Damaelyon

Bon ben de nouveau backdoor et tout plein de spyware à chaque démarrage. Ca va se finir par un format C: je sens.

Oui je sais mais il me met fichier introuvable alors que NIS continue de le virer à chaque démarrage.

Oui mais comme je te le disais un peu plus haut, je ne peux pas faire apparaitre les fichiers cachés. C'est comme si quelque chose m'en empêchait.

Ok je viens de comprendre quelque chose : quand je demande à afficher les fichers cachés et les fichers système, je clique sur ok mais en fait, rien n'est fait, les fichiers n'apparaissent pas et quand je retourne dans les paramètres pour le faire, c'est comme si je n'avais rien demandé, les fichiers systèmes et cachés sont toujours ben... cachés. Comme si quelque chose m'empêchait de le faire.

Le fichier semble être absent, peut-être supprimé justement par NIS qui le détecte à interval régulier. Sur Virus Total, j'ai eu comme réponse : 0 bytes size received / Se ha recibido un archivo vacio J'ai bien affiché tous les fichiers cachés du système, etc... Petite question : j'ai un lecteur réseau, pas branché direct sur mon ordi mais sur la freebox. Est-il possible que l'infection revienne par là en permanence ?

c:\windows\system32\win.exe

oui mais maintenant, je n'ai plus de messages quand j'utilise ton fichier reg et NIS continue à bloquer bakcdoor à chaque redémarrage

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:50:08, on 08/03/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18372) Boot mode: Normal Running processes: C:\Program Files (x86)\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe C:\Windows\vVX6000.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files (x86)\LaCie\Ethernet Agent\LaCie Ethernet Agent.exe C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe C:\Windows\SysWOW64\Ctxfihlp.exe C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe C:\Windows\SysWOW64\CTXFISPI.EXE C:\Users\David Fuentes\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freewebtown.com/alrefai/login.live.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = .-~= Hacked by ( ProoHack )X =~-. O1 - Hosts: ::1 localhost O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files (x86)\IEPro\iepro.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.2.0.7\IPSBHO.DLL O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [LaCie Ethernet Agent Startup] "C:\Program Files (x86)\LaCie\Ethernet Agent\LaCie Ethernet Agent.exe" O4 - HKCU\..\Run: [LaCie Backup] C:\Program Files (x86)\LaCie\Backup Software\\LaCieBackup.exe /background O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CtxfiReg] CTXFIREG.exe /FAIL1 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CtxfiReg] CTXFIREG.exe /FAIL1 (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files (x86)\IEPro\iepro.dll O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files (x86)\IEPro\iepro.dll O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files (x86)\IEPro\iepro.dll O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files (x86)\IEPro\iepro.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O15 - Trusted Zone: http://ftp_seiya.kargan.eu O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichier...ion_3_1_0_4.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Service d'état ASP.NET (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing) O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files (x86)\ma-config.com\maconfservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 9661 bytes

Voilà le rapport : ========== PROCESSES ========== Unable to kill process: explorer.exe ========== FILES ========== C:\Windows\SysWOW64\zh-TW moved successfully. C:\Windows\SysWOW64\zh-HK moved successfully. C:\Windows\SysWOW64\zh-CN moved successfully. C:\Windows\SysWOW64\XPSViewer\fr-FR moved successfully. C:\Windows\SysWOW64\XPSViewer\en-US moved successfully. C:\Windows\SysWOW64\XPSViewer moved successfully. C:\Windows\SysWOW64\xlive moved successfully. C:\Windows\SysWOW64\winrm\040C moved successfully. C:\Windows\SysWOW64\winrm moved successfully. C:\Windows\SysWOW64\WCN\fr-FR moved successfully. C:\Windows\SysWOW64\WCN moved successfully. C:\Windows\SysWOW64\wbem\xml moved successfully. C:\Windows\SysWOW64\wbem\tmf moved successfully. C:\Windows\SysWOW64\wbem\Repository moved successfully. C:\Windows\SysWOW64\wbem\Logs moved successfully. C:\Windows\SysWOW64\wbem\fr-FR moved successfully. C:\Windows\SysWOW64\wbem\AutoRecover moved successfully. Folder move failed. C:\Windows\SysWOW64\wbem scheduled to be moved on reboot. C:\Windows\SysWOW64\URTTEMP moved successfully. C:\Windows\SysWOW64\uk-UA moved successfully. C:\Windows\SysWOW64\tr-TR moved successfully. C:\Windows\SysWOW64\th-TH moved successfully. C:\Windows\SysWOW64\Tasks\Microsoft\Windows\WindowsCalendar moved successfully. C:\Windows\SysWOW64\Tasks\Microsoft\Windows\SyncCenter moved successfully. C:\Windows\SysWOW64\Tasks\Microsoft\Windows\PLA\System moved successfully. C:\Windows\SysWOW64\Tasks\Microsoft\Windows\PLA moved successfully. C:\Windows\SysWOW64\Tasks\Microsoft\Windows moved successfully. C:\Windows\SysWOW64\Tasks\Microsoft moved successfully. C:\Windows\SysWOW64\Tasks moved successfully. C:\Windows\SysWOW64\sysprep\fr-FR moved successfully. Folder move failed. C:\Windows\SysWOW64\sysprep scheduled to be moved on reboot. C:\Windows\SysWOW64\sv-SE moved successfully. C:\Windows\SysWOW64\sr-Latn-CS moved successfully. Folder move failed. C:\Windows\SysWOW64\Speech\SpeechUX\fr-FR scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\Speech\SpeechUX scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\Speech\Engines\SR\fr-FR scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\Speech\Engines\SR scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\Speech\Engines scheduled to be moved on reboot. C:\Windows\SysWOW64\Speech\Common moved successfully. Folder move failed. C:\Windows\SysWOW64\Speech scheduled to be moved on reboot. C:\Windows\SysWOW64\SLUI moved successfully. C:\Windows\SysWOW64\slmgr\040C moved successfully. C:\Windows\SysWOW64\slmgr moved successfully. C:\Windows\SysWOW64\sl-SI moved successfully. C:\Windows\SysWOW64\sk-SK moved successfully. C:\Windows\SysWOW64\setup\fr-FR moved successfully. Folder move failed. C:\Windows\SysWOW64\setup scheduled to be moved on reboot. C:\Windows\SysWOW64\ru-RU moved successfully. C:\Windows\SysWOW64\ro-RO moved successfully. C:\Windows\SysWOW64\restore moved successfully. C:\Windows\SysWOW64\ras moved successfully. C:\Windows\SysWOW64\pt-PT moved successfully. C:\Windows\SysWOW64\pt-BR moved successfully. C:\Windows\SysWOW64\Printing_Admin_Scripts\fr-FR moved successfully. C:\Windows\SysWOW64\Printing_Admin_Scripts moved successfully. C:\Windows\SysWOW64\pl-PL moved successfully. C:\Windows\SysWOW64\oobe\fr-FR moved successfully. Folder move failed. C:\Windows\SysWOW64\oobe scheduled to be moved on reboot. C:\Windows\SysWOW64\nl-NL moved successfully. C:\Windows\SysWOW64\networklist\icons\StockIcons moved successfully. C:\Windows\SysWOW64\networklist\icons moved successfully. C:\Windows\SysWOW64\networklist moved successfully. C:\Windows\SysWOW64\NDF moved successfully. C:\Windows\SysWOW64\nb-NO moved successfully. C:\Windows\SysWOW64\MUI\dispspec moved successfully. C:\Windows\SysWOW64\MUI\040C moved successfully. C:\Windows\SysWOW64\MUI\0409 moved successfully. C:\Windows\SysWOW64\MUI moved successfully. C:\Windows\SysWOW64\Msdtc\Trace moved successfully. C:\Windows\SysWOW64\Msdtc moved successfully. C:\Windows\SysWOW64\migwiz\fr-FR moved successfully. C:\Windows\SysWOW64\migwiz\dlmanifests\Networking-MPSSVC-Svc moved successfully. C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-WMI-Core moved successfully. C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-Unimodem-Config moved successfully. C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-TextServicesFramework-Migration-DL moved successfully. C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-TapiSetup moved successfully. C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-Sxs moved successfully. C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-StorageMigration moved successfully. C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-shmig-DL moved successfully. C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-RasServer-MigPlugin moved successfully. C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-RasConnectionManager moved successfully. C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-RasApi moved successfully. C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-PerformanceCounterInfrastructure-DL moved successfully. C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-OfflineFiles-DL moved successfully. C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-NetworkLoadBalancing-Core moved successfully. C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-NetworkBridge moved successfully. C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-NDIS moved successfully. C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-msmq-messagingcoreservice moved successfully. C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-MediaPlayer-DRM-DL moved successfully. C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-MediaPlayer moved successfully. C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-International-Core-DL moved successfully. C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-IIS-DL moved successfully. C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-IE-ESC moved successfully. C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-IasServer-MigPlugin moved successfully. C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-DirectoryServices-ADAM-DL moved successfully. C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-DHCPServerMigPlugin-DL moved successfully. C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-COM-DTC-Setup-DL moved successfully. C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-COM-ComPlus-Setup-DL moved successfully. C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-Bluetooth-Config moved successfully. C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-ADFS-DL moved successfully. C:\Windows\SysWOW64\migwiz\dlmanifests\BITSExtensions-Server moved successfully. Folder move failed. C:\Windows\SysWOW64\migwiz\dlmanifests scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\migwiz scheduled to be moved on reboot. C:\Windows\SysWOW64\migration\fr-FR moved successfully. Folder move failed. C:\Windows\SysWOW64\migration scheduled to be moved on reboot. C:\Windows\SysWOW64\manifeststore moved successfully. Folder move failed. C:\Windows\SysWOW64\Macromed\Flash scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\Macromed scheduled to be moved on reboot. C:\Windows\SysWOW64\lv-LV moved successfully. C:\Windows\SysWOW64\lt-LT moved successfully. C:\Windows\SysWOW64\LogFiles\Firewall moved successfully. C:\Windows\SysWOW64\LogFiles moved successfully. C:\Windows\SysWOW64\licensing\ppdlic moved successfully. C:\Windows\SysWOW64\licensing\pkeyconfig moved successfully. C:\Windows\SysWOW64\licensing\issuance moved successfully. C:\Windows\SysWOW64\licensing\identity moved successfully. C:\Windows\SysWOW64\licensing\channels\OCUR moved successfully. C:\Windows\SysWOW64\licensing\channels moved successfully. C:\Windows\SysWOW64\licensing moved successfully. C:\Windows\SysWOW64\ko-KR moved successfully. C:\Windows\SysWOW64\ja-JP moved successfully. C:\Windows\SysWOW64\it-IT moved successfully. C:\Windows\SysWOW64\IOSUBSYS moved successfully. C:\Windows\SysWOW64\InstallShield\setupdir\0c0c moved successfully. C:\Windows\SysWOW64\InstallShield\setupdir\0816 moved successfully. C:\Windows\SysWOW64\InstallShield\setupdir\0804 moved successfully. C:\Windows\SysWOW64\InstallShield\setupdir\0416 moved successfully. C:\Windows\SysWOW64\InstallShield\setupdir\040c moved successfully. C:\Windows\SysWOW64\InstallShield\setupdir\0404 moved successfully. C:\Windows\SysWOW64\InstallShield\setupdir\002d moved successfully. C:\Windows\SysWOW64\InstallShield\setupdir\0024 moved successfully. C:\Windows\SysWOW64\InstallShield\setupdir\0021 moved successfully. C:\Windows\SysWOW64\InstallShield\setupdir\001f moved successfully. C:\Windows\SysWOW64\InstallShield\setupdir\001e moved successfully. C:\Windows\SysWOW64\InstallShield\setupdir\001d moved successfully. C:\Windows\SysWOW64\InstallShield\setupdir\001b moved successfully. C:\Windows\SysWOW64\InstallShield\setupdir\001a moved successfully. C:\Windows\SysWOW64\InstallShield\setupdir\0019 moved successfully. C:\Windows\SysWOW64\InstallShield\setupdir\0015 moved successfully. C:\Windows\SysWOW64\InstallShield\setupdir\0014 moved successfully. C:\Windows\SysWOW64\InstallShield\setupdir\0013 moved successfully. C:\Windows\SysWOW64\InstallShield\setupdir\0012 moved successfully. C:\Windows\SysWOW64\InstallShield\setupdir\0011 moved successfully. C:\Windows\SysWOW64\InstallShield\setupdir\0010 moved successfully. C:\Windows\SysWOW64\InstallShield\setupdir\000e moved successfully. C:\Windows\SysWOW64\InstallShield\setupdir\000b moved successfully. C:\Windows\SysWOW64\InstallShield\setupdir\000a moved successfully. C:\Windows\SysWOW64\InstallShield\setupdir\0009 moved successfully. C:\Windows\SysWOW64\InstallShield\setupdir\0008 moved successfully. C:\Windows\SysWOW64\InstallShield\setupdir\0007 moved successfully. C:\Windows\SysWOW64\InstallShield\setupdir\0006 moved successfully. C:\Windows\SysWOW64\InstallShield\setupdir\0005 moved successfully. C:\Windows\SysWOW64\InstallShield\setupdir\0003 moved successfully. C:\Windows\SysWOW64\InstallShield\setupdir moved successfully. Folder move failed. C:\Windows\SysWOW64\InstallShield scheduled to be moved on reboot. C:\Windows\SysWOW64\inetsrv moved successfully. C:\Windows\SysWOW64\IME\SHARED\res moved successfully. Folder move failed. C:\Windows\SysWOW64\IME\SHARED scheduled to be moved on reboot. C:\Windows\SysWOW64\IME\IMETC10\applets moved successfully. Folder move failed. C:\Windows\SysWOW64\IME\IMETC10 scheduled to be moved on reboot. C:\Windows\SysWOW64\IME\IMESC5\applets moved successfully. Folder move failed. C:\Windows\SysWOW64\IME\IMESC5 scheduled to be moved on reboot. C:\Windows\SysWOW64\IME\imekr8\dicts moved successfully. C:\Windows\SysWOW64\IME\imekr8\applets moved successfully. Folder move failed. C:\Windows\SysWOW64\IME\imekr8 scheduled to be moved on reboot. C:\Windows\SysWOW64\IME\IMEJP10\APPLETS moved successfully. Folder move failed. C:\Windows\SysWOW64\IME\IMEJP10 scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\IME scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\icsxml scheduled to be moved on reboot. C:\Windows\SysWOW64\ias moved successfully. C:\Windows\SysWOW64\hu-HU moved successfully. C:\Windows\SysWOW64\hr-HR moved successfully. C:\Windows\SysWOW64\he-IL moved successfully. C:\Windows\SysWOW64\GroupPolicyUsers moved successfully. C:\Windows\SysWOW64\GroupPolicy moved successfully. C:\Windows\SysWOW64\FxsTmp moved successfully. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\UltimateN scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\Ultimate scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\Starter scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\HomePremiumN scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\HomePremium scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\HomeBasicN scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\HomeBasic scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\EnterpriseN scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\Enterprise scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\businessn scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\business scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\UltimateN scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\Ultimate scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\Starter scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\HomePremiumN scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\HomePremium scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\HomeBasicN scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\HomeBasic scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\EnterpriseN scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\Enterprise scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\businessn scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\business scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\UltimateN scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\Ultimate scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\Starter scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\HomePremiumN scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\HomePremium scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\HomeBasicN scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\HomeBasic scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\EnterpriseN scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\Enterprise scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\businessn scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\business scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR scheduled to be moved on reboot. C:\Windows\SysWOW64\fr moved successfully. C:\Windows\SysWOW64\fi-FI moved successfully. C:\Windows\SysWOW64\et-EE moved successfully. C:\Windows\SysWOW64\es-ES moved successfully. Folder move failed. C:\Windows\SysWOW64\en-US scheduled to be moved on reboot. C:\Windows\SysWOW64\el-GR moved successfully. Folder move failed. C:\Windows\SysWOW64\driverstore\fr-FR scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\driverstore scheduled to be moved on reboot. C:\Windows\SysWOW64\drivers\UMDF\fr-FR moved successfully. C:\Windows\SysWOW64\drivers\UMDF moved successfully. C:\Windows\SysWOW64\drivers\fr-FR moved successfully. C:\Windows\SysWOW64\drivers moved successfully. C:\Windows\SysWOW64\de-DE moved successfully. Folder move failed. C:\Windows\SysWOW64\Data scheduled to be moved on reboot. C:\Windows\SysWOW64\da-DK moved successfully. C:\Windows\SysWOW64\cs-CZ moved successfully. C:\Windows\SysWOW64\config\TxR moved successfully. C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies moved successfully. C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows moved successfully. C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs moved successfully. C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs moved successfully. C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates moved successfully. C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My moved successfully. Folder move failed. C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming scheduled to be moved on reboot. C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData moved successfully. C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content moved successfully. C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache moved successfully. C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft moved successfully. C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow moved successfully. C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PIS8C71T moved successfully. C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIFZG1IP moved successfully. C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6LUEGZPT moved successfully. C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5UTCUAU2 moved successfully. C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 moved successfully. C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files moved successfully. C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5 moved successfully. C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History moved successfully. C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows moved successfully. C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft moved successfully. C:\Windows\SysWOW64\config\systemprofile\AppData\Local moved successfully. Folder move failed. C:\Windows\SysWOW64\config\systemprofile\AppData scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\config\systemprofile scheduled to be moved on reboot. C:\Windows\SysWOW64\config\RegBack moved successfully. C:\Windows\SysWOW64\config\Journal moved successfully. Folder move failed. C:\Windows\SysWOW64\config scheduled to be moved on reboot. C:\Windows\SysWOW64\com\fr-FR moved successfully. C:\Windows\SysWOW64\com\dmp moved successfully. Folder move failed. C:\Windows\SysWOW64\com scheduled to be moved on reboot. C:\Windows\SysWOW64\Branding\fr-FR moved successfully. C:\Windows\SysWOW64\Branding moved successfully. C:\Windows\SysWOW64\bg-BG moved successfully. C:\Windows\SysWOW64\ar-SA moved successfully. C:\Windows\SysWOW64\AGEIA\AG1021 moved successfully. C:\Windows\SysWOW64\AGEIA\AG1011 moved successfully. C:\Windows\SysWOW64\AGEIA moved successfully. Folder move failed. C:\Windows\SysWOW64\AdvancedInstallers scheduled to be moved on reboot. C:\Windows\SysWOW64\3Planesoft\Screensaver Manager\Data moved successfully. C:\Windows\SysWOW64\3Planesoft\Screensaver Manager moved successfully. C:\Windows\SysWOW64\3Planesoft moved successfully. C:\Windows\SysWOW64\040C moved successfully. Folder move failed. C:\Windows\SysWOW64 scheduled to be moved on reboot. C:\autorun.inf moved successfully. ========== COMMANDS ========== Explorer started successfully OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 03082009_101630 Files moved on Reboot... C:\Windows\SysWOW64\wbem\Logs moved successfully. Folder move failed. C:\Windows\SysWOW64\wbem scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\sysprep scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\Speech\SpeechUX\fr-FR scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\Speech\SpeechUX\fr-FR scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\Speech\SpeechUX scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\Speech\Engines\SR\fr-FR scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\Speech\Engines\SR\fr-FR scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\Speech\Engines\SR scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\Speech\Engines\SR\fr-FR scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\Speech\Engines\SR scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\Speech\Engines scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\Speech\SpeechUX\fr-FR scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\Speech\SpeechUX scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\Speech\Engines\SR\fr-FR scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\Speech\Engines\SR scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\Speech\Engines scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\Speech scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\setup scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\oobe scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\migwiz\dlmanifests scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\migwiz\dlmanifests scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\migwiz scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\migration scheduled to be moved on reboot. C:\Windows\SysWOW64\Macromed\Flash moved successfully. C:\Windows\SysWOW64\Macromed moved successfully. Folder move failed. C:\Windows\SysWOW64\InstallShield scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\IME\SHARED scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\IME\IMETC10 scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\IME\IMESC5 scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\IME\imekr8 scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\IME\IMEJP10 scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\IME\SHARED scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\IME\IMETC10 scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\IME\IMESC5 scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\IME\imekr8 scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\IME\IMEJP10 scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\IME scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\icsxml scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\UltimateN scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\Ultimate scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\Starter scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\HomePremiumN scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\HomePremium scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\HomeBasicN scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\HomeBasic scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\EnterpriseN scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\Enterprise scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\businessn scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\business scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\UltimateN scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\Ultimate scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\Starter scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\HomePremiumN scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\HomePremium scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\HomeBasicN scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\HomeBasic scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\EnterpriseN scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\Enterprise scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\businessn scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\business scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\UltimateN scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\Ultimate scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\Starter scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\HomePremiumN scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\HomePremium scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\HomeBasicN scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\HomeBasic scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\EnterpriseN scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\Enterprise scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\businessn scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\business scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\UltimateN scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\Ultimate scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\Starter scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\HomePremiumN scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\HomePremium scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\HomeBasicN scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\HomeBasic scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\EnterpriseN scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\Enterprise scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\businessn scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\business scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\UltimateN scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\Ultimate scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\Starter scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\HomePremiumN scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\HomePremium scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\HomeBasicN scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\HomeBasic scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\EnterpriseN scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\Enterprise scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\businessn scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\business scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\UltimateN scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\Ultimate scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\Starter scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\HomePremiumN scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\HomePremium scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\HomeBasicN scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\HomeBasic scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\EnterpriseN scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\Enterprise scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\businessn scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\business scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\UltimateN scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\Ultimate scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\Starter scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\HomePremiumN scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\HomePremium scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\HomeBasicN scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\HomeBasic scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\EnterpriseN scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\Enterprise scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\businessn scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\business scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\UltimateN scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\Ultimate scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\Starter scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\HomePremiumN scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\HomePremium scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\HomeBasicN scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\HomeBasic scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\EnterpriseN scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\Enterprise scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\businessn scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\business scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\UltimateN scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\Ultimate scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\Starter scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\HomePremiumN scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\HomePremium scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\HomeBasicN scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\HomeBasic scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\EnterpriseN scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\Enterprise scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\businessn scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\business scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\UltimateN scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\Ultimate scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\Starter scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\HomePremiumN scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\HomePremium scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\HomeBasicN scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\HomeBasic scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\EnterpriseN scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\Enterprise scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\businessn scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\business scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\UltimateN scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\Ultimate scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\Starter scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\HomePremiumN scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\HomePremium scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\HomeBasicN scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\HomeBasic scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\EnterpriseN scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\Enterprise scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\businessn scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\business scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\UltimateN scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\Ultimate scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\Starter scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\HomePremiumN scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\HomePremium scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\HomeBasicN scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\HomeBasic scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\EnterpriseN scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\Enterprise scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\businessn scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\business scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR scheduled to be moved on reboot. C:\Windows\SysWOW64\en-US moved successfully. Folder move failed. C:\Windows\SysWOW64\driverstore\fr-FR scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\driverstore\fr-FR scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\driverstore scheduled to be moved on reboot. C:\Windows\SysWOW64\Data moved successfully. C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs moved successfully. C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs moved successfully. C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates moved successfully. C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My moved successfully. Folder move failed. C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming scheduled to be moved on reboot. C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData moved successfully. C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content moved successfully. C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache moved successfully. C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft moved successfully. C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow moved successfully. Folder move failed. C:\Windows\SysWOW64\config\systemprofile\AppData scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\config\systemprofile\AppData scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\config\systemprofile scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\config\systemprofile\AppData scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\config\systemprofile scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\config scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\com scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\AdvancedInstallers scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\wbem scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\sysprep scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\Speech\SpeechUX\fr-FR scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\Speech\SpeechUX scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\Speech\Engines\SR\fr-FR scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\Speech\Engines\SR scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\Speech\Engines scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\Speech scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\setup scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\oobe scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\migwiz\dlmanifests scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\migwiz scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\migration scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\InstallShield scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\IME\SHARED scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\IME\IMETC10 scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\IME\IMESC5 scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\IME\imekr8 scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\IME\IMEJP10 scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\IME scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\icsxml scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\UltimateN scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\Ultimate scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\Starter scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\HomePremiumN scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\HomePremium scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\HomeBasicN scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\HomeBasic scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\EnterpriseN scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\Enterprise scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\businessn scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\business scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\UltimateN scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\Ultimate scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\Starter scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\HomePremiumN scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\HomePremium scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\HomeBasicN scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\HomeBasic scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\EnterpriseN scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\Enterprise scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\businessn scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\business scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\UltimateN scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\Ultimate scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\Starter scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\HomePremiumN scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\HomePremium scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\HomeBasicN scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\HomeBasic scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\EnterpriseN scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\Enterprise scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\businessn scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\business scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\fr-FR scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\driverstore\fr-FR scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\driverstore scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\config\systemprofile\AppData scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\config\systemprofile scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\config scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\com scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64\AdvancedInstallers scheduled to be moved on reboot. Folder move failed. C:\Windows\SysWOW64 scheduled to be moved on reboot.

Merci de ta gentillesse, sincèrement !!! Voilà pour Log.txt Logfile of random's system information tool 1.05 (written by random/random) Run by David Fuentes at 2009-03-07 22:21:01 Microsoft® Windows Vista™ Édition Intégrale Service Pack 1 System drive C: has 428 GB (52%) free of 821 GB Total RAM: 4094 MB (51% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:21:07, on 07/03/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18372) Boot mode: Normal Running processes: C:\Program Files (x86)\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe C:\Windows\vVX6000.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files (x86)\LaCie\Ethernet Agent\LaCie Ethernet Agent.exe C:\Windows\SysWOW64\Ctxfihlp.exe C:\Windows\SysWOW64\CTXFISPI.EXE C:\Users\David Fuentes\AppData\Local\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE C:\Windows\sysWow64\SearchProtocolHost.exe C:\Program Files (x86)\Opera\Opera.exe C:\Users\David Fuentes\Desktop\RSIT.exe C:\Users\David Fuentes\Desktop\David Fuentes.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freewebtown.com/alrefai/login.live.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = .-~= Hacked by ( ProoHack )X =~-. O1 - Hosts: ::1 localhost O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files (x86)\IEPro\iepro.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.2.0.7\IPSBHO.DLL O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [LaCie Ethernet Agent Startup] "C:\Program Files (x86)\LaCie\Ethernet Agent\LaCie Ethernet Agent.exe" O4 - HKCU\..\Run: [LaCie Backup] C:\Program Files (x86)\LaCie\Backup Software\\LaCieBackup.exe /background O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CtxfiReg] CTXFIREG.exe /FAIL1 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CtxfiReg] CTXFIREG.exe /FAIL1 (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files (x86)\IEPro\iepro.dll O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files (x86)\IEPro\iepro.dll O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files (x86)\IEPro\iepro.dll O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files (x86)\IEPro\iepro.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O15 - Trusted Zone: http://ftp_seiya.kargan.eu O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichier...ion_3_1_0_4.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Service d'état ASP.NET (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing) O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files (x86)\ma-config.com\maconfservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 9795 bytes ======Scheduled tasks folder====== C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3112037720-3721663153-2570629272-1000.job C:\Windows\tasks\User_Feed_Synchronization-{1F98FF1D-EF90-4CD6-9C15-EFCF6E137528}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00011268-E188-40DF-A514-835FCD78B1BF}] IE7Pro BHO - C:\Program Files (x86)\IEPro\iepro.dll [2008-12-09 752744] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}] Symantec NCO BHO - C:\Program Files (x86)\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll [2008-12-05 344944] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}] Symantec Intrusion Prevention - C:\Program Files (x86)\Norton Internet Security\Engine\16.2.0.7\IPSBHO.DLL [2009-01-10 107896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2009-02-14 35840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files (x86)\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll [2008-12-05 344944] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "CTxfiHlp"=C:\Windows\system32\CTXFIHLP.EXE [2008-10-07 23552] "LifeCam"=C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [2008-08-04 160800] "Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "LaCie Ethernet Agent Startup"=C:\Program Files (x86)\LaCie\Ethernet Agent\LaCie Ethernet Agent.exe [2008-06-19 4091904] "LaCie Backup"=C:\Program Files (x86)\LaCie\Backup Software\\LaCieBackup.exe [2007-12-03 2600960] "SpybotSD TeaTimer"=C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WB] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 "EnableLUA"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=0 "NoDriveAutoRun"=FFFFFFFF [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoActiveDesktop"= "ForceActiveDesktopOn"= "NoActiveDesktopChanges"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Program Files (x86)\IEPro\MiniDM.exe"="C:\Program Files (x86)\IEPro\MiniDM.exe:*:Enabled:MiniDM" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0607f00f-fde8-11dd-9de6-001060d38272}] shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe /e:vbs winfile.jpg [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4bb1a93c-04f6-11de-a5bb-001060d38272}] shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe /e:vbs winfile.jpg [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff1851d6-de9c-11dd-b399-806e6f6e6963}] shell\AutoRun\command - D:\setup.exe ======File associations====== .inf - open - %SystemRoot%\SysWow64\NOTEPAD.EXE %1 .js - edit - C:\Windows\SysWOW64\Notepad.exe %1 .js - open - C:\Windows\SysWOW64\WScript.exe "%1" %* .scr - open - "%1" %* ======List of files/folders created in the last 1 months====== 2009-03-07 22:21:01 ----D---- C:\rsit 2009-03-05 15:03:44 ----D---- C:\ProgramData\Ironclad Games 2009-03-05 15:03:33 ----D---- C:\Program Files (x86)\Stardock Games 2009-03-05 14:33:51 ----D---- C:\Users\David Fuentes\AppData\Roaming\Stardock 2009-03-05 14:33:33 ----D---- C:\ProgramData\Stardock 2009-03-05 14:33:26 ----HDC---- C:\ProgramData\{76E4F0D3-DBAE-4553-92DF-9807B61B5277} 2009-03-04 21:33:54 ----A---- C:\Users\David Fuentes\AppData\Roaming\SetValue.bat 2009-03-04 21:33:54 ----A---- C:\Users\David Fuentes\AppData\Roaming\GetValue.vbs 2009-03-04 21:28:33 ----A---- C:\Windows\system32\tmp.txt 2009-03-04 21:28:28 ----A---- C:\rapport.txt 2009-03-04 21:28:13 ----A---- C:\Windows\system32\Agent.OMZ.Fix.exe 2009-03-04 21:28:12 ----A---- C:\Windows\system32\o4Patch.exe 2009-03-04 21:28:12 ----A---- C:\Windows\system32\IEDFix.C.exe 2009-03-04 21:28:12 ----A---- C:\Windows\system32\404Fix.exe 2009-03-04 21:28:09 ----A---- C:\Windows\system32\VACFix.exe 2009-03-04 21:28:08 ----A---- C:\Windows\system32\WS2Fix.exe 2009-03-04 21:28:08 ----A---- C:\Windows\system32\VCCLSID.exe 2009-03-04 21:28:08 ----A---- C:\Windows\system32\swxcacls.exe 2009-03-04 21:28:08 ----A---- C:\Windows\system32\swsc.exe 2009-03-04 21:28:08 ----A---- C:\Windows\system32\swreg.exe 2009-03-04 21:28:08 ----A---- C:\Windows\system32\SrchSTS.exe 2009-03-04 21:28:08 ----A---- C:\Windows\system32\Process.exe 2009-03-04 21:28:08 ----A---- C:\Windows\system32\IEDFix.exe 2009-03-04 21:28:08 ----A---- C:\Windows\system32\dumphive.exe 2009-03-04 15:04:24 ----D---- C:\Users\David Fuentes\AppData\Roaming\IGN_DLM 2009-03-04 08:59:33 ----A---- C:\Windows\system32\difxapi.dll 2009-03-04 00:13:04 ----D---- C:\ProgramData\Spybot - Search & Destroy 2009-03-04 00:13:04 ----D---- C:\Program Files (x86)\Spybot - Search & Destroy 2009-03-03 23:55:42 ----D---- C:\Program Files (x86)\CCleaner 2009-03-03 13:02:01 ----A---- C:\Windows\system32\icardres.dll 2009-03-03 13:02:00 ----A---- C:\Windows\system32\PresentationNative_v0300.dll 2009-03-03 13:02:00 ----A---- C:\Windows\system32\PresentationHostProxy.dll 2009-03-03 13:02:00 ----A---- C:\Windows\system32\infocardapi.dll 2009-03-03 13:02:00 ----A---- C:\Windows\system32\icardagt.exe 2009-03-03 13:01:55 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2009-03-03 13:01:52 ----A---- C:\Windows\system32\PresentationHost.exe 2009-03-03 12:57:53 ----A---- C:\Windows\system32\netfxperf.dll 2009-03-03 12:57:44 ----A---- C:\Windows\system32\dfshim.dll 2009-03-03 12:57:27 ----A---- C:\Windows\system32\mscoree.dll 2009-03-03 12:57:18 ----A---- C:\Windows\system32\mscorier.dll 2009-03-03 12:57:14 ----A---- C:\Windows\system32\mscories.dll 2009-03-03 10:25:26 ----D---- C:\Program Files (x86)\Gravity 2009-03-03 10:01:59 ----D---- C:\Program Files (x86)\Bonjour 2009-02-26 19:19:15 ----D---- C:\Program Files (x86)\Warhammer 40.000 Dawn Of War II 2009-02-23 16:46:29 ----D---- C:\Program Files (x86)\Bethesda Softworks 2009-02-23 16:25:57 ----AD---- C:\autorun.inf 2009-02-22 11:08:14 ----D---- C:\Users\David Fuentes\AppData\Roaming\Malwarebytes 2009-02-22 11:08:09 ----D---- C:\ProgramData\Malwarebytes 2009-02-22 11:08:09 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2009-02-22 10:35:47 ----D---- C:\Program Files (x86)\Virtual Earth 3D 2009-02-22 10:25:05 ----D---- C:\ProgramData\WindowsSearch 2009-02-18 14:44:00 ----A---- C:\Windows\system32\nvwgf2um.dll 2009-02-18 14:44:00 ----A---- C:\Windows\system32\nvoglv32.dll 2009-02-18 14:44:00 ----A---- C:\Windows\system32\nvd3dum.dll 2009-02-18 14:44:00 ----A---- C:\Windows\system32\nvcuvid.dll 2009-02-18 14:44:00 ----A---- C:\Windows\system32\nvcuda.dll 2009-02-18 14:44:00 ----A---- C:\Windows\system32\nvapi.dll 2009-02-15 15:53:31 ----D---- C:\Windows\Sun 2009-02-15 15:13:23 ----HD---- C:\Users\David Fuentes\AppData\Roaming\ACV 2009-02-14 23:46:54 ----A---- C:\Windows\system32\javaws.exe 2009-02-14 23:46:54 ----A---- C:\Windows\system32\javaw.exe 2009-02-14 23:46:54 ----A---- C:\Windows\system32\java.exe 2009-02-14 23:46:54 ----A---- C:\Windows\system32\deploytk.dll 2009-02-14 23:46:47 ----D---- C:\Program Files (x86)\Java 2009-02-12 20:49:30 ----A---- C:\Windows\system32\EncDec.dll 2009-02-12 20:49:29 ----A---- C:\Windows\system32\psisdecd.dll 2009-02-10 20:53:27 ----D---- C:\Windows\system32\AGEIA 2009-02-10 20:53:27 ----D---- C:\Program Files (x86)\AGEIA Technologies 2009-02-09 22:55:17 ----D---- C:\Program Files (x86)\OCCT ======List of files/folders modified in the last 1 months====== 2009-03-07 22:21:07 ----D---- C:\Windows\Prefetch 2009-03-07 22:01:55 ----D---- C:\Windows\Temp 2009-03-07 05:25:24 ----SHD---- C:\System Volume Information 2009-03-06 23:51:24 ----D---- C:\Windows\Minidump 2009-03-06 23:51:24 ----D---- C:\Windows\Debug 2009-03-06 23:51:24 ----D---- C:\Windows 2009-03-06 20:46:31 ----D---- C:\Windows\System32 2009-03-06 20:42:32 ----D---- C:\Windows\inf 2009-03-06 01:08:55 ----D---- C:\Program Files (x86)\Steam 2009-03-05 23:34:08 ----RD---- C:\Program Files 2009-03-05 22:33:23 ----D---- C:\Users\David Fuentes\AppData\Roaming\Azureus 2009-03-05 15:03:44 ----HD---- C:\ProgramData 2009-03-05 15:03:33 ----RD---- C:\Program Files (x86) 2009-03-05 14:34:22 ----RSD---- C:\Windows\assembly 2009-03-05 14:33:55 ----D---- C:\Windows\Microsoft.NET 2009-03-05 14:33:40 ----SHD---- C:\Windows\Installer 2009-03-05 14:33:33 ----D---- C:\Program Files (x86)\Stardock 2009-03-04 21:33:54 ----D---- C:\Windows\SysWOW64 2009-03-04 15:04:24 ----SD---- C:\Windows\Downloaded Program Files 2009-03-04 11:10:53 ----D---- C:\Warhammer Online - Age of Reckoning 2009-03-04 09:14:52 ----D---- C:\ProgramData\NVIDIA 2009-03-04 09:04:29 ----D---- C:\ProgramData\InstallShield 2009-03-04 08:59:33 ----D---- C:\Program Files (x86)\Intel 2009-03-04 08:59:18 ----HD---- C:\Program Files (x86)\InstallShield Installation Information 2009-03-04 08:46:09 ----D---- C:\ProgramData\ma-config.com 2009-03-04 08:46:09 ----D---- C:\Program Files (x86)\ma-config.com 2009-03-04 00:03:07 ----D---- C:\Program Files (x86)\Curse 2009-03-03 20:53:26 ----D---- C:\Program Files (x86)\Common Files\Wise Installation Wizard 2009-03-03 20:52:54 ----D---- C:\Windows\system32\drivers 2009-03-03 16:39:18 ----SD---- C:\Users\David Fuentes\AppData\Roaming\Microsoft 2009-03-03 16:39:17 ----D---- C:\ProgramData\Microsoft Help 2009-03-03 13:38:47 ----D---- C:\Windows\rescache 2009-03-03 13:22:14 ----A---- C:\Windows\system32\PerfStringBackup.INI 2009-03-03 13:21:09 ----D---- C:\Windows\system32\fr-FR 2009-03-03 13:21:04 ----D---- C:\Windows\system32\XPSViewer 2009-03-03 13:21:01 ----D---- C:\Windows\system32\wbem 2009-03-03 13:21:01 ----D---- C:\Windows\system32\en-US 2009-03-03 13:20:45 ----D---- C:\Program Files (x86)\Microsoft Silverlight 2009-03-03 13:19:23 ----D---- C:\Windows\winsxs 2009-03-03 10:08:08 ----D---- C:\Program Files (x86)\Vuze 2009-03-02 14:44:22 ----D---- C:\Users\David Fuentes\AppData\Roaming\Mozilla 2009-03-01 17:41:14 ----D---- C:\Program Files (x86)\Windows Live 2009-03-01 17:40:04 ----D---- C:\Program Files (x86)\Common Files\microsoft shared 2009-02-22 05:36:40 ----RASH---- C:\BOOTSECT.BAK 2009-02-22 05:36:39 ----SHD---- C:\Boot 2009-02-21 21:12:15 ----SHD---- C:\$Recycle.Bin 2009-02-16 22:20:12 ----D---- C:\Users\David Fuentes\AppData\Roaming\Adobe 2009-02-15 14:11:15 ----D---- C:\ProgramData\Adobe 2009-02-15 14:11:05 ----D---- C:\Program Files (x86)\Common Files\Adobe 2009-02-15 14:11:05 ----D---- C:\Program Files (x86)\Adobe 2009-02-12 20:51:46 ----D---- C:\Windows\ehome 2009-02-12 20:49:47 ----D---- C:\Program Files (x86)\Windows Mail 2009-02-11 20:31:39 ----D---- C:\Windows\Tasks ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 ccHP;Symantec Hash Provider; \??\C:\Windows\system32\drivers\NISx64\1002000.007\ccHPx64.sys [] R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [] R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2009-02-25 475696] R1 IDSVia64;IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090303.001\IDSvia64.sys [2009-01-29 396848] R1 SRTSPX;Symantec Real Time Storage Protection (PEL) x64; \??\C:\Windows\system32\drivers\NISx64\1002000.007\SRTSPX64.SYS [] R1 SymIM;Symantec Network Security Intermediate Filter Driver; C:\Windows\system32\DRIVERS\SymIMv.sys [] R1 SYMTDI;SYMTDI; \??\C:\Windows\system32\drivers\NISx64\1002000.007\SYMTDI.SYS [] R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [] R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [] R3 CT20XUT.SYS;CT20XUT.SYS; C:\Windows\System32\drivers\CT20XUT.SYS [] R3 ctac32k;Creative AC3 Software Decoder; C:\Windows\system32\drivers\ctac32k.sys [] R3 ctaud2k;Creative Audio Driver (WDM); C:\Windows\system32\drivers\ctaud2k.sys [] R3 CTEXFIFX.SYS;CTEXFIFX.SYS; C:\Windows\System32\drivers\CTEXFIFX.SYS [] R3 ctprxy2k;Creative Proxy Driver; C:\Windows\system32\drivers\ctprxy2k.sys [] R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\Windows\system32\drivers\ctsfm2k.sys [] R3 emupia;E-mu Plug-in Architecture Driver; C:\Windows\system32\drivers\emupia2k.sys [] R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-25 131632] R3 ha20x2k;Creative 20X HAL Driver; C:\Windows\system32\drivers\ha20x2k.sys [] R3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [] R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys [] R3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090307.003\ENG64.SYS [2009-02-19 136752] R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090307.003\EX64.SYS [2009-02-19 1461808] R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [] R3 ossrv;Creative OS Services Driver; C:\Windows\system32\drivers\ctoss2k.sys [] R3 Point64;Microsoft IntelliPoint Filter Driver; C:\Windows\system32\DRIVERS\point64k.sys [] R3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\Windows\system32\DRIVERS\rfcomm.sys [] R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh64.sys [] R3 SRTSP;Symantec Real Time Storage Protection x64; \??\C:\Windows\system32\drivers\NISx64\1002000.007\SRTSP64.SYS [] R3 SYMDNS;SYMDNS; \??\C:\Windows\system32\drivers\NISx64\1002000.007\SYMDNS.SYS [] R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [] R3 SYMFW;SYMFW; \??\C:\Windows\system32\drivers\NISx64\1002000.007\SYMFW.SYS [] R3 SYMNDISV;SYMNDISV; \??\C:\Windows\system32\drivers\NISx64\1002000.007\SYMNDISV.SYS [] R3 SYMREDRV;SYMREDRV; \??\C:\Windows\system32\drivers\NISx64\1002000.007\SYMREDRV.SYS [] R3 usbaudio;Pilote USB audio (WDM); C:\Windows\system32\drivers\usbaudio.sys [] R3 VX6000;Microsoft LifeCam VX-6000; C:\Windows\system32\DRIVERS\VX6000Xp.sys [] S3 BthEnum;Pilote de bloc de demande Bluetooth; C:\Windows\system32\DRIVERS\BthEnum.sys [] S3 BthPan;Périphérique Bluetooth (réseau personnel); C:\Windows\system32\DRIVERS\bthpan.sys [] S3 BTHPORT;Pilote de port Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [] S3 BTHUSB;Pilote USB radio Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [] S3 CT20XUT;CT20XUT; C:\Windows\system32\drivers\CT20XUT.SYS [] S3 CTEXFIFX;CTEXFIFX; C:\Windows\system32\drivers\CTEXFIFX.SYS [] S3 CTHWIUT.SYS;CTHWIUT.SYS; C:\Windows\System32\drivers\CTHWIUT.SYS [] S3 CTHWIUT;CTHWIUT; C:\Windows\system32\drivers\CTHWIUT.SYS [] S3 driverhardwarev2x64;driverhardwarev2x64; \??\C:\Program Files (x86)\ma-config.com\Drivers\driverhardwarev2x64.sys [2009-01-24 15872] S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [] S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [] S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [] S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [] S3 usb_rndisx;Carte RNDIS USB; C:\Windows\system32\DRIVERS\usb8023x.sys [] S3 WINUSB;Pilote WinUsb; C:\Windows\system32\DRIVERS\WinUSB.SYS [] S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [] S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7; C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 163840] R2 Bonjour Service;Service Bonjour; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504] R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-19 21504] R2 CTAudSvcService;Creative Audio Service; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [2008-10-31 307200] R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-12-04 354840] R2 MSCamSvc;MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamS64.exe [2008-08-04 261664] R2 Norton Internet Security;Norton Internet Security; C:\Program Files (x86)\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe [2008-12-05 115560] R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [] R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-19 21504] R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-19 21504] S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-19 21504] S3 aspnet_state;Service d'état ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [] S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2008-07-27 93184] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-01-10 79360] S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-01-20 651720] S3 gusvc;Google Updater Service; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-31 136120] S3 maconfservice;Ma-Config Service; C:\Program Files (x86)\ma-config.com\maconfservice.exe [2009-01-24 216232] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776] S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-19 19968] S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2009-02-04 316664] S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-19 21504] S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [] -----------------EOF----------------- Pour info.txt info.txt logfile of random's system information tool 1.05 2009-03-07 22:21:10 ======Uninstall list====== -->C:\Program Files (x86)\DivX\DivXConverterUninstall.exe /CONVERTER -->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x40c -->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x40c -->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x40c /remove -->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{888347B3-AEC5-4BB5-8BAB-781D72A57C73}\setup.exe" -l0x40c -->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{CC3D3A93-C433-4329-AC3A-7EFC52A332C2}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{CC3D3A93-C433-4329-AC3A-7EFC52A332C2}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{FBFF2411-D066-4D24-BCE0-893086009E1B}\setup.exe" -l0x40c -->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{FBFF2411-D066-4D24-BCE0-893086009E1B}\setup.exe" -l0x40c /remove 3Planesoft Screensaver Manager 1.2-->"C:\Program Files (x86)\3Planesoft Screensaver Manager\unins000.exe" Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_plugin.exe Adobe Flash Player ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001} Age of Conan : Hyborian Adventures-->"C:\Program Files (x86)\Funcom\Age of Conan\unins000.exe" Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7} Bioshock-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/7670 CCleaner (remove only)-->"C:\Program Files (x86)\CCleaner\uninst.exe" Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E} Creative Console Launcher-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{888347B3-AEC5-4BB5-8BAB-781D72A57C73}\setup.exe" -l0x40c /remove Creative Sound Blaster Properties x64 Edition-->"C:\Program Files (x86)\Creative Installation Information\SBCONTROL64\Setup.exe" /remove /l0x040c Crysis®-->MsiExec.exe /I{000E79B7-E725-4F01-870A-C12942B7F8E4} DivX Codec-->C:\Program Files (x86)\DivX\DivXCodecUninstall.exe /CODEC DivX Converter-->C:\Program Files (x86)\DivX\DivXConverterUninstall.exe /CONVERTER DivX Player-->C:\Program Files (x86)\DivX\DivXPlayerUninstall.exe /PLAYER DivX Plus DirectShow Filters-->C:\Program Files (x86)\DivX\DivXDSFiltersUninstall.exe /DSFILTERS DivX Web Player-->C:\Program Files (x86)\DivX\DivXWebPlayerUninstall.exe /PLUGIN Dutch Windmills 3D Screensaver 1.0-->"C:\Program Files (x86)\Dutch Windmills 3D Screensaver\unins000.exe" EA Download Manager-->C:\Program Files (x86)\Electronic Arts\EADM\Uninstall.exe Fallout 3-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{974C4B12-4D02-4879-85E0-61C95CC63E9E}\setup.exe" -l0x40c -removeonly Fallout Mod Manager 0.9.9-->"C:\Program Files (x86)\Bethesda Softworks\Fallout 3\fomm\uninstall\unins000.exe" Fantasy Wars-->"C:\Program Files (x86)\Nobilis\Fantasy Wars\unins000.exe" Far Cry 2-->"C:\Program Files (x86)\InstallShield Installation Information\{F2835483-37F2-4123-B4FE-0E77D58447F2}\setup.exe" -runfromtemp -l0x040c -removeonly FTP Expert 3-->"C:\Program Files (x86)\Visicom Media\FTP Expert 3\uninst-ftp.exe" Galerie de photos Windows Live-->MsiExec.exe /X{44E54A81-9D91-4AA1-9417-80AFF134F5FF} Google SketchUp 6-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x40c -removeonly Google SketchUp 6-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\setup.exe" -l0x40c -removeonly HijackThis 2.0.2-->"C:\Users\David Fuentes\Desktop\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {08155812-0202-4D5F-A7FF-12A2782DC548} /qb+ REBOOTPROMPT="" IE7Pro-->C:\Program Files (x86)\IEPro\uninst.exe Impulse-->"C:\ProgramData\{76E4F0D3-DBAE-4553-92DF-9807B61B5277}\Impulse_setup.exe" REMOVE=TRUE MODIFY=FALSE Impulse-->C:\ProgramData\{76E4F0D3-DBAE-4553-92DF-9807B61B5277}\Impulse_setup.exe Installation Windows Live-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D} Java 6 Update 12-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF} LaCie Backup Software v1.7.2893-->MsiExec.exe /I{5967A03E-3B74-4DF1-B591-2D89CA26BDC9} LaCie Ethernet Agent 1.1.0.6-->"C:\Program Files (x86)\LaCie\Ethernet Agent\unins000.exe" Le Seigneur des anneaux Online : Les Mines de la Moria v02.01.0-->"C:\Program Files (x86)\Codemasters\Le Seigneur des anneaux Online\unins000.exe" Ma-Config.com-->MsiExec.exe /X{8AFB8FC4-3EBA-4C67-943F-CF43DB2180F1} Malwarebytes' Anti-Malware-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe" Mass Effect-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/17460 Microsoft .NET Framework 1.1 Hotfix (KB929729)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft Corporation-->MsiExec.exe /I{7B08D306-7266-4647-A926-2F78817ED1E0} Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F} Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{FD052FB9-FE90-4438-B355-15EDC89D8FB1} Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE} Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE} Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC} Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0120-040C-0000-0000000FF1CE} Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE} Microsoft Office Professional 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROR /dll OSETUP.DLL Microsoft Office Professional 2007-->MsiExec.exe /X{91120000-0014-0000-0000-0000000FF1CE} Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE} Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE} Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE} Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE} Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7} Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4} Microsoft WorldWide Telescope-->MsiExec.exe /I{E7A9DCC5-8D19-4B95-BED8-2DB41F920F11} Mirror's Edge™-->MsiExec.exe /X{AEDBD563-24BB-4EE3-8366-A654DAC2D988} MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} Norton Internet Security-->C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\2454B0AB\16.2.0.7\InstStub.exe /X NVIDIA PhysX-->MsiExec.exe /X{DD1865F0-AD73-40FB-B23E-1822E02396FF} OpenAL-->"C:\Program Files (x86)\OpenAL\OALInst.exe" /U Opera 9.63-->MsiExec.exe /X{1BC4026B-1957-4514-9058-2B542557F143} Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} Panneau de configuration audio Creative-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x40c /remove PhysX Screen Saver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{300A470B-681B-449F-82AE-6D19114702CE}\Setup.exe" -l0x9 Picasa 3-->"C:\Program Files (x86)\Google\Picasa3\Uninstall.exe" PlayNC Launcher-->C:\Program Files (x86)\InstallShield Installation Information\{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}\setup.exe -runfromtemp -l0x040c -removeonly Pocket Informant 8.51-->C:\Program Files (x86)\Pocket Informant\uninst.exe QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F} Realtek 8169 8168 8101E 8102E Ethernet Driver-->C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -removeonly Requiem-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F9831B39-277F-4F53-BFB0-12DC90C4CB40}\setup.exe" -l0x9 -removeonly Richard Garriott's Tabula Rasa-->C:\Program Files (x86)\InstallShield Installation Information\{59CAF9C7-3129-4F88-B6E8-B079EA6261C4}\Setup.exe -runfromtemp -l0x040c -removeonly Sacred 2 - Fallen Angel-->"C:\Program Files (x86)\Deep Silver\Sacred 2 - Fallen Angel\unins000.exe" Sins of a Solar Empire-->"C:\Program Files (x86)\Stardock Games\Sins of a Solar Empire\UninstHelper.exe" /autouninstall sin SPORE™-->"C:\Program Files (x86)\InstallShield Installation Information\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\SPORESetup.exe" -runfromtemp -l0x040c -removeonly Spybot - Search & Destroy-->"C:\Program Files (x86)\Spybot - Search & Destroy\unins000.exe" Station Launcher-->"C:\Program Files (x86)\InstallShield Installation Information\{958AF490-810C-4D3E-AA82-EBA2CE41DA20}\setup.exe" -runfromtemp -l0x040c -removeonly Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3} Unofficial Fallout 3 Patch v1.0.0-->"C:\Program Files (x86)\Bethesda Softworks\Fallout 3\Unofficial Fallout 3 Patch\unins000.exe" VLC media player 0.9.8a-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe Vuze-->C:\Program Files (x86)\Vuze\uninstall.exe Warhammer Online: Age of Reckoning-->"C:\Warhammer Online - Age of Reckoning\unins000.exe" Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41} Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52} Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C} Windows Live Movie Maker Bêta-->MsiExec.exe /X{F874DF52-A31F-44C1-A606-EF40F1549261} Windows Live Sync-->MsiExec.exe /X{9C5EB781-0D37-44B8-9A58-77B3E4BF5F5E} X3: Terran Conflict-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/2820 Xvid 1.2.1 final uninstall-->"C:\Program Files (x86)\Xvid\unins000.exe" =====HijackThis Backups===== R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = .-~= Hacked by ( ProoHack )X =~-. R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = .-~= Hacked by ( ProoHack )X =~-. R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = .-~= Hacked by ( ProoHack )X =~-. ======Hosts File====== 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com ======Security center information====== AV: Norton Internet Security FW: Norton Internet Security AS: Spybot - Search and Destroy (disabled) AS: Windows Defender (disabled) AS: Norton Internet Security System event log Computer Name: DavidFuentes Event Code: 7036 Message: Le service Service de découverte automatique de Proxy Web pour les services HTTP Windows est entré dans l'état : arrêté. Record Number: 44098 Source Name: Service Control Manager Time Written: 20090307181341.000000-000 Event Type: Information User: Computer Name: DavidFuentes Event Code: 26 Message: Application popup : opera.exe - Composant introuvable : Cette application n'a pas pu démarrer car MSVCR71.dll est introuvable. La réinstallation de cette application peut corriger ce problème. Record Number: 44099 Source Name: Application Popup Time Written: 20090307194435.000000-000 Event Type: Information User: Computer Name: DavidFuentes Event Code: 7036 Message: Le service Service de découverte automatique de Proxy Web pour les services HTTP Windows est entré dans l'état : en cours d'exécution. Record Number: 44100 Source Name: Service Control Manager Time Written: 20090307194814.000000-000 Event Type: Information User: Computer Name: DavidFuentes Event Code: 7036 Message: Le service Service de découverte automatique de Proxy Web pour les services HTTP Windows est entré dans l'état : arrêté. Record Number: 44101 Source Name: Service Control Manager Time Written: 20090307200444.000000-000 Event Type: Information User: Computer Name: DavidFuentes Event Code: 7036 Message: Le service Service de découverte automatique de Proxy Web pour les services HTTP Windows est entré dans l'état : en cours d'exécution. Record Number: 44102 Source Name: Service Control Manager Time Written: 20090307211817.000000-000 Event Type: Information User: Application event log Computer Name: DavidFuentes Event Code: 8224 Message: Le service VSS s’arrête, car le délai d’inactivité est dépassé. Record Number: 5898 Source Name: VSS Time Written: 20090307042510.000000-000 Event Type: Information User: Computer Name: DavidFuentes Event Code: 1005 Message: Les données du Programme d’amélioration de l’expérience utilisateur Windows ont été regroupées dans des fichiers qui seront envoyés à Microsoft pour analyse. Ces fichiers ne sont envoyés que si l’utilisateur joint le Programme d’amélioration de l’expérience utilisateur Windows. Record Number: 5899 Source Name: Microsoft-Windows-CEIP Time Written: 20090307060001.000000-000 Event Type: Information User: Computer Name: DavidFuentes Event Code: 1007 Message: Les données du Programme d’amélioration des services ont été correctement envoyées à Microsoft. Record Number: 5900 Source Name: Microsoft-Windows-CEIP Time Written: 20090307061119.000000-000 Event Type: Information User: Computer Name: DavidFuentes Event Code: 32 Message: Le magasin C:\Users\David Fuentes\AppData\Local\Microsoft\Outlook\davidfuentes_hotmail.ost a détecté un point de contrôle. Record Number: 5901 Source Name: Outlook Time Written: 20090307211807.000000-000 Event Type: Information User: Computer Name: DavidFuentes Event Code: 32 Message: Le magasin C:\Users\David Fuentes\AppData\Local\Microsoft\Outlook\Outlook.pst a détecté un point de contrôle. Record Number: 5902 Source Name: Outlook Time Written: 20090307211808.000000-000 Event Type: Information User: Security event log Computer Name: DavidFuentes Event Code: 4648 Message: Tentative d’ouverture de session en utilisant des informations d’identification explicites. Sujet : ID de sécurité : S-1-5-18 Nom du compte : DAVIDFUENTES$ Domaine du compte : WORKGROUP ID d’ouverture de session : 0x3e7 GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000} Compte dont les informations d’identification ont été utilisées : Nom du compte : SYSTEM Domaine du compte : AUTORITE NT GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000} Serveur cible : Nom du serveur cible : localhost Informations supplémentaires : localhost Informations sur le processus : ID du processus : 0x2cc Nom du processus : C:\Windows\System32\services.exe Informations sur le réseau : Adresse du réseau : - Port : - Cet événement est généré lorsqu’un processus tente d’ouvrir une session pour un compte en spécifiant explicitement les informations d’identification de ce compte. Ceci se produit le plus souvent dans les configurations par lot comme les tâches planifiées, ou avec l’utilisation de la commande RUNAS. Record Number: 15048 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090307042121.737745-000 Event Type: Succès de l'audit User: Computer Name: DavidFuentes Event Code: 4624 Message: L’ouverture de session d’un compte s’est correctement déroulée. Sujet : ID de sécurité : S-1-5-18 Nom du compte : DAVIDFUENTES$ Domaine du compte : WORKGROUP ID d’ouverture de session : 0x3e7 Type d’ouverture de session : 5 Nouvelle ouverture de session : ID de sécurité : S-1-5-18 Nom du compte : SYSTEM Domaine du compte : AUTORITE NT ID d’ouverture de session : 0x3e7 GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000} Informations sur le processus : ID du processus : 0x2cc Nom du processus : C:\Windows\System32\services.exe Informations sur le réseau : Nom de la station de travail : Adresse du réseau source : - Port source : - Informations détaillées sur l’authentification : Processus d’ouverture de session : Advapi Package d’authentification : Negotiate Services en transit : - Nom du package (NTLM uniquement) : - Longueur de la clé : 0 Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée. Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe. Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau). Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté. Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas. Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique. - Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC . - Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session. - Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM. - La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée. Record Number: 15049 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090307042121.737745-000 Event Type: Succès de l'audit User: Computer Name: DavidFuentes Event Code: 4672 Message: Privilèges spéciaux attribués à la nouvelle ouverture de session. Sujet : ID de sécurité : S-1-5-18 Nom du compte : SYSTEM Domaine du compte : AUTORITE NT ID d’ouverture de session : 0x3e7 Privilèges : SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Record Number: 15050 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090307042121.737745-000 Event Type: Succès de l'audit User: Computer Name: DavidFuentes Event Code: 4904 Message: Une tentative d’inscription de la source d’un événement de sécurité a été effectuée. Sujet : ID de sécurité : S-1-5-18 Nom du compte : DAVIDFUENTES$ Domaine du compte : WORKGROUP ID d’ouverture de session : 0x3e7 Processus : ID du processus : 0x6bc Nom du processus : C:\Windows\System32\VSSVC.exe Source de l’événement : Nom de la source : VSSAudit ID de la source de l’événement : 0x38e5d0f Record Number: 15051 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090307042210.175245-000 Event Type: Succès de l'audit User: Computer Name: DavidFuentes Event Code: 4905 Message: Une tentative d’annulation d’inscription de la source d’un événement de sécurité a été effectuée. Sujet : ID de sécurité : S-1-5-18 Nom du compte : DAVIDFUENTES$ Domaine du compte : WORKGROUP ID d’ouverture de session : 0x3e7 Processus : ID du processus : 0x6bc Nom du processus : C:\Windows\System32\VSSVC.exe Source de l’événement : Nom de la source : VSSAudit ID de la source de l’événement : 0x38e5d0f Record Number: 15052 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090307042210.190870-000 Event Type: Succès de l'audit User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files (x86)\QuickTime\QTSystem\ "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=AMD64 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel "PROCESSOR_REVISION"=0f0b "NUMBER_OF_PROCESSORS"=2 "CLASSPATH"=.;C:\Program Files (x86)\QuickTime\QTSystem\QTJava.zip "QTJAVA"=C:\Program Files (x86)\QuickTime\QTSystem\QTJava.zip "HellgateEnv"=C:\Program Files\Flagship Studios\Hellgate London\ -----------------EOF-----------------

Hello, Merci pour ta réponse. J'ai supprimé les 2 lignes et lancer Kaspersly Online. Aucun virus détecté. Pourtant, backdoor est toujours là. Le dernier rapport Hijack : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:02:36, on 07/03/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18372) Boot mode: Normal Running processes: C:\Program Files (x86)\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe C:\Windows\vVX6000.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files (x86)\LaCie\Ethernet Agent\LaCie Ethernet Agent.exe C:\Windows\SysWOW64\Ctxfihlp.exe C:\Windows\SysWOW64\CTXFISPI.EXE C:\Users\David Fuentes\AppData\Local\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Opera\opera.exe C:\Windows\sysWow64\SearchProtocolHost.exe C:\Users\David Fuentes\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freewebtown.com/alrefai/login.live.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = .-~= Hacked by ( ProoHack )X =~-. O1 - Hosts: ::1 localhost O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files (x86)\IEPro\iepro.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.2.0.7\IPSBHO.DLL O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [LaCie Ethernet Agent Startup] "C:\Program Files (x86)\LaCie\Ethernet Agent\LaCie Ethernet Agent.exe" O4 - HKCU\..\Run: [LaCie Backup] C:\Program Files (x86)\LaCie\Backup Software\\LaCieBackup.exe /background O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CtxfiReg] CTXFIREG.exe /FAIL1 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CtxfiReg] CTXFIREG.exe /FAIL1 (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files (x86)\IEPro\iepro.dll O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files (x86)\IEPro\iepro.dll O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files (x86)\IEPro\iepro.dll O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files (x86)\IEPro\iepro.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O15 - Trusted Zone: http://ftp_seiya.kargan.eu O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichier...ion_3_1_0_4.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Service d'état ASP.NET (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing) O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files (x86)\ma-config.com\maconfservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 9593 bytes

Je vais craquer. Backdoor.bifrose est revenu J'ai redémarré en mode sans echec, passé un coup de Spybot qui m'a viré une 50aine de truc, passé un coup de MBAM qui ne m'a rien détecté et au redémarrage normal, POUM, encore Backdoor.bifrose, centre de sécurité désactivé, plus possible de charger regedit, le gestionnaire des taches, etc... J'en peux plus.

Merci pour ta réponse. MBAM ne m'a rien trouvé mais par contre, Spybot a trouvé des trojans de partout. Il a tout viré mais il en reste un dont je n'arrive pas à me débarasser ni sous Spybot, ni sous MBAM. Celui sous IE qui rajoute ce message : .-~= Hacked by ( ProoHack )X =~-. et qui m'impose une page de démarrage en arabe.

Bonjour à tous, Je craque. Je suis infecté par backdoor.bifrose que NIS2009 bloque bien mais qu'il n'éradique pas. Voici mon rapport HijackThis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:30:28, on 03/03/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18372) Boot mode: Safe mode Running processes: C:\Users\David Fuentes\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freewebtown.com/alrefai/login.live.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = .-~= Hacked by ( ProoHack )X =~-. R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files (x86)\IEPro\iepro.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.2.0.7\IPSBHO.DLL O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [steam] "c:\program files (x86)\steam\steam.exe" -silent O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent O4 - HKCU\..\Run: [CurseClient] C:\Program Files (x86)\Curse\CurseClient.exe -silent O4 - HKCU\..\Run: [LaCie Ethernet Agent Startup] "C:\Program Files (x86)\LaCie\Ethernet Agent\LaCie Ethernet Agent.exe" O4 - HKCU\..\Run: [LaCie Backup] C:\Program Files (x86)\LaCie\Backup Software\\LaCieBackup.exe /background O4 - HKCU\..\Run: [Google Update] "C:\Users\David Fuentes\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CtxfiReg] CTXFIREG.exe /FAIL1 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CtxfiReg] CTXFIREG.exe /FAIL1 (User 'Default user') O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files (x86)\IEPro\iepro.dll O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files (x86)\IEPro\iepro.dll O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files (x86)\IEPro\iepro.dll O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files (x86)\IEPro\iepro.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O15 - Trusted Zone: http://ftp_seiya.kargan.eu O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichier...ion_3_1_0_4.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Service d'état ASP.NET (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing) O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files (x86)\ma-config.com\maconfservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 9721 bytes Je vous remercie milles fois d'avance parce que je n'en puis plus...