Virus msn messenger

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:08:04, on 17/02/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\fxstaller.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr? [...] on&pf=cnnb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr? [...] on&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr? [...] on&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O1 - Hosts: 127.255.255.255 www.alcohol-soft.com
O1 - Hosts: 127.255.255.255 images.alcohol-soft.com
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll
O4 - HKLM\..\Run: [Windows UDP Control Center] fxstaller.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [5e0cd8dd] rundll32.exe "C:\Windows\system32\caxnfyrd.dll",b
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - C:\Program Files\Dassault Systemes\B11\intel_a\code\bin\CATSysDemon.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\STacSV.exe

--
End of file - 10549 bytes

Malwarebytes' Anti-Malware 1.34
Version de la base de données: 1771
Windows 6.0.6001 Service Pack 1

17/02/2009 20:51:08
mbam-log-2009-02-17 (20-51-08).txt

Type de recherche: Examen rapide
Eléments examinés: 61033
Temps écoulé: 2 minute(s), 33 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 5
Clé(s) du Registre infectée(s): 8
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 19

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\Windows\System32\caxnfyrd.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Windows\System32\mlJCRLEt.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Windows\System32\rqrpqnKe.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\nnNGXrRh.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\ddCRjIYo.dll (Trojan.Vundo) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3b038c32-2431-4551-abf3-f145da027443} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3b038c32-2431-4551-abf3-f145da027443} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3b038c32-2431-4551-abf3-f145da027443} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\5e0cd8dd (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msserver (Trojan.Vundo) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\mljcrlet -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\mljcrlet -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Windows\System32\mlJCRLEt.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Windows\System32\tELRCJlm.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\tELRCJlm.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\caxnfyrd.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Windows\System32\dryfnxac.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\rqrpqnKe.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\nnNGXrRh.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\ddCRjIYo.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\qoMGywuS.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\i.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Damien\AppData\Local\Temp\tmp00009858 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Damien\AppData\Local\Temp\tmp000288dd (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\fxstaller.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Windows\System32\senekapnceirvd.dll (Trojan.Agent) -> Delete on reboot.
C:\Windows\System32\senekaqtctodhd.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\senekarueqdiob.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\senekasuxxupnd.dll (Trojan.Agent) -> Delete on reboot.
C:\Windows\system32\drivers\seneka.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\senekawagsrppq.sys (Trojan.Agent) -> Quarantined and deleted successfully.

---------------------------
Malwarebytes' Anti-Malware
---------------------------
Impossible de supprimer certains éléments! Les premiers sont affichés ci-dessous. Tous les éléments qui n'ont pas pu être supprimés ont été ajoutés à la liste des 'suppressions au redémarrage'. Veuillez faire redémarrer votre ordinateur maintenant. Un fichier rapport a été sauvegardé dans le dossier Logs.



C:\Windows\System32\mlJCRLEt.dll

C:\Windows\System32\caxnfyrd.dll

C:\Windows\System32\rqrpqnKe.dll

C:\Windows\System32\nnNGXrRh.dll

C:\Windows\System32\ddCRjIYo.dll



Votre ordinateur doit redémarrer pour que le processus de suppression se termine. Voulez-vous continuer?
---------------------------
Oui Non
---------------------------

Logfile of random's system information tool 1.05 (written by random/random)
Run by Damien at 2009-02-17 21:05:24
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 219 GB (74%) free of 296 GB
Total RAM: 3068 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:05:25, on 17/02/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\Taskmgr.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Users\Damien\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C3VY9XIK\RSIT[1].exe
C:\Program Files\Trend Micro\HijackThis\Damien.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr? [...] on&pf=cnnb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr? [...] on&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr? [...] on&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O1 - Hosts: 127.255.255.255 www.alcohol-soft.com
O1 - Hosts: 127.255.255.255 images.alcohol-soft.com
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll
O4 - HKLM\..\Run: [Windows UDP Control Center] fxstaller.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537 [...] scan53.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - C:\Program Files\Dassault Systemes\B11\intel_a\code\bin\CATSysDemon.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\STacSV.exe

--
End of file - 11090 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Ad-Aware Update (Daily).job
C:\Windows\tasks\fhrqsouf.job
C:\Windows\tasks\kgbdqkiy.job
C:\Windows\tasks\User_Feed_Synchronization-{C160F834-BD81-4003-89DE-BE0DB175FF50}.job
C:\Windows\tasks\xenmzlqd.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
Freecorder Toolbar - C:\Program Files\Freecorder\tbFre1.dll [2009-02-15 1881624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-11-18 408952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{1392b8d2-5c05-419f-a8f6-b9f15a596612} - Freecorder Toolbar - C:\Program Files\Freecorder\tbFre1.dll [2009-02-15 1881624]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows UDP Control Center"=fxstaller.exe []
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"UCam_Menu"=C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2007-12-24 222504]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray.exe [2008-04-15 442433]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-01-18 1033512]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]
"QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2008-04-23 468264]
"QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2008-03-14 202032]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-05-23 92704]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-05-23 13539872]
"LogitechQuickCamRibbon"=C:\Program Files\Logitech\QuickCam\Quickcam.exe [2008-08-14 2407184]
"LogitechCommunicationsManager"=C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2008-08-14 565008]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2008-04-15 178712]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-11-20 488752]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-04-15 70912]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-11 40048]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-02-10 509784]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
"OnScreenDisplay"=C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe [2007-11-01 554288]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"=C:\Windows\system32\oobefldr.dll [2008-01-21 2153472]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-21 1233920]
"NVIDIA nTune"=C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe [2007-04-04 81920]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2008-02-26 2289664]
"ISUSPM"=C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe [2007-03-29 222128]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-04-01 486856]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]

C:\Users\Damien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2803b539-af53-11dd-bdb5-001e68feca87}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe m.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4626ac9b-faa2-11dd-8e03-001e68feca87}]
shell\AutoRun\command - H:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ac0e9872-d0ce-11dd-87e4-001e68feca87}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe m.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c157557e-eabc-11dd-aec1-001e68feca87}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe m.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f798fda9-eee9-11dd-815a-001e68feca87}]
shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f798fdc9-eee9-11dd-815a-001e68feca87}]
shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd05c308-adce-11dd-8a07-001e68feca87}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe m.vbs


======List of files/folders created in the last 1 months======

2009-02-17 21:05:24 ----D---- C:\rsit
2009-02-17 20:47:26 ----D---- C:\Users\Damien\AppData\Roaming\Malwarebytes
2009-02-17 20:47:19 ----D---- C:\ProgramData\Malwarebytes
2009-02-17 20:47:19 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-02-17 19:41:53 ----D---- C:\Windows\report
2009-02-17 19:41:41 ----D---- C:\Windows\AU_Backup
2009-02-17 19:41:41 ----A---- C:\Windows\tsc.ini
2009-02-17 19:41:41 ----A---- C:\Windows\tsc.exe
2009-02-17 19:41:41 ----A---- C:\Windows\hcextoutput.dll
2009-02-17 19:41:40 ----A---- C:\Windows\vsapi32.dll
2009-02-17 19:41:40 ----A---- C:\Windows\BPMNT.dll
2009-02-17 19:41:11 ----A---- C:\Windows\GetServer.ini
2009-02-17 19:41:10 ----D---- C:\Windows\AU_Temp
2009-02-17 19:41:10 ----D---- C:\Windows\AU_Log
2009-02-17 19:41:09 ----A---- C:\xscan.txt
2009-02-17 19:41:07 ----A---- C:\Windows\TMUPDATE.DLL
2009-02-17 19:41:06 ----A---- C:\Windows\UNZIP.DLL
2009-02-17 19:41:06 ----A---- C:\Windows\PATCH.EXE
2009-02-17 19:17:47 ----A---- C:\rnnuning.exe
2009-02-17 19:11:33 ----A---- C:\smdi3.exe
2009-02-17 17:59:49 ----A---- C:\Windows\system32\552f1ca3-.txt
2009-02-17 17:13:06 ----D---- C:\Program Files\Trend Micro
2009-02-17 15:30:49 ----D---- C:\Windows\pss
2009-02-17 14:57:31 ----A---- C:\dok.exe
2009-02-16 18:37:01 ----D---- C:\Users\Damien\AppData\Roaming\SharePod
2009-02-16 18:20:53 ----D---- C:\Users\Damien\AppData\Roaming\cucusoft
2009-02-16 18:20:53 ----A---- C:\Users\Damien\AppData\Roaming\smartpathdb.ini
2009-02-16 18:20:51 ----A---- C:\iPod2PC_log.txt
2009-02-14 22:16:19 ----D---- C:\Program Files\Conduit
2009-02-14 22:15:40 ----D---- C:\Program Files\Freecorder
2009-02-14 22:15:23 ----D---- C:\Windows\Freecorder Toolbar
2009-02-14 22:15:23 ----D---- C:\Program Files\Freecorder Toolbar
2009-02-14 15:43:11 ----D---- C:\temp
2009-02-14 15:27:19 ----D---- C:\Program Files\THQ
2009-02-14 15:27:18 ----A---- C:\Windows\system32\xactengine2_9.dll
2009-02-14 15:27:18 ----A---- C:\Windows\system32\d3dx10_35.dll
2009-02-14 15:27:18 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2009-02-14 15:27:17 ----A---- C:\Windows\system32\xactengine2_8.dll
2009-02-14 15:27:17 ----A---- C:\Windows\system32\x3daudio1_2.dll
2009-02-14 15:27:17 ----A---- C:\Windows\system32\d3dx10_34.dll
2009-02-14 15:27:17 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2009-02-14 15:27:16 ----A---- C:\Windows\system32\d3dx9_34.dll
2009-02-14 15:27:15 ----A---- C:\Windows\system32\xactengine2_7.dll
2009-02-14 15:27:14 ----A---- C:\Windows\system32\d3dx9_33.dll
2009-02-14 15:27:14 ----A---- C:\Windows\system32\d3dx10_33.dll
2009-02-14 15:27:14 ----A---- C:\Windows\system32\D3DCompiler_33.dll
2009-02-14 15:27:13 ----A---- C:\Windows\system32\xactengine2_6.dll
2009-02-14 15:27:13 ----A---- C:\Windows\system32\xactengine2_5.dll
2009-02-14 15:27:12 ----A---- C:\Windows\system32\x3daudio1_1.dll
2009-02-14 15:27:12 ----A---- C:\Windows\system32\d3dx9_32.dll
2009-02-14 15:27:12 ----A---- C:\Windows\system32\d3dx10.dll
2009-02-14 15:23:21 ----D---- C:\Users\Damien\AppData\Roaming\InstallShield
2009-02-14 15:19:53 ----D---- C:\Program Files\DAEMON Tools Lite
2009-02-14 15:15:24 ----D---- C:\Users\Damien\AppData\Roaming\DAEMON Tools
2009-02-14 15:02:59 ----D---- C:\Users\Damien\AppData\Roaming\CyberLink
2009-02-14 14:59:28 ----D---- C:\Program Files\Alcohol Soft
2009-02-12 11:31:26 ----D---- C:\Program Files\uTorrent
2009-02-12 11:31:18 ----D---- C:\Users\Damien\AppData\Roaming\uTorrent
2009-02-11 14:45:34 ----A---- C:\Windows\system32\mshtml.dll
2009-02-11 14:45:34 ----A---- C:\Windows\system32\ieframe.dll
2009-02-11 14:45:33 ----A---- C:\Windows\system32\wininet.dll
2009-02-11 14:45:33 ----A---- C:\Windows\system32\urlmon.dll
2009-02-11 14:45:33 ----A---- C:\Windows\system32\msfeeds.dll
2009-02-11 14:45:32 ----A---- C:\Windows\system32\mstime.dll
2009-02-11 14:45:32 ----A---- C:\Windows\system32\iertutil.dll
2009-02-11 14:45:31 ----A---- C:\Windows\system32\jsproxy.dll
2009-02-10 19:39:36 ----A---- C:\Windows\system32\lsdelete.exe
2009-02-10 19:33:16 ----HDC---- C:\ProgramData\{2BAE6915-8510-4B9F-B498-02DA86258AA0}
2009-02-10 19:33:04 ----D---- C:\ProgramData\Lavasoft
2009-02-10 19:33:04 ----D---- C:\Program Files\Lavasoft
2009-02-10 13:45:20 ----A---- C:\Windows\cdplayer.ini
2009-02-10 13:30:11 ----D---- C:\Users\Damien\AppData\Roaming\Winamp
2009-02-10 13:30:11 ----D---- C:\Program Files\Winamp
2009-02-10 13:23:30 ----D---- C:\audiograbber
2009-02-09 19:29:54 ----D---- C:\Program Files\Microsoft Visual Studio
2009-02-09 19:26:45 ----D---- C:\Program Files\Microsoft Visual Studio 8
2009-02-09 18:47:43 ----D---- C:\ProgramData\Adobe Systems
2009-02-09 18:34:25 ----D---- C:\Program Files\Common Files\Adobe Systems Shared
2009-02-08 19:49:42 ----D---- C:\Users\Damien\AppData\Roaming\Macrovision
2009-01-30 17:24:50 ----ASH---- C:\Users\Damien\AppData\Roaming\desktop.ini
2009-01-30 17:24:29 ----D---- C:\ProgramData\Macrovision
2009-01-30 17:24:29 ----D---- C:\Program Files\Vodafone

======List of files/folders modified in the last 1 months======

2009-02-17 21:05:24 ----D---- C:\Windows\Temp
2009-02-17 21:00:20 ----D---- C:\Program Files
2009-02-17 20:59:35 ----D---- C:\Windows\system32\drivers
2009-02-17 20:59:35 ----D---- C:\Windows\System32
2009-02-17 20:51:08 ----D---- C:\Windows
2009-02-17 20:47:19 ----HD---- C:\ProgramData
2009-02-17 19:41:53 ----D---- C:\Windows\Debug
2009-02-17 19:41:09 ----SD---- C:\Windows\Downloaded Program Files
2009-02-17 17:59:46 ----SHD---- C:\System Volume Information
2009-02-17 17:55:46 ----D---- C:\Windows\Prefetch
2009-02-17 17:50:30 ----D---- C:\Windows\Tasks
2009-02-17 17:50:30 ----D---- C:\Windows\system32\Tasks
2009-02-17 17:37:20 ----D---- C:\Windows\system32\LogFiles
2009-02-17 17:25:17 ----D---- C:\Program Files\Mozilla Firefox
2009-02-17 15:21:07 ----SD---- C:\Users\Damien\AppData\Roaming\Microsoft
2009-02-17 13:21:44 ----D---- C:\Windows\system32\WDI
2009-02-16 17:52:12 ----D---- C:\Windows\inf
2009-02-16 17:52:12 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-02-16 15:28:02 ----D---- C:\Windows\system32\catroot2
2009-02-16 12:20:37 ----D---- C:\Windows\system32\catroot
2009-02-16 12:20:25 ----D---- C:\Windows\winsxs
2009-02-14 19:52:15 ----D---- C:\Windows\Microsoft.NET
2009-02-14 19:52:14 ----RSD---- C:\Windows\assembly
2009-02-14 15:42:44 ----D---- C:\ProgramData\Media Center Programs
2009-02-14 15:42:30 ----SHD---- C:\Windows\Installer
2009-02-14 15:25:48 ----HD---- C:\Program Files\InstallShield Installation Information
2009-02-12 12:36:09 ----D---- C:\ProgramData\Microsoft Help
2009-02-12 12:21:25 ----D---- C:\Program Files\Windows Mail
2009-02-12 12:16:18 ----A---- C:\Windows\win.ini
2009-02-12 11:32:48 ----SD---- C:\ProgramData\Microsoft
2009-02-10 19:36:29 ----DC---- C:\Windows\system32\DRVSTORE
2009-02-09 19:56:15 ----D---- C:\Users\Damien\AppData\Roaming\Adobe
2009-02-09 19:30:06 ----D---- C:\Program Files\Common Files\microsoft shared
2009-02-09 19:30:04 ----D---- C:\Program Files\MSBuild
2009-02-09 19:29:36 ----D---- C:\Windows\ShellNew
2009-02-09 19:29:09 ----D---- C:\Program Files\Microsoft Office
2009-02-09 19:29:07 ----RSD---- C:\Windows\Fonts
2009-02-09 19:26:33 ----D---- C:\Program Files\Common Files\System
2009-02-09 18:38:38 ----D---- C:\Program Files\Adobe
2009-02-09 18:35:37 ----D---- C:\Program Files\Common Files\Adobe
2009-02-09 18:34:25 ----D---- C:\Program Files\Common Files
2009-02-09 18:29:28 ----D---- C:\ProgramData\Adobe
2009-02-09 14:43:36 ----D---- C:\Program Files\EFT
2009-01-30 17:39:10 ----D---- C:\Windows\ModemLogs

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R3 Accelerometer;HP Accelerometer; C:\Windows\system32\DRIVERS\Accelerometer.sys [2008-03-27 34664]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 enecir;ENE CIR Receiver; C:\Windows\system32\DRIVERS\enecir.sys [2008-01-24 52736]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 JMCR;JMCR; C:\Windows\system32\DRIVERS\jmcr.sys [2008-04-01 81296]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\Windows\system32\DRIVERS\LVPr2Mon.sys [2008-07-26 25624]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBSta.sys [2007-10-12 41752]
R3 NETw5v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits ; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2008-05-23 43552]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-05-23 7494976]
R3 NVR0Dev;NVR0Dev; \??\C:\Windows\nvoclock.sys [2007-04-04 6912]
R3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\Windows\system32\DRIVERS\LV302V32.SYS [2007-10-12 1279000]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-04-15 118784]
R3 STHDA;IDT High Definition Audio CODEC; C:\Windows\system32\DRIVERS\stwrt.sys [2008-04-15 378368]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-01-18 196784]
R3 usbaudio;Pilote USB audio (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-21 73088]
R3 usbvideo;Périphérique vidéo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S1 seneka;seneka; C:\Windows\system32\drivers\senekawagsrppq.sys []
S3 a3m9entp;a3m9entp; C:\Windows\system32\drivers\a3m9entp.sys []
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384]
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HpqRemHid;HP Remote Control HID Device; C:\Windows\system32\DRIVERS\HpqRemHid.sys [2007-07-11 7168]
S3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2008-01-21 987648]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-21 200704]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2007-11-05 101504]
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm60x32.sys [2006-11-02 429056]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]
S3 vaxscsi;vaxscsi; C:\Windows\System32\Drivers\vaxscsi.sys [2009-02-14 223128]
S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2008-01-21 654336]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AESTFilters;Andrea ST Filters Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\aestsrv.exe [2008-02-12 73728]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 BBDemon;Backbone Service; C:\Program Files\Dassault Systemes\B11\intel_a\code\bin\CATSysDemon.exe [2003-03-22 49214]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 ezSharedSvc;Easybits Shared Services for Windows; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-04-15 94208]
R2 hpsrv;HP Service; C:\Windows\system32\Hpservice.exe [2008-03-18 19456]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-04-15 354840]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-02-10 950096]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-02-26 73728]
R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2008-07-26 186904]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2008-07-26 150040]
R2 nTuneService;nTune Service; C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe [2007-04-04 126976]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-05-23 196608]
R2 QPCapSvc;QuickPlay Background Capture Service (QBCS); C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [2008-04-23 292232]
R2 QPSched;QuickPlay Task Scheduler (QTS); C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [2008-04-23 112008]
R2 Recovery Service for Windows;Recovery Service for Windows; C:\Windows\SMINST\BLService.exe [2008-03-26 341328]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-01-09 272024]
R2 STacSV;Audio Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\STacSV.exe [2008-04-15 221239]
R3 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-02-07 193840]
R3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2008-01-25 148832]
R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
R3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-02-09 72704]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.05 2009-02-17 21:05:26

======Uninstall list======

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->"C:\ProgramData\{2BAE6915-8510-4B9F-B498-02DA86258AA0}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\ProgramData\{2BAE6915-8510-4B9F-B498-02DA86258AA0}\Ad-AwareAE.exe
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000101}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5101}
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-119F-4D52-B551-6739B2B22101}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-040C-1E257A25E34D}
Adobe Reader 8.1.0 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81000000003}
Adobe Shockwave Player-->MsiExec.exe /X{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-0C40-4930-9AFE-113BCE553101}
AIM 6-->C:\Program Files\AIM6\uninst.exe
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{D6E592B3-67DA-4BBB-9783-E1838FB253A2}
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
CyberLink DVD Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
CyberLink YouCam-->"C:\Program Files\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall
CyberLink YouCam-->"C:\Program Files\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall
Dassault Systemes Software B11-->"C:\Program Files\Dassault Systemes\B11\intel_a\code\bin\Uninstall.exe" "C:\Program Files\Dassault Systemes\B11" "CODE" "IS" "C:\WINDOWS\ISUN040C.EXE" "C:\Program Files\Dassault Systemes\B11\intel_a\Uninst.isu" "B11" "0"
Dead Space™-->MsiExec.exe /X{4D87DC92-C328-46EC-A7B4-9C88129DC696}
EVEMon-->C:\Program Files\EVEMon\uninstall.exe
EVE-ONLINE (remove only)-->C:\Program Files\CCP\EVE\Uninstall.exe
Freecorder Toolbar-->C:\PROGRA~1\FREECO~2\UNWISE.EXE C:\PROGRA~1\FREECO~2\INSTALL.LOG
GPGNet-->MsiExec.exe /I{C194D333-B84A-4BB7-B35E-060732D98DC4}
Hewlett-Packard Active Check for Health Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent for Health Check-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Active Support Library-->C:\Program Files\InstallShield Installation Information\{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}\setup.exe -runfromtemp -l0x0409
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B16DA0F8-26BC-4FFC-9363-1D9F3E6C3E21}\setup.exe" -l0x9 -removeonly
HP Doc Viewer-->MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F}
HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{51E5C397-0AA0-48DD-9CB6-7259AFFDFB0A}\setup.exe" -l0x9 -removeonly
HP Quick Launch Buttons 6.40 D1-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x040c uninst
HP QuickPlay 3.7-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
HP QuickTouch 1.00 D2-->MsiExec.exe /I{30DAA715-5032-40F9-A0AE-95C9AEBB3E3F}
HP Total Care Advisor-->MsiExec.exe /X{f32502b5-5b64-4882-bf61-77f23edcac4f}
HP Update-->MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
HP User Guides 0102-->MsiExec.exe /I{F48098CD-2D66-4861-85EC-DC1D4D09D5F9}
HP Wireless Assistant-->MsiExec.exe /I{A5CE7175-080D-49AC-B5A3-E7E3502428F5}
HPNetworkAssistant-->MsiExec.exe /I{228C6B46-64E2-404E-898A-EF0830603EF4}
IDT Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\setup.exe" -l0x40c -remove -removeonly
Intel® Matrix Storage Manager-->C:\Windows\system32\imsmudlg.exe -uninstall
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
JMicron JMB38X Flash Media Controller-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{26604C7E-A313-4D12-867F-7C6E7820BE4C}\setup.exe" -l0x40c -removeonly
LabelPrint-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.exe" -uninstall
LightScribe System Software 1.12.33.2-->MsiExec.exe /X{582287DA-0806-4AC0-BF19-C15E3A466034}
Logitech QuickCam-->MsiExec.exe /X{3AF8FCCD-F51A-4014-9002-F195E1CBC876}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Mass Effect-->C:\Program Files\Common Files\BioWare\Uninstall Mass Effect.exe
Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (French)-->MsiExec.exe /X{95120000-00AF-040C-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual J# 2.0 Redistributable Package-->C:\Windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.exe
Microsoft Works-->MsiExec.exe /I{3B160861-7250-451E-B5EE-8B92BF30A710}
Module de compatibilité pour Microsoft Office System 2007-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE}
Mozilla Firefox (3.0.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
muvee autoProducer 6.1-->C:\Program Files\InstallShield Installation Information\{35F83303-C0C0-46B7-B8A8-ADA7C2AC5645}\muveesetup.exe -removeonly -runfromtemp
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
NVIDIA nTune-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF} /l1036
Power2Go-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall
PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
ProtectSmart Hard Drive Protection-->MsiExec.exe /X{9D615069-AA8F-4E89-AE9D-77AAE90F529F}
QuickPlay SlingPlayer 0.4.6-->"C:\Program Files\HP\QuickPlay\unins000.exe"
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
Realtek 8169 8168 8101E 8102E Ethernet Driver-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x040c -removeonly
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Supreme Commander - Forged Alliance-->C:\Program Files\InstallShield Installation Information\{31D95937-B237-405D-920C-A3EF4E482395}\setup.exe -runfromtemp -l0x0009 -removeonly
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
Update for Microsoft Office Excel 2007 Help (KB957242)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {49E314EE-81FA-4007-8F1A-8D39BDBB4498}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Microsoft Office Outlook 2007 Help (KB957246)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {80E46078-C1C5-4AE8-8744-3EAFC812E118}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Office 2007 (KB946691)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb959634)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {50C77E2F-5C1C-467D-9BC8-3CA07D28C9F2}
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Videora iPod classic Converter 4.04-->C:\Program Files\Red Kawa\Video Converter App\uninstaller.exe
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\Windows\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
VLC media player 0.9.4-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Vodafone Mobile Connect Lite-->MsiExec.exe /X{B5761811-28F3-4257-B537-815C5EEF472C}
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Installer Clean Up-->MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}

=====HijackThis Backups=====

O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\byXQHwVN.dll,#1

======Hosts File======

127.255.255.255 serial.alcohol-soft.com
127.255.255.255 www.alcohol-soft.com
127.255.255.255 images.alcohol-soft.com

======Security center information======

AV: Lavasoft Ad-Watch Live! AntiVirus
AS: Lavasoft Ad-Watch Live!
AS: Windows Defender

System event log

Computer Name: PC-de-Damien
Event Code: 7036
Message: Le service Disque virtuel est entré dans l'état : arrêté.
Record Number: 79166
Source Name: Service Control Manager
Time Written: 20090217200347.000000-000
Event Type: Information
User:

Computer Name: PC-de-Damien
Event Code: 3
Message: Le service a démarré.
Record Number: 79167
Source Name: Virtual Disk Service
Time Written: 20090217200448.000000-000
Event Type: Information
User:

Computer Name: PC-de-Damien
Event Code: 7036
Message: Le service Disque virtuel est entré dans l'état : en cours d'exécution.
Record Number: 79168
Source Name: Service Control Manager
Time Written: 20090217200448.000000-000
Event Type: Information
User:

Computer Name: PC-de-Damien
Event Code: 4
Message: Le service a été arrêté.
Record Number: 79169
Source Name: Virtual Disk Service
Time Written: 20090217200450.000000-000
Event Type: Information
User:

Computer Name: PC-de-Damien
Event Code: 7036
Message: Le service Disque virtuel est entré dans l'état : arrêté.
Record Number: 79170
Source Name: Service Control Manager
Time Written: 20090217200450.000000-000
Event Type: Information
User:

Application event log

Computer Name: PC-de-Damien
Event Code: 300
Message: msnmsgr (3920) \\.\C:\Users\Damien\AppData\Local\Microsoft\Messenger\daftpunkey@hotmail.fr\SharingMetadata\Working\database_1DEC_4224_5E0C_D872\dfsr.db: Le moteur de la base de données initie les étapes de récupération.
Record Number: 7642
Source Name: ESENT
Time Written: 20090217200340.000000-000
Event Type: Information
User:

Computer Name: PC-de-Damien
Event Code: 301
Message: msnmsgr (3920) \\.\C:\Users\Damien\AppData\Local\Microsoft\Messenger\daftpunkey@hotmail.fr\SharingMetadata\Working\database_1DEC_4224_5E0C_D872\dfsr.db: Le moteur de la base de données a commencé la relecture du fichier journal \\.\C:\Users\Damien\AppData\Local\Microsoft\Messenger\daftpunkey@hotmail.fr\SharingMetadata\Working\database_1DEC_4224_5E0C_D872\fsr.log.
Record Number: 7643
Source Name: ESENT
Time Written: 20090217200340.000000-000
Event Type: Information
User:

Computer Name: PC-de-Damien
Event Code: 302
Message: msnmsgr (3920) \\.\C:\Users\Damien\AppData\Local\Microsoft\Messenger\daftpunkey@hotmail.fr\SharingMetadata\Working\database_1DEC_4224_5E0C_D872\dfsr.db: Le moteur de la base de données a terminé les étapes de récupération avec succès.
Record Number: 7644
Source Name: ESENT
Time Written: 20090217200341.000000-000
Event Type: Information
User:

Computer Name: PC-de-Damien
Event Code: 103
Message: msnmsgr (3920) \\.\C:\Users\Damien\AppData\Local\Microsoft\Messenger\daftpunkey@hotmail.fr\SharingMetadata\Working\database_1DEC_4224_5E0C_D872\dfsr.db: Le moteur de la base de données a arrêté l'instance (0).
Record Number: 7645
Source Name: ESENT
Time Written: 20090217200451.000000-000
Event Type: Information
User:

Computer Name: PC-de-Damien
Event Code: 5
Message: Unsupported service control request (see data below)
Record Number: 7646
Source Name: LightScribeService
Time Written: 20090217200526.000000-000
Event Type: Information
User:

Security event log

Computer Name: PC-de-Damien
Event Code: 4672
Message: Privilèges spéciaux attribués à la nouvelle ouverture de session.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : SYSTEM
Domaine du compte : AUTORITE NT
ID d’ouverture de session : 0x3e7

Privilèges : SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 37306
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090210192821.340000-000
Event Type: Succès de l'audit
User:

Computer Name: PC-de-Damien
Event Code: 4648
Message: Tentative d’ouverture de session en utilisant des informations d’identification explicites.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : PC-DE-DAMIEN$
Domaine du compte : WORKGROUP
ID d’ouverture de session : 0x3e7
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

Compte dont les informations d’identification ont été utilisées :
Nom du compte : SYSTEM
Domaine du compte : AUTORITE NT
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

Serveur cible :
Nom du serveur cible : localhost
Informations supplémentaires : localhost

Informations sur le processus :
ID du processus : 0x274
Nom du processus : C:\Windows\System32\services.exe

Informations sur le réseau :
Adresse du réseau : -
Port : -

Cet événement est généré lorsqu’un processus tente d’ouvrir une session pour un compte en spécifiant explicitement les informations d’identification de ce compte. Ceci se produit le plus souvent dans les configurations par lot comme les tâches planifiées, ou avec l’utilisation de la commande RUNAS.
Record Number: 37307
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090210192923.204000-000
Event Type: Succès de l'audit
User:

Computer Name: PC-de-Damien
Event Code: 4624
Message: L’ouverture de session d’un compte s’est correctement déroulée.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : PC-DE-DAMIEN$
Domaine du compte : WORKGROUP
ID d’ouverture de session : 0x3e7

Type d’ouverture de session : 5

Nouvelle ouverture de session :
ID de sécurité : S-1-5-18
Nom du compte : SYSTEM
Domaine du compte : AUTORITE NT
ID d’ouverture de session : 0x3e7
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

Informations sur le processus :
ID du processus : 0x274
Nom du processus : C:\Windows\System32\services.exe

Informations sur le réseau :
Nom de la station de travail :
Adresse du réseau source : -
Port source : -

Informations détaillées sur l’authentification :
Processus d’ouverture de session : Advapi
Package d’authentification : Negotiate
Services en transit : -
Nom du package (NTLM uniquement) : -
Longueur de la clé : 0

Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée.

Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe.

Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau).

Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté.

Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas.

Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique.
- Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC .
- Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session.
- Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM.
- La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée.
Record Number: 37308
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090210192923.204000-000
Event Type: Succès de l'audit
User:

Computer Name: PC-de-Damien
Event Code: 4672
Message: Privilèges spéciaux attribués à la nouvelle ouverture de session.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : SYSTEM
Domaine du compte : AUTORITE NT
ID d’ouverture de session : 0x3e7

Privilèges : SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 37309
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090210192923.204000-000
Event Type: Succès de l'audit
User:

Computer Name: PC-de-Damien
Event Code: 4648
Message: Tentative d’ouverture de session en utilisant des informations d’identification explicites.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : PC-DE-DAMIEN$
Domaine du compte : WORKGROUP
ID d’ouverture de session : 0x3e7
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

Compte dont les informations d’identification ont été utilisées :
Nom du compte : SYSTEM
Domaine du compte : AUTORITE NT
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

Serveur cible :
Nom du serveur cible : localhost
Informations supplémentaires : localhost

Informations sur le processus :
ID du processus : 0x274
Nom du processus : C:\Windows\System32\services.exe

Informations sur le réseau :
Adresse du réseau : -
Port : -

Cet événement est généré lorsqu’un processus tente d’ouvrir une session pour un compte en spécifiant explicitement les informations d’identification de ce compte. Ceci se produit le plus souvent dans les configurations par lot comme les tâches planifiées, ou avec l’utilisation de la commande RUNAS.
Record Number: 37310
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090210193025.325000-000
Event Type: Succès de l'audit
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\CyberLink\Power2Go;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Adobe\AGL
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=1706
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"OnlineServices"=Online Services
"Platform"=MCD
"PCBRAND"=Pavilion
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip

-----------------EOF-----------------

-------------- UsbFix V2.414.3 ---------------

* User : Damien - PC-DE-DAMIEN
* Outils mis a jours le 18/01/2009 par Chiquitine29 et Chimay8
* Recherche effectuée à 21:28:56 le 17/02/2009
* Windows Vista - Internet Explorer 7.0.6001.18000


--------------- [ Processus actifs ] ----------------


C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\STacSV.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\LogonUI.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Dassault Systemes\B11\intel_a\code\bin\CATSysDemon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Windows\system32\userinit.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\svchost.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\svchost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\runonce.exe
C:\Windows\System32\vdsldr.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conime.exe

--------------- [ Informations lecteurs ] ----------------

C: - Lecteur fixe
F: - Lecteur amovible

--------------- [ Lecteur C ] ----------------

C: - Lecteur fixe

+- Listing des fichiers présents :

[02/07/2008 08:44][--a------] C:\autoexec.bat
[17/02/2009 14:57][--a------] C:\dok.exe
[17/02/2009 14:57][--a------] C:\rnnuning.exe
[17/02/2009 14:57][--a------] C:\smdi3.exe
[16/02/2009 18:23][--a------] C:\iPod2PC_log.txt
[16/02/2009 18:23][--a------] C:\UsbFix.txt
[16/02/2009 18:23][--a------] C:\xscan.txt
[18/09/2006 22:43][--a------] C:\config.sys
[18/09/2006 22:43][--a------] C:\hiberfil.sys
[18/09/2006 22:43][--a------] C:\IO.SYS
[18/09/2006 22:43][--a------] C:\MSDOS.SYS
[18/09/2006 22:43][--a------] C:\pagefile.sys

--------------- [ Lecteur F ] ----------------

F: - Lecteur amovible

+- Listing des fichiers présents :

[07/11/2007 01:31][--a------] F:\ForgedAlliance.exe

--------------- [ Registre / Startup ] ----------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\Windows\\system32\\userinit.exe,"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
WindowsWelcomeCenter=rundll32.exe oobefldr.dll,ShowWelcomeCenter
Sidebar=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
NVIDIA nTune="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
LightScribe Control Panel=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
ISUSPM="C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
ehTray.exe=C:\Windows\ehome\ehTray.exe
DAEMON Tools Lite="C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
MsnMsgr="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
Windows UDP Control Center=fxstaller.exe
Windows Defender=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
UCam_Menu="C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
SysTrayApp=%ProgramFiles%\IDT\WDM\sttray.exe
SynTPEnh=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
SunJavaUpdateSched="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
QPService="C:\Program Files\HP\QuickPlay\QPService.exe"
QlbCtrl.exe=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
NvMediaCenter=RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
NvCplDaemon=RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
LogitechQuickCamRibbon="C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
LogitechCommunicationsManager="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
IAAnotif=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
hpWirelessAssistant=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
HP Software Update=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
HP Health Check Scheduler=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
Ad-Watch=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
QuickTime Task="C:\Program Files\QuickTime\QTTask.exe" -atboottime
OnScreenDisplay=C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe"
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=

--------------- [ Registre / Mountpoint2 ] ----------------

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2803b539-af53-11dd-bdb5-001e68feca87}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4626ac9b-faa2-11dd-8e03-001e68feca87}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ac0e9872-d0ce-11dd-87e4-001e68feca87}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c157557e-eabc-11dd-aec1-001e68feca87}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f798fda9-eee9-11dd-815a-001e68feca87}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f798fdc9-eee9-11dd-815a-001e68feca87}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fd05c308-adce-11dd-8a07-001e68feca87}\Shell\AutoRun\command

--------------- [ Nettoyage des disques ] ----------------


--------------- [ Resumé ] ----------------

-> /!\ Le resultat doit etre [http://www.virustotal.com/fr/ interprété] par un spécialiste /!\

[02/07/2008 08:44][--a------] C:\autoexec.bat
[17/02/2009 14:57][--a------] C:\dok.exe
[17/02/2009 14:57][--a------] C:\rnnuning.exe
[17/02/2009 14:57][--a------] C:\smdi3.exe
[07/11/2007 01:31][--a------] F:\ForgedAlliance.exe

--------------- [ Vaccination ] ----------------

C:\autorun.inf -> Dossier autorun.inf crée par UsbFix !
F:\autorun.inf -> Dossier autorun.inf crée par UsbFix !

--------------- ! Fin du rapport ! ----------------

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
Unable to stop service seneka .
========== FILES ==========
C:\Windows\tasks\fhrqsouf.job moved successfully.
C:\Windows\tasks\kgbdqkiy.job moved successfully.
C:\Windows\tasks\xenmzlqd.job moved successfully.
File/Folder C:\Windows\system32\drivers\senekawagsrppq.sys not found.
C:\dok.exe moved successfully.
C:\rnnuning.exe moved successfully.
C:\smdi3.exe moved successfully.
C:\Windows\system32\552f1ca3-.txt moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Windows UDP Control Center deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2803b539-af53-11dd-bdb5-001e68feca87}\\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4626ac9b-faa2-11dd-8e03-001e68feca87}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ac0e9872-d0ce-11dd-87e4-001e68feca87}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c157557e-eabc-11dd-aec1-001e68feca87}\\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f798fda9-eee9-11dd-815a-001e68feca87}\\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f798fdc9-eee9-11dd-815a-001e68feca87}\\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd05c308-adce-11dd-8a07-001e68feca87}\\ not found.
========== COMMANDS ==========
File delete failed. C:\Users\Damien\AppData\Local\Temp\ehmsas.txt scheduled to be deleted on reboot.
File delete failed. C:\Users\Damien\AppData\Local\Temp\etilqs_U2lu4YGJJE8R11t5k9rw scheduled to be deleted on reboot.
File delete failed. C:\Users\Damien\AppData\Local\Temp\fla852D.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Damien\AppData\Local\Temp\~DF2794.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Damien\AppData\Local\Temp\~DF279C.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Damien\AppData\Local\Temp\~DF3A20.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Damien\AppData\Local\Temp\~DF3A25.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Damien\AppData\Local\Temp\~DFCE13.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Damien\AppData\Local\Temp\~DFCE18.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\Windows\temp\logishrd\LVPrcInj04.dll scheduled to be deleted on reboot.
Windows Temp folder emptied.
File delete failed. C:\Users\Damien\AppData\Local\Mozilla\Firefox\Profiles\ntrskq1f.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Damien\AppData\Local\Mozilla\Firefox\Profiles\ntrskq1f.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Damien\AppData\Local\Mozilla\Firefox\Profiles\ntrskq1f.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Damien\AppData\Local\Mozilla\Firefox\Profiles\ntrskq1f.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Damien\AppData\Local\Mozilla\Firefox\Profiles\ntrskq1f.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Users\Damien\AppData\Local\Mozilla\Firefox\Profiles\ntrskq1f.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02172009_222710

Files moved on Reboot...
C:\Users\Damien\AppData\Local\Temp\ehmsas.txt moved successfully.
File C:\Users\Damien\AppData\Local\Temp\etilqs_U2lu4YGJJE8R11t5k9rw not found!
File C:\Users\Damien\AppData\Local\Temp\fla852D.tmp not found!
File C:\Users\Damien\AppData\Local\Temp\~DF2794.tmp not found!
File C:\Users\Damien\AppData\Local\Temp\~DF279C.tmp not found!
File C:\Users\Damien\AppData\Local\Temp\~DF3A20.tmp not found!
File C:\Users\Damien\AppData\Local\Temp\~DF3A25.tmp not found!
File C:\Users\Damien\AppData\Local\Temp\~DFCE13.tmp not found!
File C:\Users\Damien\AppData\Local\Temp\~DFCE18.tmp not found!
File C:\Windows\temp\logishrd\LVPrcInj04.dll not found!
C:\Users\Damien\AppData\Local\Mozilla\Firefox\Profiles\ntrskq1f.default\Cache\_CACHE_001_ moved successfully.
C:\Users\Damien\AppData\Local\Mozilla\Firefox\Profiles\ntrskq1f.default\Cache\_CACHE_002_ moved successfully.
C:\Users\Damien\AppData\Local\Mozilla\Firefox\Profiles\ntrskq1f.default\Cache\_CACHE_003_ moved successfully.
C:\Users\Damien\AppData\Local\Mozilla\Firefox\Profiles\ntrskq1f.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\Damien\AppData\Local\Mozilla\Firefox\Profiles\ntrskq1f.default\urlclassifier3.sqlite moved successfully.
C:\Users\Damien\AppData\Local\Mozilla\Firefox\Profiles\ntrskq1f.default\XUL.mfl moved successfully.

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
Unable to stop service seneka .
========== COMMANDS ==========
File delete failed. C:\Users\Damien\AppData\Local\Temp\ehmsas.txt scheduled to be deleted on reboot.
File delete failed. C:\Users\Damien\AppData\Local\Temp\~DF2793.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Damien\AppData\Local\Temp\~DF279E.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Damien\AppData\Local\Temp\~DF2CD1.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Damien\AppData\Local\Temp\~DF2CE1.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Damien\AppData\Local\Temp\~DF372D.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Damien\AppData\Local\Temp\~DF3F6E.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Damien\AppData\Local\Temp\~DF66DB.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Damien\AppData\Local\Temp\~DF66E0.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Damien\AppData\Local\Temp\~DF762B.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Damien\AppData\Local\Temp\~DF7B44.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be deleted on reboot.
Windows Temp folder emptied.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02172009_225615

Files moved on Reboot...
C:\Users\Damien\AppData\Local\Temp\ehmsas.txt moved successfully.
File C:\Users\Damien\AppData\Local\Temp\~DF2793.tmp not found!
File C:\Users\Damien\AppData\Local\Temp\~DF279E.tmp not found!
File C:\Users\Damien\AppData\Local\Temp\~DF2CD1.tmp not found!
File C:\Users\Damien\AppData\Local\Temp\~DF2CE1.tmp not found!
File C:\Users\Damien\AppData\Local\Temp\~DF372D.tmp not found!
File C:\Users\Damien\AppData\Local\Temp\~DF3F6E.tmp not found!
File C:\Users\Damien\AppData\Local\Temp\~DF66DB.tmp not found!
File C:\Users\Damien\AppData\Local\Temp\~DF66E0.tmp not found!
File C:\Users\Damien\AppData\Local\Temp\~DF762B.tmp not found!
File C:\Users\Damien\AppData\Local\Temp\~DF7B44.tmp not found!
DllUnregisterServer procedure not found in C:\Windows\temp\logishrd\LVPrcInj01.dll
C:\Windows\temp\logishrd\LVPrcInj01.dll NOT unregistered.
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.

Windows/system32/config/system

Statut : 0xc000014c

échec du chargement de windows car le fichier du registre système est manquant ou endommagé.