[2010/04/05 12:06:38 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lxediesc.dll
[2010/04/05 12:06:37 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedserv.dll
[2010/04/05 12:06:37 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedusb1.dll
[2010/04/05 12:06:37 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedcomc.dll
[2010/04/05 12:06:37 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedhbn3.dll
[2010/04/05 12:06:37 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedpmui.dll
[2010/04/05 12:06:37 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedlmpm.dll
[2010/04/05 12:06:37 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedcomm.dll
[1 C:\Users\Riou Sébastien\Desktop\*.tmp files -> C:\Users\Riou Sébastien\Desktop\*.tmp -> ]
[color=#E56717]========== Files - Modified Within 7 Days ==========[/color]
[2010/08/25 19:59:00 | 003,932,160 | -HS- | M] () -- C:\Users\Riou Sébastien\ntuser.dat
[2010/08/25 19:04:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/25 19:03:47 | 1609,134,080 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/25 19:02:52 | 001,291,340 | -H-- | M] () -- C:\Users\Riou Sébastien\AppData\Local\IconCache.db
[2010/08/25 19:01:08 | 000,000,322 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/08/25 18:58:20 | 000,001,078 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/25 18:58:15 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/25 18:42:04 | 000,000,216 | -H-- | M] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2010/08/25 18:14:07 | 000,001,082 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/25 11:33:16 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Riou Sébastien\Desktop\OTL.exe
[2010/08/24 14:54:17 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/24 14:32:05 | 000,363,520 | ---- | M] () -- C:\Users\Riou Sébastien\Desktop\
[2010/08/23 18:49:42 | 001,084,416 | ---- | M] () -- C:\Users\Riou Sébastien\AppData\Local\43278680.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzaf.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzae.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzad.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzac.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzab.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzaa.exe
[2010/08/19 12:51:34 | 000,001,852 | ---- | M] () -- C:\Users\Riou Sébastien\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2010/08/19 12:51:34 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[1 C:\Users\Riou Sébastien\Desktop\*.tmp files -> C:\Users\Riou Sébastien\Desktop\*.tmp -> ]
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2010/08/24 14:54:17 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/24 14:32:03 | 000,363,520 | ---- | C] () -- C:\Users\Riou Sébastien\Desktop\
[2010/08/23 18:49:42 | 001,084,416 | ---- | C] () -- C:\Users\Riou Sébastien\AppData\Local\43278680.exe
[2010/08/23 18:48:29 | 000,000,322 | -H-- | C] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/08/23 18:48:22 | 000,000,216 | -H-- | C] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2010/08/19 12:51:34 | 000,001,852 | ---- | C] () -- C:\Users\Riou Sébastien\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2010/08/19 12:51:34 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\Vuze.lnk
[2010/06/30 23:09:40 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/04/05 12:28:59 | 000,028,130 | ---- | C] () -- C:\ProgramData\lxedJSW.log
[2010/04/05 12:28:38 | 000,000,252 | ---- | C] () -- C:\ProgramData\FastPics.log
[2010/04/05 12:20:00 | 000,000,077 | ---- | C] () -- C:\ProgramData\lxed.log
[2010/04/05 12:08:12 | 000,033,570 | ---- | C] () -- C:\ProgramData\lxedscan.log
[2010/04/05 12:06:38 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxedcomx.dll
[2010/04/05 12:06:38 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\LXEDinst.dll
[2010/04/05 12:06:38 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\lxedinsr.dll
[2010/04/05 12:06:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxedjswr.dll
[2010/04/05 12:06:38 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxedcur.dll
[2010/04/05 12:06:37 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxedins.dll
[2010/04/05 12:06:37 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxedinsb.dll
[2010/04/05 12:06:37 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxedcu.dll
[2010/04/05 12:06:37 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxedcub.dll
[2010/04/05 12:01:34 | 000,000,000 | ---- | C] () -- C:\ProgramData\cmn_upld.log
[2010/04/05 12:01:33 | 000,000,000 | ---- | C] () -- C:\ProgramData\LxWbGwLog.log
[2010/04/05 12:01:19 | 000,000,000 | ---- | C] () -- C:\ProgramData\UpdaterLog.txt
[2010/04/05 12:01:04 | 000,024,064 | ---- | C] () -- C:\Windows\SysWow64\LXEDsmr.dll
[2010/04/05 12:01:03 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\LXEDsm.dll
[2009/12/27 18:03:45 | 001,503,232 | ---- | C] () -- C:\Windows\SysWow64\nView.dll
[2009/12/27 18:03:45 | 001,101,824 | ---- | C] () -- C:\Windows\SysWow64\nvwimg.dll
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[color=#E56717]========== LOP Check ==========[/color]
[2010/01/14 16:42:01 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\ArchiFacile
[2010/02/01 13:15:18 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Autodesk
[2010/08/19 13:12:10 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Azureus
[2010/08/19 12:48:45 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\BitTorrent
[2009/12/28 19:48:31 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\DAEMON Tools Lite
[2010/01/12 17:59:49 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Foxit
[2010/05/25 10:24:53 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Foxit Software
[2010/05/28 17:47:07 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\PDF Software
[2010/01/11 12:33:47 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Peace Craft
[2010/08/20 15:15:29 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\TuneUpMedia
[2010/07/05 12:13:54 | 000,032,496 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/08/25 19:01:08 | 000,000,322 | -H-- | M] () -- C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/08/25 18:42:04 | 000,000,216 | -H-- | M] () -- C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[color=#E56717]========== Purity Check ==========[/color]
[color=#E56717]========== Custom Scans ==========[/color]
[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]
[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*. >[/color]
[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.exe /s >[/color]
[color=#A23BEC]< %APPDATA%\*. >[/color]
[2010/05/26 22:41:06 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Adobe
[2010/02/23 21:31:20 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Apple Computer
[2010/01/14 16:42:01 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\ArchiFacile
[2010/02/01 13:15:18 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Autodesk
[2010/08/19 13:12:10 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Azureus
[2010/08/19 12:48:45 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\BitTorrent
[2009/12/28 19:48:31 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\DAEMON Tools Lite
[2010/08/19 13:12:48 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\dvdcss
[2010/01/12 17:59:49 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Foxit
[2010/05/25 10:24:53 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Foxit Software
[2010/01/13 15:38:22 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Google
[2010/07/08 11:34:11 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Identities
[2010/01/03 16:18:29 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Macromedia
[2010/08/24 14:54:21 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Malwarebytes
[2009/07/14 17:35:05 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Media Center Programs
[2010/04/28 15:23:33 | 000,000,000 | --SD | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Microsoft
[2010/08/20 15:15:03 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Mozilla
[2009/12/28 20:25:42 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Nero
[2010/05/28 17:47:07 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\PDF Software
[2010/01/11 12:33:47 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Peace Craft
[2010/08/15 20:15:10 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Skype
[2010/08/15 20:02:13 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\skypePM
[2010/08/20 15:15:29 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\TuneUpMedia
[2010/08/20 15:18:57 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\vlc
[2010/01/01 13:10:28 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\WinRAR
[color=#A23BEC]< %APPDATA%\*.exe /s >[/color]
[2010/08/19 13:07:44 | 004,177,856 | ---- | M] () -- C:\Users\Riou Sébastien\AppData\Roaming\Azureus\plugins\azemp\vuzeplayer.exe
[2010/08/19 12:52:21 | 000,310,208 | ---- | M] (Georgia Institute of Technology) -- C:\Users\Riou Sébastien\AppData\Roaming\Azureus\plugins\mlab\ShaperProbeC.exe
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
[color=#A23BEC]< MD5 for: AGP440.SYS  >[/color]
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[color=#A23BEC]< MD5 for: ATAPI.SYS  >[/color]
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[color=#A23BEC]< MD5 for: CDROM.SYS  >[/color]
[2009/07/14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysWow64\DriverStore\FileRepository\cdrom.inf_amd64_neutral_8363d00ecae4322d\cdrom.sys
[2009/07/14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys

[color=#A23BEC]< MD5 for: CNGAUDIT.DLL  >[/color]
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
[color=#A23BEC]< MD5 for: DISK.SYS  >[/color]
[2009/07/14 03:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysWow64\DriverStore\FileRepository\disk.inf_amd64_neutral_10ce25bbc5a9cc43\disk.sys
[2009/07/14 03:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_55bb738b8ddd8a01\disk.sys
[color=#A23BEC]< MD5 for: IASTORV.SYS  >[/color]
[2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
[color=#A23BEC]< MD5 for: NDIS.SYS  >[/color]
[2009/07/14 03:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys
[color=#A23BEC]< MD5 for: NETLOGON.DLL  >[/color]
[2009/07/14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
[color=#A23BEC]< MD5 for: NVSTOR.SYS  >[/color]
[2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[color=#A23BEC]< MD5 for: RASACD.SYS  >[/color]
[2009/07/14 02:10:09 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=5A0DA8AD5762FA2D91678A8A01311704 -- C:\Windows\winsxs\amd64_microsoft-windows-rasautodial_31bf3856ad364e35_6.1.7600.16385_none_6bcef05d7f04260a\rasacd.sys
[color=#A23BEC]< MD5 for: RDPWD.SYS  >[/color]
[2009/07/14 02:16:48 | 000,204,800 | ---- | M] (Microsoft Corporation) MD5=8A3E6BEA1C53EA6177FE2B6EBA2C80D7 -- C:\Windows\winsxs\amd64_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7600.16385_none_a76a79eeeeb38f01\rdpwd.sys
[color=#A23BEC]< MD5 for: SCECLI.DLL  >[/color]
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[color=#A23BEC]< MD5 for: SFLOPPY.SYS  >[/color]
[2009/07/14 02:01:02 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=A9D601643A1647211A1EE2EC4E433FF4 -- C:\Windows\SysWow64\DriverStore\FileRepository\flpydisk.inf_amd64_neutral_f54222cc59267e1e\sfloppy.sys
[2009/07/14 02:01:02 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=A9D601643A1647211A1EE2EC4E433FF4 -- C:\Windows\winsxs\amd64_flpydisk.inf_31bf3856ad364e35_6.1.7600.16385_none_42ff01d4942cc5ea\sfloppy.sys
[color=#A23BEC]< MD5 for: TCPIP.SYS  >[/color]
[2010/06/14 08:39:16 | 001,889,152 | ---- | M] (Microsoft Corporation) MD5=542C6767C68C9D6AAACA59436B0D15C2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079\tcpip.sys
[2010/06/14 08:37:36 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59b7ad7fe2fcc8\tcpip.sys
[2009/07/14 03:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
[color=#A23BEC]< MD5 for: TDPIPE.SYS  >[/color]
[2009/07/14 02:16:32 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=3371D21011695B16333A3934340C4E7C -- C:\Windows\winsxs\\tdpipe.sys
[color=#A23BEC]< MD5 for: TDTCP.SYS  >[/color]
[2009/07/14 02:16:32 | 000,023,552 | ---- | M] (Microsoft Corporation) MD5=E4245BDA3190A582D55ED09E137401A9 -- C:\Windows\winsxs\\tdtcp.sys
[color=#A23BEC]< MD5 for: USBPRINT.SYS  >[/color]
[2009/07/14 02:38:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=73188F58FB384E75C4063D29413CEE3D -- C:\Windows\SysWow64\DriverStore\FileRepository\usbprint.inf_amd64_neutral_54948be2bc4bcdd1\usbprint.sys
[2009/07/14 02:38:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=73188F58FB384E75C4063D29413CEE3D -- C:\Windows\winsxs\amd64_usbprint.inf_31bf3856ad364e35_6.1.7600.16385_none_8eeeb411db1b01c5\usbprint.sys
[color=#A23BEC]< MD5 for: USBSCAN.SYS  >[/color]
[2009/07/14 02:35:32 | 000,041,984 | ---- | M] (Microsoft Corporation) MD5=AAA2513C8AED8B54B189FD0C6B1634C0 -- C:\Windows\SysWow64\DriverStore\FileRepository\sti.inf_amd64_neutral_9d9a7113099a28a2\usbscan.sys
[2009/07/14 02:35:32 | 000,041,984 | ---- | M] (Microsoft Corporation) MD5=AAA2513C8AED8B54B189FD0C6B1634C0 -- C:\Windows\winsxs\amd64_sti.inf_31bf3856ad364e35_6.1.7600.16385_none_b5d3c30ffa77a77a\usbscan.sys
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles  >[/color]

< End of report >
[2010/08/19 12:54:16 | 000,000,911 | ---- | M] () -- C:\Users\Riou Sébastien\AppData\Roaming\Mozilla\FireFox\Profiles\xbzwzwe7.default\searchplugins\conduit.xml
[2010/06/30 23:03:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/06/30 23:03:10 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/05/25 08:38:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/12 17:59:34 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2010/04/07 19:33:01 | 000,001,516 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/04/07 19:33:01 | 000,001,822 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/04/07 19:33:01 | 000,000,757 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/04/07 19:33:01 | 000,001,426 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/04/07 19:33:01 | 000,000,652 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-france.xml
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Lexmark Barre d'outils) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Lexmark Barre d'outils) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
SRV:[b]64bit:[/b] - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV:[b]64bit:[/b] - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV:[b]64bit:[/b] - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV:[b]64bit:[/b] - (lxed_device) -- C:\Windows\SysNative\lxedcoms.exe ( )
SRV:[b]64bit:[/b] - (lxedCATSCustConnectService) -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxedserv.exe ()
SRV:[b]64bit:[/b] - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Macrovision Europe Ltd.)
SRV:[b]64bit:[/b] - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (NVIDIA Performance Driver Service) -- C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe ()
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (Application Updater) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (lxed_device) -- C:\Windows\SysWow64\lxedcoms.exe ( )
SRV - (MDM) -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2E AA C4 DE F3 87 CA 01  [binary data]
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
[color=#E56717]========== FireFox ==========[/color]
FF - "Yahoo"
FF - "Google Powered Search"
FF - "{searchTerms}"
FF - "chr-greentree_ff&type=302398"
FF - "Yahoo"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: radiobar@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:
FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:
FF - prefs.js..keyword.URL: ""
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/07/23 20:16:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/07/23 20:16:45 | 000,000,000 | ---D | M]
[2010/01/03 16:00:19 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\mozilla\Extensions
[2010/08/23 16:00:30 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\mozilla\Firefox\Profiles\xbzwzwe7.default\extensions
[2010/08/03 14:11:49 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Riou Sébastien\AppData\Roaming\mozilla\Firefox\Profiles\xbzwzwe7.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/08/19 12:51:10 | 000,000,000 | ---D | M] (Vuze Remote Toolbar) -- C:\Users\Riou Sébastien\AppData\Roaming\mozilla\Firefox\Profiles\xbzwzwe7.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2010/07/22 18:16:44 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\mozilla\Firefox\Profiles\xbzwzwe7.default\extensions\radiobar@toolbar
[2010/08/19 12:54:16 | 000,000,911 | ---- | M] () -- C:\Users\Riou Sébastien\AppData\Roaming\Mozilla\FireFox\Profiles\xbzwzwe7.default\searchplugins\conduit.xml
[2010/06/30 23:03:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/06/30 23:03:10 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/05/25 08:38:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/12 17:59:34 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2010/04/07 19:33:01 | 000,001,516 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/04/07 19:33:01 | 000,001,822 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/04/07 19:33:01 | 000,000,757 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/04/07 19:33:01 | 000,001,426 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/04/07 19:33:01 | 000,000,652 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-france.xml
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Lexmark Barre d'outils) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Lexmark Barre d'outils) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000\..\Toolbar\WebBrowser: (Lexmark Barre d'outils) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000..\Run: [Metropolis] C:\Users\RIOUSB~1\AppData\Local\Temp\sshnas21.DLL File not found
O4 - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000..\Run: [XBV6RD5SZF] C:\Users\Riou Sébastien\AppData\Local\Temp\Ul1.exe (ApexDC++ Development Team)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-21-1527295717-3595565964-2728690213-1000..\RunOnce: [43278680] C:\Users\Riou Sébastien\AppData\Local\43278680.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer =
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1ea19335-078e-11df-b2f0-001a6b7622c5}\Shell - "" = AutoRun
O33 - MountPoints2\{1ea19335-078e-11df-b2f0-001a6b7622c5}\Shell\AutoRun\command - "" = F:\WD SmartWare.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\ [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
[color=#E56717]========== Files/Folders - Created Within 7 Days ==========[/color]
[2010/08/25 11:33:10 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Riou Sébastien\Desktop\OTL.exe
[2010/08/25 11:15:19 | 000,194,560 | ---- | C] (ApexDC++ Development Team) -- C:\Windows\Umuzaf.exe
[2010/08/24 15:37:19 | 000,194,560 | ---- | C] (ApexDC++ Development Team) -- C:\Windows\Umuzae.exe
[2010/08/24 14:54:21 | 000,000,000 | ---D | C] -- C:\Users\Riou Sébastien\AppData\Roaming\Malwarebytes
[2010/08/24 14:54:15 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/08/24 14:54:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/08/24 14:54:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/08/24 14:27:36 | 000,194,560 | ---- | C] (ApexDC++ Development Team) -- C:\Windows\Umuzad.exe
[2010/08/23 23:39:54 | 000,000,000 | ---D | C] -- C:\ProgramData\3ef1bc1
[2010/08/23 23:38:12 | 000,194,560 | ---- | C] (ApexDC++ Development Team) -- C:\Windows\Umuzac.exe
[2010/08/23 23:10:15 | 000,194,560 | ---- | C] (ApexDC++ Development Team) -- C:\Windows\Umuzab.exe
[2010/08/23 22:54:16 | 000,194,560 | ---- | C] (ApexDC++ Development Team) -- C:\Windows\Umuzaa.exe
[2010/08/19 12:52:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUpMedia
[2010/08/19 12:52:48 | 000,000,000 | ---D | C] -- C:\Users\Riou Sébastien\AppData\Roaming\TuneUpMedia
[2010/08/19 12:52:45 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUpMedia
[2010/08/19 12:52:43 | 000,000,000 | ---D | C] -- C:\Users\Riou Sébastien\Documents\Vuze Downloads
[2010/08/19 12:51:49 | 000,000,000 | ---D | C] -- C:\Users\Riou Sébastien\AppData\Roaming\Azureus
[2010/08/19 12:51:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vuze
[2010/08/19 12:51:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2010/08/19 12:51:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vuze_Remote
[2010/04/05 12:06:38 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedinpa.dll
[2010/04/05 12:06:38 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lxediesc.dll
[2010/04/05 12:06:37 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedserv.dll
[2010/04/05 12:06:37 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedusb1.dll
[2010/04/05 12:06:37 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedcomc.dll
[2010/04/05 12:06:37 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedhbn3.dll
[2010/04/05 12:06:37 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedpmui.dll
[2010/04/05 12:06:37 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedlmpm.dll
[2010/04/05 12:06:37 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\lxedcomm.dll
[1 C:\Users\Riou Sébastien\Desktop\*.tmp files -> C:\Users\Riou Sébastien\Desktop\*.tmp -> ]
[color=#E56717]========== Files - Modified Within 7 Days ==========[/color]
[2010/08/25 20:37:13 | 003,932,160 | -HS- | M] () -- C:\Users\Riou Sébastien\ntuser.dat
[2010/08/25 19:04:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/25 19:03:47 | 1609,134,080 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/25 19:02:52 | 001,291,340 | -H-- | M] () -- C:\Users\Riou Sébastien\AppData\Local\IconCache.db
[2010/08/25 19:01:08 | 000,000,322 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/08/25 18:58:20 | 000,001,078 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/25 18:58:15 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/25 18:42:04 | 000,000,216 | -H-- | M] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2010/08/25 18:14:07 | 000,001,082 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/25 11:33:16 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Riou Sébastien\Desktop\OTL.exe
[2010/08/24 14:54:17 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/24 14:32:05 | 000,363,520 | ---- | M] () -- C:\Users\Riou Sébastien\Desktop\
[2010/08/23 18:49:42 | 001,084,416 | ---- | M] () -- C:\Users\Riou Sébastien\AppData\Local\43278680.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzaf.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzae.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzad.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzac.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzab.exe
[2010/08/23 18:48:18 | 000,194,560 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Umuzaa.exe
[2010/08/19 12:51:34 | 000,001,852 | ---- | M] () -- C:\Users\Riou Sébastien\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2010/08/19 12:51:34 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[1 C:\Users\Riou Sébastien\Desktop\*.tmp files -> C:\Users\Riou Sébastien\Desktop\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2010/08/24 14:54:17 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/24 14:32:03 | 000,363,520 | ---- | C] () -- C:\Users\Riou Sébastien\Desktop\
[2010/08/23 18:49:42 | 001,084,416 | ---- | C] () -- C:\Users\Riou Sébastien\AppData\Local\43278680.exe
[2010/08/23 18:48:29 | 000,000,322 | -H-- | C] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/08/23 18:48:22 | 000,000,216 | -H-- | C] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2010/08/19 12:51:34 | 000,001,852 | ---- | C] () -- C:\Users\Riou Sébastien\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2010/08/19 12:51:34 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\Vuze.lnk
[2010/06/30 23:09:40 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/04/05 12:28:59 | 000,028,130 | ---- | C] () -- C:\ProgramData\lxedJSW.log
[2010/04/05 12:28:38 | 000,000,252 | ---- | C] () -- C:\ProgramData\FastPics.log
[2010/04/05 12:20:00 | 000,000,077 | ---- | C] () -- C:\ProgramData\lxed.log
[2010/04/05 12:08:12 | 000,033,570 | ---- | C] () -- C:\ProgramData\lxedscan.log
[2010/04/05 12:06:38 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxedcomx.dll
[2010/04/05 12:06:38 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\LXEDinst.dll
[2010/04/05 12:06:38 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\lxedinsr.dll
[2010/04/05 12:06:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxedjswr.dll
[2010/04/05 12:06:38 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxedcur.dll
[2010/04/05 12:06:37 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxedins.dll
[2010/04/05 12:06:37 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxedinsb.dll
[2010/04/05 12:06:37 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxedcu.dll
[2010/04/05 12:06:37 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxedcub.dll
[2010/04/05 12:01:34 | 000,000,000 | ---- | C] () -- C:\ProgramData\cmn_upld.log
[2010/04/05 12:01:33 | 000,000,000 | ---- | C] () -- C:\ProgramData\LxWbGwLog.log
[2010/04/05 12:01:19 | 000,000,000 | ---- | C] () -- C:\ProgramData\UpdaterLog.txt
[2010/04/05 12:01:04 | 000,024,064 | ---- | C] () -- C:\Windows\SysWow64\LXEDsmr.dll
[2010/04/05 12:01:03 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\LXEDsm.dll
[2009/12/27 18:03:45 | 001,503,232 | ---- | C] () -- C:\Windows\SysWow64\nView.dll
[2009/12/27 18:03:45 | 001,101,824 | ---- | C] () -- C:\Windows\SysWow64\nvwimg.dll
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[color=#E56717]========== LOP Check ==========[/color]
[2010/01/14 16:42:01 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\ArchiFacile
[2010/02/01 13:15:18 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Autodesk
[2010/08/19 13:12:10 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Azureus
[2010/08/19 12:48:45 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\BitTorrent
[2009/12/28 19:48:31 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\DAEMON Tools Lite
[2010/01/12 17:59:49 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Foxit
[2010/05/25 10:24:53 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Foxit Software
[2010/05/28 17:47:07 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\PDF Software
[2010/01/11 12:33:47 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Peace Craft
[2010/08/20 15:15:29 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\TuneUpMedia
[2010/07/05 12:13:54 | 000,032,496 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/08/25 19:01:08 | 000,000,322 | -H-- | M] () -- C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/08/25 18:42:04 | 000,000,216 | -H-- | M] () -- C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[color=#E56717]========== Purity Check ==========[/color]
[color=#E56717]========== Custom Scans ==========[/color]
[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]
[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*. >[/color]
[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.exe /s >[/color]
[color=#A23BEC]< %APPDATA%\*. >[/color]
[2010/05/26 22:41:06 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Adobe
[2010/02/23 21:31:20 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Apple Computer
[2010/01/14 16:42:01 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\ArchiFacile
[2010/02/01 13:15:18 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Autodesk
[2010/08/19 13:12:10 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Azureus
[2010/08/19 12:48:45 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\BitTorrent
[2009/12/28 19:48:31 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\DAEMON Tools Lite
[2010/08/19 13:12:48 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\dvdcss
[2010/01/12 17:59:49 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Foxit
[2010/05/25 10:24:53 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Foxit Software
[2010/01/13 15:38:22 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Google
[2010/07/08 11:34:11 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Identities
[2010/01/03 16:18:29 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Macromedia
[2010/08/24 14:54:21 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Malwarebytes
[2009/07/14 17:35:05 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Media Center Programs
[2010/04/28 15:23:33 | 000,000,000 | --SD | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Microsoft
[2010/08/20 15:15:03 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Mozilla
[2009/12/28 20:25:42 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Nero
[2010/05/28 17:47:07 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\PDF Software
[2010/01/11 12:33:47 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Peace Craft
[2010/08/15 20:15:10 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\Skype
[2010/08/15 20:02:13 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\skypePM
[2010/08/20 15:15:29 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\TuneUpMedia
[2010/08/20 15:18:57 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\vlc
[2010/01/01 13:10:28 | 000,000,000 | ---D | M] -- C:\Users\Riou Sébastien\AppData\Roaming\WinRAR
[color=#A23BEC]< %APPDATA%\*.exe /s >[/color]
[2010/08/19 13:07:44 | 004,177,856 | ---- | M] () -- C:\Users\Riou Sébastien\AppData\Roaming\Azureus\plugins\azemp\vuzeplayer.exe
[2010/08/19 12:52:21 | 000,310,208 | ---- | M] (Georgia Institute of Technology) -- C:\Users\Riou Sébastien\AppData\Roaming\Azureus\plugins\mlab\ShaperProbeC.exe
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
[color=#A23BEC]< MD5 for: AGP440.SYS  >[/color]
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[color=#A23BEC]< MD5 for: ATAPI.SYS  >[/color]
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[color=#A23BEC]< MD5 for: CDROM.SYS  >[/color]
[2009/07/14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysWow64\DriverStore\FileRepository\cdrom.inf_amd64_neutral_8363d00ecae4322d\cdrom.sys
[2009/07/14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys
[color=#A23BEC]< MD5 for: CNGAUDIT.DLL  >[/color]
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
[color=#A23BEC]< MD5 for: DISK.SYS  >[/color]
[2009/07/14 03:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysWow64\DriverStore\FileRepository\disk.inf_amd64_neutral_10ce25bbc5a9cc43\disk.sys
[2009/07/14 03:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_55bb738b8ddd8a01\disk.sys
[color=#A23BEC]< MD5 for: IASTORV.SYS  >[/color]
[2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
[color=#A23BEC]< MD5 for: NDIS.SYS  >[/color]
[2009/07/14 03:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys
[color=#A23BEC]< MD5 for: NETLOGON.DLL  >[/color]
[2009/07/14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
[color=#A23BEC]< MD5 for: NVSTOR.SYS  >[/color]
[2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[color=#A23BEC]< MD5 for: RASACD.SYS  >[/color]
[2009/07/14 02:10:09 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=5A0DA8AD5762FA2D91678A8A01311704 -- C:\Windows\winsxs\amd64_microsoft-windows-rasautodial_31bf3856ad364e35_6.1.7600.16385_none_6bcef05d7f04260a\rasacd.sys
[color=#A23BEC]< MD5 for: RDPWD.SYS  >[/color]
[2009/07/14 02:16:48 | 000,204,800 | ---- | M] (Microsoft Corporation) MD5=8A3E6BEA1C53EA6177FE2B6EBA2C80D7 -- C:\Windows\winsxs\amd64_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7600.16385_none_a76a79eeeeb38f01\rdpwd.sys
[color=#A23BEC]< MD5 for: SCECLI.DLL  >[/color]
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[color=#A23BEC]< MD5 for: SFLOPPY.SYS  >[/color]
[2009/07/14 02:01:02 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=A9D601643A1647211A1EE2EC4E433FF4 -- C:\Windows\SysWow64\DriverStore\FileRepository\flpydisk.inf_amd64_neutral_f54222cc59267e1e\sfloppy.sys
[2009/07/14 02:01:02 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=A9D601643A1647211A1EE2EC4E433FF4 -- C:\Windows\winsxs\amd64_flpydisk.inf_31bf3856ad364e35_6.1.7600.16385_none_42ff01d4942cc5ea\sfloppy.sys
[color=#A23BEC]< MD5 for: TCPIP.SYS  >[/color]
[2010/06/14 08:39:16 | 001,889,152 | ---- | M] (Microsoft Corporation) MD5=542C6767C68C9D6AAACA59436B0D15C2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079\tcpip.sys
[2010/06/14 08:37:36 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59b7ad7fe2fcc8\tcpip.sys
[2009/07/14 03:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
[color=#A23BEC]< MD5 for: TDPIPE.SYS  >[/color]
[2009/07/14 02:16:32 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=3371D21011695B16333A3934340C4E7C -- C:\Windows\winsxs\\tdpipe.sys
[color=#A23BEC]< MD5 for: TDTCP.SYS  >[/color]
[2009/07/14 02:16:32 | 000,023,552 | ---- | M] (Microsoft Corporation) MD5=E4245BDA3190A582D55ED09E137401A9 -- C:\Windows\winsxs\\tdtcp.sys
[color=#A23BEC]< MD5 for: USBPRINT.SYS  >[/color]
[2009/07/14 02:38:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=73188F58FB384E75C4063D29413CEE3D -- C:\Windows\SysWow64\DriverStore\FileRepository\usbprint.inf_amd64_neutral_54948be2bc4bcdd1\usbprint.sys
[2009/07/14 02:38:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=73188F58FB384E75C4063D29413CEE3D -- C:\Windows\winsxs\amd64_usbprint.inf_31bf3856ad364e35_6.1.7600.16385_none_8eeeb411db1b01c5\usbprint.sys
[color=#A23BEC]< MD5 for: USBSCAN.SYS  >[/color]
[2009/07/14 02:35:32 | 000,041,984 | ---- | M] (Microsoft Corporation) MD5=AAA2513C8AED8B54B189FD0C6B1634C0 -- C:\Windows\SysWow64\DriverStore\FileRepository\sti.inf_amd64_neutral_9d9a7113099a28a2\usbscan.sys
[2009/07/14 02:35:32 | 000,041,984 | ---- | M] (Microsoft Corporation) MD5=AAA2513C8AED8B54B189FD0C6B1634C0 -- C:\Windows\winsxs\amd64_sti.inf_31bf3856ad364e35_6.1.7600.16385_none_b5d3c30ffa77a77a\usbscan.sys
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles  >[/color]

< End of report >
