Aller au contenu
  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Infecté par backdoor.bifrose


Messages recommandés

Bonjour à tous,

 

Je craque. Je suis infecté par backdoor.bifrose que NIS2009 bloque bien mais qu'il n'éradique pas.

 

Voici mon rapport HijackThis

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:30:28, on 03/03/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v8.00 (8.00.6001.18372)

Boot mode: Safe mode

 

Running processes:

C:\Users\David Fuentes\Desktop\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freewebtown.com/alrefai/login.live.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = .-~= Hacked by ( ProoHack )X =~-.

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files (x86)\IEPro\iepro.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.2.0.7\IPSBHO.DLL

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [steam] "c:\program files (x86)\steam\steam.exe" -silent

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent

O4 - HKCU\..\Run: [CurseClient] C:\Program Files (x86)\Curse\CurseClient.exe -silent

O4 - HKCU\..\Run: [LaCie Ethernet Agent Startup] "C:\Program Files (x86)\LaCie\Ethernet Agent\LaCie Ethernet Agent.exe"

O4 - HKCU\..\Run: [LaCie Backup] C:\Program Files (x86)\LaCie\Backup Software\\LaCieBackup.exe /background

O4 - HKCU\..\Run: [Google Update] "C:\Users\David Fuentes\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CtxfiReg] CTXFIREG.exe /FAIL1 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CtxfiReg] CTXFIREG.exe /FAIL1 (User 'Default user')

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files (x86)\IEPro\iepro.dll

O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files (x86)\IEPro\iepro.dll

O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files (x86)\IEPro\iepro.dll

O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files (x86)\IEPro\iepro.dll

O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O15 - Trusted Zone: http://ftp_seiya.kargan.eu

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichier...ion_3_1_0_4.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll

O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Service d'état ASP.NET (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe

O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe

O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files (x86)\ma-config.com\maconfservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 9721 bytes

 

Je vous remercie milles fois d'avance parce que je n'en puis plus...

Modifié par Damaelyon
Lien vers le commentaire
Partager sur d’autres sites

Bonjour, tu es sous Vista64 bits, n'est-ce pas ?

 

Télécharge Malwarebytes' Anti-Malware (MBAM) (ça tournera sous 64, malgré indication du site, qui concerne le version payante, tu pourras scanner et éliminer les bestioles)

 

  • Double clique sur le fichier téléchargé pour lancer le processus d'installation.
  • Dans l'onglet "Mise à jour", clique sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.
  • Une fois la mise à jour terminée, rends-toi dans l'onglet "Recherche".
  • Sélectionne "Exécuter un examen rapide"
  • Clique sur "Rechercher"
  • L'analyse démarre, le scan est relativement long, c'est normal.
  • A la fin de l'analyse, un message s'affiche :
    L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.
    Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  • Ferme tes navigateurs.
  • Si des malwares ont été détectés, clique sur Afficher les résultats.
    Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport et poste-le dans ta prochaine réponse.

 

NB : Si MBAM te demande à redémarrer, fais-le.

Lien vers le commentaire
Partager sur d’autres sites

Merci pour ta réponse.

 

MBAM ne m'a rien trouvé mais par contre, Spybot a trouvé des trojans de partout. Il a tout viré mais il en reste un dont je n'arrive pas à me débarasser ni sous Spybot, ni sous MBAM. Celui sous IE qui rajoute ce message : .-~= Hacked by ( ProoHack )X =~-. et qui m'impose une page de démarrage en arabe.

Modifié par Damaelyon
Lien vers le commentaire
Partager sur d’autres sites

Merci pour ta réponse.

 

MBAM ne m'a rien trouvé mais par contre, Spybot a trouvé des trojans de partout. Il a tout viré mais il en reste un dont je n'arrive pas à me débarasser ni sous Spybot, ni sous MBAM. Celui sous IE qui rajoute ce message : .-~= Hacked by ( ProoHack )X =~-. et qui m'impose une page de démarrage en arabe.

 

Je vais craquer. :P

 

Backdoor.bifrose est revenu

 

J'ai redémarré en mode sans echec, passé un coup de Spybot qui m'a viré une 50aine de truc, passé un coup de MBAM qui ne m'a rien détecté et au redémarrage normal, POUM, encore Backdoor.bifrose, centre de sécurité désactivé, plus possible de charger regedit, le gestionnaire des taches, etc...

 

J'en peux plus. :P

Lien vers le commentaire
Partager sur d’autres sites

Zen, on a pas fini (jamais dit ça) et si spybot te trouve des cookies, oublie les cookies.

 

Sous 64bits tout ne tourne pas.

 

Relance HijackThis, clique sur "Do a system scan only" puis coche ceci et clique sur le bouton "Fix checked", en bas à gauche :

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = .-~= Hacked by ( ProoHack )X =~-.

 

  • Fais un scan en ligne Kaspersky, en utilisant Internet Explorer.
  • Clique sur Accept
  • Patiente le temps d'installation du Webscanner.
  • Les bases de mises à jour vont s'installer, patiente un moment
  • Clique sur Next.
  • Clique sur My Computer, le scan se met en route; attends la fin du scan sans fermer la fenêtre sinon il s'arrêtera.

 

A la fin du scan, si des objets infectés sont découverts, clique sur Save report as... Choisis de le faire vers le bureau et nomme le rapport "rapport Kaspersky" et dans le champ d'enregistrement, choisis "fichiers texte" enregistre alors le rapport.

 

Copie-colle ce rapport dans ta prochaine réponse.

Lien vers le commentaire
Partager sur d’autres sites

Zen, on a pas fini (jamais dit ça) et si spybot te trouve des cookies, oublie les cookies.

 

Sous 64bits tout ne tourne pas.

 

Relance HijackThis, clique sur "Do a system scan only" puis coche ceci et clique sur le bouton "Fix checked", en bas à gauche :

 

 

  • Fais un scan en ligne Kaspersky, en utilisant Internet Explorer.
  • Clique sur Accept
  • Patiente le temps d'installation du Webscanner.
  • Les bases de mises à jour vont s'installer, patiente un moment
  • Clique sur Next.
  • Clique sur My Computer, le scan se met en route; attends la fin du scan sans fermer la fenêtre sinon il s'arrêtera.

 

A la fin du scan, si des objets infectés sont découverts, clique sur Save report as... Choisis de le faire vers le bureau et nomme le rapport "rapport Kaspersky" et dans le champ d'enregistrement, choisis "fichiers texte" enregistre alors le rapport.

 

Copie-colle ce rapport dans ta prochaine réponse.

 

Hello,

 

Merci pour ta réponse.

 

J'ai supprimé les 2 lignes et lancer Kaspersly Online. Aucun virus détecté. :P

 

Pourtant, backdoor est toujours là. :P

 

Le dernier rapport Hijack :

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:02:36, on 07/03/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v8.00 (8.00.6001.18372)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe

C:\Windows\vVX6000.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files (x86)\LaCie\Ethernet Agent\LaCie Ethernet Agent.exe

C:\Windows\SysWOW64\Ctxfihlp.exe

C:\Windows\SysWOW64\CTXFISPI.EXE

C:\Users\David Fuentes\AppData\Local\Google\Update\GoogleUpdate.exe

C:\Program Files (x86)\Opera\opera.exe

C:\Windows\sysWow64\SearchProtocolHost.exe

C:\Users\David Fuentes\Desktop\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freewebtown.com/alrefai/login.live.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = .-~= Hacked by ( ProoHack )X =~-.

O1 - Hosts: ::1 localhost

O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files (x86)\IEPro\iepro.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.2.0.7\IPSBHO.DLL

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [LaCie Ethernet Agent Startup] "C:\Program Files (x86)\LaCie\Ethernet Agent\LaCie Ethernet Agent.exe"

O4 - HKCU\..\Run: [LaCie Backup] C:\Program Files (x86)\LaCie\Backup Software\\LaCieBackup.exe /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CtxfiReg] CTXFIREG.exe /FAIL1 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CtxfiReg] CTXFIREG.exe /FAIL1 (User 'Default user')

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files (x86)\IEPro\iepro.dll

O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files (x86)\IEPro\iepro.dll

O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files (x86)\IEPro\iepro.dll

O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files (x86)\IEPro\iepro.dll

O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O15 - Trusted Zone: http://ftp_seiya.kargan.eu

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichier...ion_3_1_0_4.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll

O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Service d'état ASP.NET (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe

O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe

O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files (x86)\ma-config.com\maconfservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 9593 bytes

Lien vers le commentaire
Partager sur d’autres sites

Ok, on va faire un rapport plus copieux, et préparer un script pour shooter tout ça. :P

 

Télécharge random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.

  • Double-clique sur RSIT.exe afin de lancer RSIT.
  • Clique Continue à l'écran Disclaimer.
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (<<qui sera affiché) ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
  • NB : Les rapports sont sauvegardés dans le dossier C:\rsit
    Ca fait deux rapports donc. :P

Lien vers le commentaire
Partager sur d’autres sites

Merci de ta gentillesse, sincèrement !!!

 

Voilà pour Log.txt

 

Logfile of random's system information tool 1.05 (written by random/random)

Run by David Fuentes at 2009-03-07 22:21:01

Microsoft® Windows Vista Édition Intégrale Service Pack 1

System drive C: has 428 GB (52%) free of 821 GB

Total RAM: 4094 MB (51% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:21:07, on 07/03/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v8.00 (8.00.6001.18372)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe

C:\Windows\vVX6000.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files (x86)\LaCie\Ethernet Agent\LaCie Ethernet Agent.exe

C:\Windows\SysWOW64\Ctxfihlp.exe

C:\Windows\SysWOW64\CTXFISPI.EXE

C:\Users\David Fuentes\AppData\Local\Google\Update\GoogleUpdate.exe

C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE

C:\Windows\sysWow64\SearchProtocolHost.exe

C:\Program Files (x86)\Opera\Opera.exe

C:\Users\David Fuentes\Desktop\RSIT.exe

C:\Users\David Fuentes\Desktop\David Fuentes.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freewebtown.com/alrefai/login.live.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = .-~= Hacked by ( ProoHack )X =~-.

O1 - Hosts: ::1 localhost

O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files (x86)\IEPro\iepro.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.2.0.7\IPSBHO.DLL

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [LaCie Ethernet Agent Startup] "C:\Program Files (x86)\LaCie\Ethernet Agent\LaCie Ethernet Agent.exe"

O4 - HKCU\..\Run: [LaCie Backup] C:\Program Files (x86)\LaCie\Backup Software\\LaCieBackup.exe /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CtxfiReg] CTXFIREG.exe /FAIL1 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CtxfiReg] CTXFIREG.exe /FAIL1 (User 'Default user')

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files (x86)\IEPro\iepro.dll

O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files (x86)\IEPro\iepro.dll

O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files (x86)\IEPro\iepro.dll

O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files (x86)\IEPro\iepro.dll

O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O15 - Trusted Zone: http://ftp_seiya.kargan.eu

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichier...ion_3_1_0_4.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll

O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Service d'état ASP.NET (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe

O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe

O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files (x86)\ma-config.com\maconfservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 9795 bytes

 

======Scheduled tasks folder======

 

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3112037720-3721663153-2570629272-1000.job

C:\Windows\tasks\User_Feed_Synchronization-{1F98FF1D-EF90-4CD6-9C15-EFCF6E137528}.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00011268-E188-40DF-A514-835FCD78B1BF}]

IE7Pro BHO - C:\Program Files (x86)\IEPro\iepro.dll [2008-12-09 752744]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

Symantec NCO BHO - C:\Program Files (x86)\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll [2008-12-05 344944]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]

Symantec Intrusion Prevention - C:\Program Files (x86)\Norton Internet Security\Engine\16.2.0.7\IPSBHO.DLL [2009-01-10 107896]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2009-02-14 35840]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files (x86)\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll [2008-12-05 344944]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"CTxfiHlp"=C:\Windows\system32\CTXFIHLP.EXE [2008-10-07 23552]

"LifeCam"=C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [2008-08-04 160800]

"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"LaCie Ethernet Agent Startup"=C:\Program Files (x86)\LaCie\Ethernet Agent\LaCie Ethernet Agent.exe [2008-06-19 4091904]

"LaCie Backup"=C:\Program Files (x86)\LaCie\Backup Software\\LaCieBackup.exe [2007-12-03 2600960]

"SpybotSD TeaTimer"=C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WB]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"EnableUIADesktopToggle"=0

"EnableLUA"=0

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=0

"NoDriveAutoRun"=FFFFFFFF

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoActiveDesktop"=

"ForceActiveDesktopOn"=

"NoActiveDesktopChanges"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"C:\Program Files (x86)\IEPro\MiniDM.exe"="C:\Program Files (x86)\IEPro\MiniDM.exe:*:Enabled:MiniDM"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0607f00f-fde8-11dd-9de6-001060d38272}]

shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe /e:vbs winfile.jpg

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4bb1a93c-04f6-11de-a5bb-001060d38272}]

shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe /e:vbs winfile.jpg

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff1851d6-de9c-11dd-b399-806e6f6e6963}]

shell\AutoRun\command - D:\setup.exe

 

 

======File associations======

 

.inf - open - %SystemRoot%\SysWow64\NOTEPAD.EXE %1

.js - edit - C:\Windows\SysWOW64\Notepad.exe %1

.js - open - C:\Windows\SysWOW64\WScript.exe "%1" %*

.scr - open - "%1" %*

 

======List of files/folders created in the last 1 months======

 

2009-03-07 22:21:01 ----D---- C:\rsit

2009-03-05 15:03:44 ----D---- C:\ProgramData\Ironclad Games

2009-03-05 15:03:33 ----D---- C:\Program Files (x86)\Stardock Games

2009-03-05 14:33:51 ----D---- C:\Users\David Fuentes\AppData\Roaming\Stardock

2009-03-05 14:33:33 ----D---- C:\ProgramData\Stardock

2009-03-05 14:33:26 ----HDC---- C:\ProgramData\{76E4F0D3-DBAE-4553-92DF-9807B61B5277}

2009-03-04 21:33:54 ----A---- C:\Users\David Fuentes\AppData\Roaming\SetValue.bat

2009-03-04 21:33:54 ----A---- C:\Users\David Fuentes\AppData\Roaming\GetValue.vbs

2009-03-04 21:28:33 ----A---- C:\Windows\system32\tmp.txt

2009-03-04 21:28:28 ----A---- C:\rapport.txt

2009-03-04 21:28:13 ----A---- C:\Windows\system32\Agent.OMZ.Fix.exe

2009-03-04 21:28:12 ----A---- C:\Windows\system32\o4Patch.exe

2009-03-04 21:28:12 ----A---- C:\Windows\system32\IEDFix.C.exe

2009-03-04 21:28:12 ----A---- C:\Windows\system32\404Fix.exe

2009-03-04 21:28:09 ----A---- C:\Windows\system32\VACFix.exe

2009-03-04 21:28:08 ----A---- C:\Windows\system32\WS2Fix.exe

2009-03-04 21:28:08 ----A---- C:\Windows\system32\VCCLSID.exe

2009-03-04 21:28:08 ----A---- C:\Windows\system32\swxcacls.exe

2009-03-04 21:28:08 ----A---- C:\Windows\system32\swsc.exe

2009-03-04 21:28:08 ----A---- C:\Windows\system32\swreg.exe

2009-03-04 21:28:08 ----A---- C:\Windows\system32\SrchSTS.exe

2009-03-04 21:28:08 ----A---- C:\Windows\system32\Process.exe

2009-03-04 21:28:08 ----A---- C:\Windows\system32\IEDFix.exe

2009-03-04 21:28:08 ----A---- C:\Windows\system32\dumphive.exe

2009-03-04 15:04:24 ----D---- C:\Users\David Fuentes\AppData\Roaming\IGN_DLM

2009-03-04 08:59:33 ----A---- C:\Windows\system32\difxapi.dll

2009-03-04 00:13:04 ----D---- C:\ProgramData\Spybot - Search & Destroy

2009-03-04 00:13:04 ----D---- C:\Program Files (x86)\Spybot - Search & Destroy

2009-03-03 23:55:42 ----D---- C:\Program Files (x86)\CCleaner

2009-03-03 13:02:01 ----A---- C:\Windows\system32\icardres.dll

2009-03-03 13:02:00 ----A---- C:\Windows\system32\PresentationNative_v0300.dll

2009-03-03 13:02:00 ----A---- C:\Windows\system32\PresentationHostProxy.dll

2009-03-03 13:02:00 ----A---- C:\Windows\system32\infocardapi.dll

2009-03-03 13:02:00 ----A---- C:\Windows\system32\icardagt.exe

2009-03-03 13:01:55 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll

2009-03-03 13:01:52 ----A---- C:\Windows\system32\PresentationHost.exe

2009-03-03 12:57:53 ----A---- C:\Windows\system32\netfxperf.dll

2009-03-03 12:57:44 ----A---- C:\Windows\system32\dfshim.dll

2009-03-03 12:57:27 ----A---- C:\Windows\system32\mscoree.dll

2009-03-03 12:57:18 ----A---- C:\Windows\system32\mscorier.dll

2009-03-03 12:57:14 ----A---- C:\Windows\system32\mscories.dll

2009-03-03 10:25:26 ----D---- C:\Program Files (x86)\Gravity

2009-03-03 10:01:59 ----D---- C:\Program Files (x86)\Bonjour

2009-02-26 19:19:15 ----D---- C:\Program Files (x86)\Warhammer 40.000 Dawn Of War II

2009-02-23 16:46:29 ----D---- C:\Program Files (x86)\Bethesda Softworks

2009-02-23 16:25:57 ----AD---- C:\autorun.inf

2009-02-22 11:08:14 ----D---- C:\Users\David Fuentes\AppData\Roaming\Malwarebytes

2009-02-22 11:08:09 ----D---- C:\ProgramData\Malwarebytes

2009-02-22 11:08:09 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2009-02-22 10:35:47 ----D---- C:\Program Files (x86)\Virtual Earth 3D

2009-02-22 10:25:05 ----D---- C:\ProgramData\WindowsSearch

2009-02-18 14:44:00 ----A---- C:\Windows\system32\nvwgf2um.dll

2009-02-18 14:44:00 ----A---- C:\Windows\system32\nvoglv32.dll

2009-02-18 14:44:00 ----A---- C:\Windows\system32\nvd3dum.dll

2009-02-18 14:44:00 ----A---- C:\Windows\system32\nvcuvid.dll

2009-02-18 14:44:00 ----A---- C:\Windows\system32\nvcuda.dll

2009-02-18 14:44:00 ----A---- C:\Windows\system32\nvapi.dll

2009-02-15 15:53:31 ----D---- C:\Windows\Sun

2009-02-15 15:13:23 ----HD---- C:\Users\David Fuentes\AppData\Roaming\ACV

2009-02-14 23:46:54 ----A---- C:\Windows\system32\javaws.exe

2009-02-14 23:46:54 ----A---- C:\Windows\system32\javaw.exe

2009-02-14 23:46:54 ----A---- C:\Windows\system32\java.exe

2009-02-14 23:46:54 ----A---- C:\Windows\system32\deploytk.dll

2009-02-14 23:46:47 ----D---- C:\Program Files (x86)\Java

2009-02-12 20:49:30 ----A---- C:\Windows\system32\EncDec.dll

2009-02-12 20:49:29 ----A---- C:\Windows\system32\psisdecd.dll

2009-02-10 20:53:27 ----D---- C:\Windows\system32\AGEIA

2009-02-10 20:53:27 ----D---- C:\Program Files (x86)\AGEIA Technologies

2009-02-09 22:55:17 ----D---- C:\Program Files (x86)\OCCT

 

======List of files/folders modified in the last 1 months======

 

2009-03-07 22:21:07 ----D---- C:\Windows\Prefetch

2009-03-07 22:01:55 ----D---- C:\Windows\Temp

2009-03-07 05:25:24 ----SHD---- C:\System Volume Information

2009-03-06 23:51:24 ----D---- C:\Windows\Minidump

2009-03-06 23:51:24 ----D---- C:\Windows\Debug

2009-03-06 23:51:24 ----D---- C:\Windows

2009-03-06 20:46:31 ----D---- C:\Windows\System32

2009-03-06 20:42:32 ----D---- C:\Windows\inf

2009-03-06 01:08:55 ----D---- C:\Program Files (x86)\Steam

2009-03-05 23:34:08 ----RD---- C:\Program Files

2009-03-05 22:33:23 ----D---- C:\Users\David Fuentes\AppData\Roaming\Azureus

2009-03-05 15:03:44 ----HD---- C:\ProgramData

2009-03-05 15:03:33 ----RD---- C:\Program Files (x86)

2009-03-05 14:34:22 ----RSD---- C:\Windows\assembly

2009-03-05 14:33:55 ----D---- C:\Windows\Microsoft.NET

2009-03-05 14:33:40 ----SHD---- C:\Windows\Installer

2009-03-05 14:33:33 ----D---- C:\Program Files (x86)\Stardock

2009-03-04 21:33:54 ----D---- C:\Windows\SysWOW64

2009-03-04 15:04:24 ----SD---- C:\Windows\Downloaded Program Files

2009-03-04 11:10:53 ----D---- C:\Warhammer Online - Age of Reckoning

2009-03-04 09:14:52 ----D---- C:\ProgramData\NVIDIA

2009-03-04 09:04:29 ----D---- C:\ProgramData\InstallShield

2009-03-04 08:59:33 ----D---- C:\Program Files (x86)\Intel

2009-03-04 08:59:18 ----HD---- C:\Program Files (x86)\InstallShield Installation Information

2009-03-04 08:46:09 ----D---- C:\ProgramData\ma-config.com

2009-03-04 08:46:09 ----D---- C:\Program Files (x86)\ma-config.com

2009-03-04 00:03:07 ----D---- C:\Program Files (x86)\Curse

2009-03-03 20:53:26 ----D---- C:\Program Files (x86)\Common Files\Wise Installation Wizard

2009-03-03 20:52:54 ----D---- C:\Windows\system32\drivers

2009-03-03 16:39:18 ----SD---- C:\Users\David Fuentes\AppData\Roaming\Microsoft

2009-03-03 16:39:17 ----D---- C:\ProgramData\Microsoft Help

2009-03-03 13:38:47 ----D---- C:\Windows\rescache

2009-03-03 13:22:14 ----A---- C:\Windows\system32\PerfStringBackup.INI

2009-03-03 13:21:09 ----D---- C:\Windows\system32\fr-FR

2009-03-03 13:21:04 ----D---- C:\Windows\system32\XPSViewer

2009-03-03 13:21:01 ----D---- C:\Windows\system32\wbem

2009-03-03 13:21:01 ----D---- C:\Windows\system32\en-US

2009-03-03 13:20:45 ----D---- C:\Program Files (x86)\Microsoft Silverlight

2009-03-03 13:19:23 ----D---- C:\Windows\winsxs

2009-03-03 10:08:08 ----D---- C:\Program Files (x86)\Vuze

2009-03-02 14:44:22 ----D---- C:\Users\David Fuentes\AppData\Roaming\Mozilla

2009-03-01 17:41:14 ----D---- C:\Program Files (x86)\Windows Live

2009-03-01 17:40:04 ----D---- C:\Program Files (x86)\Common Files\microsoft shared

2009-02-22 05:36:40 ----RASH---- C:\BOOTSECT.BAK

2009-02-22 05:36:39 ----SHD---- C:\Boot

2009-02-21 21:12:15 ----SHD---- C:\$Recycle.Bin

2009-02-16 22:20:12 ----D---- C:\Users\David Fuentes\AppData\Roaming\Adobe

2009-02-15 14:11:15 ----D---- C:\ProgramData\Adobe

2009-02-15 14:11:05 ----D---- C:\Program Files (x86)\Common Files\Adobe

2009-02-15 14:11:05 ----D---- C:\Program Files (x86)\Adobe

2009-02-12 20:51:46 ----D---- C:\Windows\ehome

2009-02-12 20:49:47 ----D---- C:\Program Files (x86)\Windows Mail

2009-02-11 20:31:39 ----D---- C:\Windows\Tasks

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 ccHP;Symantec Hash Provider; \??\C:\Windows\system32\drivers\NISx64\1002000.007\ccHPx64.sys []

R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys []

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2009-02-25 475696]

R1 IDSVia64;IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090303.001\IDSvia64.sys [2009-01-29 396848]

R1 SRTSPX;Symantec Real Time Storage Protection (PEL) x64; \??\C:\Windows\system32\drivers\NISx64\1002000.007\SRTSPX64.SYS []

R1 SymIM;Symantec Network Security Intermediate Filter Driver; C:\Windows\system32\DRIVERS\SymIMv.sys []

R1 SYMTDI;SYMTDI; \??\C:\Windows\system32\drivers\NISx64\1002000.007\SYMTDI.SYS []

R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys []

R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys []

R3 CT20XUT.SYS;CT20XUT.SYS; C:\Windows\System32\drivers\CT20XUT.SYS []

R3 ctac32k;Creative AC3 Software Decoder; C:\Windows\system32\drivers\ctac32k.sys []

R3 ctaud2k;Creative Audio Driver (WDM); C:\Windows\system32\drivers\ctaud2k.sys []

R3 CTEXFIFX.SYS;CTEXFIFX.SYS; C:\Windows\System32\drivers\CTEXFIFX.SYS []

R3 ctprxy2k;Creative Proxy Driver; C:\Windows\system32\drivers\ctprxy2k.sys []

R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\Windows\system32\drivers\ctsfm2k.sys []

R3 emupia;E-mu Plug-in Architecture Driver; C:\Windows\system32\drivers\emupia2k.sys []

R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-25 131632]

R3 ha20x2k;Creative 20X HAL Driver; C:\Windows\system32\drivers\ha20x2k.sys []

R3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys []

R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []

R3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090307.003\ENG64.SYS [2009-02-19 136752]

R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090307.003\EX64.SYS [2009-02-19 1461808]

R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys []

R3 ossrv;Creative OS Services Driver; C:\Windows\system32\drivers\ctoss2k.sys []

R3 Point64;Microsoft IntelliPoint Filter Driver; C:\Windows\system32\DRIVERS\point64k.sys []

R3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\Windows\system32\DRIVERS\rfcomm.sys []

R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh64.sys []

R3 SRTSP;Symantec Real Time Storage Protection x64; \??\C:\Windows\system32\drivers\NISx64\1002000.007\SRTSP64.SYS []

R3 SYMDNS;SYMDNS; \??\C:\Windows\system32\drivers\NISx64\1002000.007\SYMDNS.SYS []

R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS []

R3 SYMFW;SYMFW; \??\C:\Windows\system32\drivers\NISx64\1002000.007\SYMFW.SYS []

R3 SYMNDISV;SYMNDISV; \??\C:\Windows\system32\drivers\NISx64\1002000.007\SYMNDISV.SYS []

R3 SYMREDRV;SYMREDRV; \??\C:\Windows\system32\drivers\NISx64\1002000.007\SYMREDRV.SYS []

R3 usbaudio;Pilote USB audio (WDM); C:\Windows\system32\drivers\usbaudio.sys []

R3 VX6000;Microsoft LifeCam VX-6000; C:\Windows\system32\DRIVERS\VX6000Xp.sys []

S3 BthEnum;Pilote de bloc de demande Bluetooth; C:\Windows\system32\DRIVERS\BthEnum.sys []

S3 BthPan;Périphérique Bluetooth (réseau personnel); C:\Windows\system32\DRIVERS\bthpan.sys []

S3 BTHPORT;Pilote de port Bluetooth; C:\Windows\System32\Drivers\BTHport.sys []

S3 BTHUSB;Pilote USB radio Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys []

S3 CT20XUT;CT20XUT; C:\Windows\system32\drivers\CT20XUT.SYS []

S3 CTEXFIFX;CTEXFIFX; C:\Windows\system32\drivers\CTEXFIFX.SYS []

S3 CTHWIUT.SYS;CTHWIUT.SYS; C:\Windows\System32\drivers\CTHWIUT.SYS []

S3 CTHWIUT;CTHWIUT; C:\Windows\system32\drivers\CTHWIUT.SYS []

S3 driverhardwarev2x64;driverhardwarev2x64; \??\C:\Program Files (x86)\ma-config.com\Drivers\driverhardwarev2x64.sys [2009-01-24 15872]

S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys []

S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys []

S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys []

S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys []

S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys []

S3 usb_rndisx;Carte RNDIS USB; C:\Windows\system32\DRIVERS\usb8023x.sys []

S3 WINUSB;Pilote WinUsb; C:\Windows\system32\DRIVERS\WinUSB.SYS []

S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []

S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys []

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7; C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 163840]

R2 Bonjour Service;Service Bonjour; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2008-12-12 238888]

R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]

R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-19 21504]

R2 CTAudSvcService;Creative Audio Service; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [2008-10-31 307200]

R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-12-04 354840]

R2 MSCamSvc;MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamS64.exe [2008-08-04 261664]

R2 Norton Internet Security;Norton Internet Security; C:\Program Files (x86)\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe [2008-12-05 115560]

R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe []

R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-19 21504]

R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-19 21504]

S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-19 21504]

S3 aspnet_state;Service d'état ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe []

S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2008-07-27 93184]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-01-10 79360]

S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe []

S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-01-20 651720]

S3 gusvc;Google Updater Service; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-31 136120]

S3 maconfservice;Ma-Config Service; C:\Program Files (x86)\ma-config.com\maconfservice.exe [2009-01-24 216232]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]

S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-19 19968]

S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2009-02-04 316664]

S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-19 21504]

S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe []

 

-----------------EOF-----------------

 

Pour info.txt

 

info.txt logfile of random's system information tool 1.05 2009-03-07 22:21:10

 

======Uninstall list======

 

-->C:\Program Files (x86)\DivX\DivXConverterUninstall.exe /CONVERTER

-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x40c

-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x40c

-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x40c /remove

-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{888347B3-AEC5-4BB5-8BAB-781D72A57C73}\setup.exe" -l0x40c

-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{CC3D3A93-C433-4329-AC3A-7EFC52A332C2}\setup.exe" -l0x9

-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{CC3D3A93-C433-4329-AC3A-7EFC52A332C2}\setup.exe" -l0x9 /remove

-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{FBFF2411-D066-4D24-BCE0-893086009E1B}\setup.exe" -l0x40c

-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{FBFF2411-D066-4D24-BCE0-893086009E1B}\setup.exe" -l0x40c /remove

3Planesoft Screensaver Manager 1.2-->"C:\Program Files (x86)\3Planesoft Screensaver Manager\unins000.exe"

Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_plugin.exe

Adobe Flash Player ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe

Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001}

Age of Conan : Hyborian Adventures-->"C:\Program Files (x86)\Funcom\Age of Conan\unins000.exe"

Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}

Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}

Bioshock-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/7670

CCleaner (remove only)-->"C:\Program Files (x86)\CCleaner\uninst.exe"

Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}

Creative Console Launcher-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{888347B3-AEC5-4BB5-8BAB-781D72A57C73}\setup.exe" -l0x40c /remove

Creative Sound Blaster Properties x64 Edition-->"C:\Program Files (x86)\Creative Installation Information\SBCONTROL64\Setup.exe" /remove /l0x040c

Crysis®-->MsiExec.exe /I{000E79B7-E725-4F01-870A-C12942B7F8E4}

DivX Codec-->C:\Program Files (x86)\DivX\DivXCodecUninstall.exe /CODEC

DivX Converter-->C:\Program Files (x86)\DivX\DivXConverterUninstall.exe /CONVERTER

DivX Player-->C:\Program Files (x86)\DivX\DivXPlayerUninstall.exe /PLAYER

DivX Plus DirectShow Filters-->C:\Program Files (x86)\DivX\DivXDSFiltersUninstall.exe /DSFILTERS

DivX Web Player-->C:\Program Files (x86)\DivX\DivXWebPlayerUninstall.exe /PLUGIN

Dutch Windmills 3D Screensaver 1.0-->"C:\Program Files (x86)\Dutch Windmills 3D Screensaver\unins000.exe"

EA Download Manager-->C:\Program Files (x86)\Electronic Arts\EADM\Uninstall.exe

Fallout 3-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{974C4B12-4D02-4879-85E0-61C95CC63E9E}\setup.exe" -l0x40c -removeonly

Fallout Mod Manager 0.9.9-->"C:\Program Files (x86)\Bethesda Softworks\Fallout 3\fomm\uninstall\unins000.exe"

Fantasy Wars-->"C:\Program Files (x86)\Nobilis\Fantasy Wars\unins000.exe"

Far Cry 2-->"C:\Program Files (x86)\InstallShield Installation Information\{F2835483-37F2-4123-B4FE-0E77D58447F2}\setup.exe" -runfromtemp -l0x040c -removeonly

FTP Expert 3-->"C:\Program Files (x86)\Visicom Media\FTP Expert 3\uninst-ftp.exe"

Galerie de photos Windows Live-->MsiExec.exe /X{44E54A81-9D91-4AA1-9417-80AFF134F5FF}

Google SketchUp 6-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x40c -removeonly

Google SketchUp 6-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\setup.exe" -l0x40c -removeonly

HijackThis 2.0.2-->"C:\Users\David Fuentes\Desktop\HijackThis.exe" /uninstall

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {08155812-0202-4D5F-A7FF-12A2782DC548} /qb+ REBOOTPROMPT=""

IE7Pro-->C:\Program Files (x86)\IEPro\uninst.exe

Impulse-->"C:\ProgramData\{76E4F0D3-DBAE-4553-92DF-9807B61B5277}\Impulse_setup.exe" REMOVE=TRUE MODIFY=FALSE

Impulse-->C:\ProgramData\{76E4F0D3-DBAE-4553-92DF-9807B61B5277}\Impulse_setup.exe

Installation Windows Live-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe

Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}

Java 6 Update 12-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}

LaCie Backup Software v1.7.2893-->MsiExec.exe /I{5967A03E-3B74-4DF1-B591-2D89CA26BDC9}

LaCie Ethernet Agent 1.1.0.6-->"C:\Program Files (x86)\LaCie\Ethernet Agent\unins000.exe"

Le Seigneur des anneaux Online : Les Mines de la Moria v02.01.0-->"C:\Program Files (x86)\Codemasters\Le Seigneur des anneaux Online\unins000.exe"

Ma-Config.com-->MsiExec.exe /X{8AFB8FC4-3EBA-4C67-943F-CF43DB2180F1}

Malwarebytes' Anti-Malware-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"

Mass Effect-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/17460

Microsoft .NET Framework 1.1 Hotfix (KB929729)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"

Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft Corporation-->MsiExec.exe /I{7B08D306-7266-4647-A926-2F78817ED1E0}

Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}

Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{FD052FB9-FE90-4438-B355-15EDC89D8FB1}

Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}

Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}

Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}

Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0120-040C-0000-0000000FF1CE}

Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}

Microsoft Office Professional 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROR /dll OSETUP.DLL

Microsoft Office Professional 2007-->MsiExec.exe /X{91120000-0014-0000-0000-0000000FF1CE}

Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}

Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}

Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}

Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}

Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}

Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}

Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}

Microsoft WorldWide Telescope-->MsiExec.exe /I{E7A9DCC5-8D19-4B95-BED8-2DB41F920F11}

Mirror's Edge-->MsiExec.exe /X{AEDBD563-24BB-4EE3-8366-A654DAC2D988}

MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}

Norton Internet Security-->C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\2454B0AB\16.2.0.7\InstStub.exe /X

NVIDIA PhysX-->MsiExec.exe /X{DD1865F0-AD73-40FB-B23E-1822E02396FF}

OpenAL-->"C:\Program Files (x86)\OpenAL\OALInst.exe" /U

Opera 9.63-->MsiExec.exe /X{1BC4026B-1957-4514-9058-2B542557F143}

Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}

Panneau de configuration audio Creative-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x40c /remove

PhysX Screen Saver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{300A470B-681B-449F-82AE-6D19114702CE}\Setup.exe" -l0x9

Picasa 3-->"C:\Program Files (x86)\Google\Picasa3\Uninstall.exe"

PlayNC Launcher-->C:\Program Files (x86)\InstallShield Installation Information\{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}\setup.exe -runfromtemp -l0x040c -removeonly

Pocket Informant 8.51-->C:\Program Files (x86)\Pocket Informant\uninst.exe

QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}

Realtek 8169 8168 8101E 8102E Ethernet Driver-->C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -removeonly

Requiem-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F9831B39-277F-4F53-BFB0-12DC90C4CB40}\setup.exe" -l0x9 -removeonly

Richard Garriott's Tabula Rasa-->C:\Program Files (x86)\InstallShield Installation Information\{59CAF9C7-3129-4F88-B6E8-B079EA6261C4}\Setup.exe -runfromtemp -l0x040c -removeonly

Sacred 2 - Fallen Angel-->"C:\Program Files (x86)\Deep Silver\Sacred 2 - Fallen Angel\unins000.exe"

Sins of a Solar Empire-->"C:\Program Files (x86)\Stardock Games\Sins of a Solar Empire\UninstHelper.exe" /autouninstall sin

SPORE-->"C:\Program Files (x86)\InstallShield Installation Information\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\SPORESetup.exe" -runfromtemp -l0x040c -removeonly

Spybot - Search & Destroy-->"C:\Program Files (x86)\Spybot - Search & Destroy\unins000.exe"

Station Launcher-->"C:\Program Files (x86)\InstallShield Installation Information\{958AF490-810C-4D3E-AA82-EBA2CE41DA20}\setup.exe" -runfromtemp -l0x040c -removeonly

Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}

Unofficial Fallout 3 Patch v1.0.0-->"C:\Program Files (x86)\Bethesda Softworks\Fallout 3\Unofficial Fallout 3 Patch\unins000.exe"

VLC media player 0.9.8a-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe

Vuze-->C:\Program Files (x86)\Vuze\uninstall.exe

Warhammer Online: Age of Reckoning-->"C:\Warhammer Online - Age of Reckoning\unins000.exe"

Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}

Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}

Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}

Windows Live Movie Maker Bêta-->MsiExec.exe /X{F874DF52-A31F-44C1-A606-EF40F1549261}

Windows Live Sync-->MsiExec.exe /X{9C5EB781-0D37-44B8-9A58-77B3E4BF5F5E}

X3: Terran Conflict-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/2820

Xvid 1.2.1 final uninstall-->"C:\Program Files (x86)\Xvid\unins000.exe"

 

=====HijackThis Backups=====

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = .-~= Hacked by ( ProoHack )X =~-.

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = .-~= Hacked by ( ProoHack )X =~-.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = .-~= Hacked by ( ProoHack )X =~-.

 

======Hosts File======

 

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

 

======Security center information======

 

AV: Norton Internet Security

FW: Norton Internet Security

AS: Spybot - Search and Destroy (disabled)

AS: Windows Defender (disabled)

AS: Norton Internet Security

 

System event log

 

Computer Name: DavidFuentes

Event Code: 7036

Message: Le service Service de découverte automatique de Proxy Web pour les services HTTP Windows est entré dans l'état : arrêté.

Record Number: 44098

Source Name: Service Control Manager

Time Written: 20090307181341.000000-000

Event Type: Information

User:

 

Computer Name: DavidFuentes

Event Code: 26

Message: Application popup : opera.exe - Composant introuvable : Cette application n'a pas pu démarrer car MSVCR71.dll est introuvable. La réinstallation de cette application peut corriger ce problème.

Record Number: 44099

Source Name: Application Popup

Time Written: 20090307194435.000000-000

Event Type: Information

User:

 

Computer Name: DavidFuentes

Event Code: 7036

Message: Le service Service de découverte automatique de Proxy Web pour les services HTTP Windows est entré dans l'état : en cours d'exécution.

Record Number: 44100

Source Name: Service Control Manager

Time Written: 20090307194814.000000-000

Event Type: Information

User:

 

Computer Name: DavidFuentes

Event Code: 7036

Message: Le service Service de découverte automatique de Proxy Web pour les services HTTP Windows est entré dans l'état : arrêté.

Record Number: 44101

Source Name: Service Control Manager

Time Written: 20090307200444.000000-000

Event Type: Information

User:

 

Computer Name: DavidFuentes

Event Code: 7036

Message: Le service Service de découverte automatique de Proxy Web pour les services HTTP Windows est entré dans l'état : en cours d'exécution.

Record Number: 44102

Source Name: Service Control Manager

Time Written: 20090307211817.000000-000

Event Type: Information

User:

 

Application event log

 

Computer Name: DavidFuentes

Event Code: 8224

Message: Le service VSS s’arrête, car le délai d’inactivité est dépassé.

Record Number: 5898

Source Name: VSS

Time Written: 20090307042510.000000-000

Event Type: Information

User:

 

Computer Name: DavidFuentes

Event Code: 1005

Message: Les données du Programme d’amélioration de l’expérience utilisateur Windows ont été regroupées dans des fichiers qui seront envoyés à Microsoft pour analyse. Ces fichiers ne sont envoyés que si l’utilisateur joint le Programme d’amélioration de l’expérience utilisateur Windows.

Record Number: 5899

Source Name: Microsoft-Windows-CEIP

Time Written: 20090307060001.000000-000

Event Type: Information

User:

 

Computer Name: DavidFuentes

Event Code: 1007

Message: Les données du Programme d’amélioration des services ont été correctement envoyées à Microsoft.

Record Number: 5900

Source Name: Microsoft-Windows-CEIP

Time Written: 20090307061119.000000-000

Event Type: Information

User:

 

Computer Name: DavidFuentes

Event Code: 32

Message: Le magasin C:\Users\David Fuentes\AppData\Local\Microsoft\Outlook\davidfuentes_hotmail.ost a détecté un point de contrôle.

Record Number: 5901

Source Name: Outlook

Time Written: 20090307211807.000000-000

Event Type: Information

User:

 

Computer Name: DavidFuentes

Event Code: 32

Message: Le magasin C:\Users\David Fuentes\AppData\Local\Microsoft\Outlook\Outlook.pst a détecté un point de contrôle.

Record Number: 5902

Source Name: Outlook

Time Written: 20090307211808.000000-000

Event Type: Information

User:

 

Security event log

 

Computer Name: DavidFuentes

Event Code: 4648

Message: Tentative d’ouverture de session en utilisant des informations d’identification explicites.

 

Sujet :

ID de sécurité : S-1-5-18

Nom du compte : DAVIDFUENTES$

Domaine du compte : WORKGROUP

ID d’ouverture de session : 0x3e7

GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

 

Compte dont les informations d’identification ont été utilisées :

Nom du compte : SYSTEM

Domaine du compte : AUTORITE NT

GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

 

Serveur cible :

Nom du serveur cible : localhost

Informations supplémentaires : localhost

 

Informations sur le processus :

ID du processus : 0x2cc

Nom du processus : C:\Windows\System32\services.exe

 

Informations sur le réseau :

Adresse du réseau : -

Port : -

 

Cet événement est généré lorsqu’un processus tente d’ouvrir une session pour un compte en spécifiant explicitement les informations d’identification de ce compte. Ceci se produit le plus souvent dans les configurations par lot comme les tâches planifiées, ou avec l’utilisation de la commande RUNAS.

Record Number: 15048

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20090307042121.737745-000

Event Type: Succès de l'audit

User:

 

Computer Name: DavidFuentes

Event Code: 4624

Message: L’ouverture de session d’un compte s’est correctement déroulée.

 

Sujet :

ID de sécurité : S-1-5-18

Nom du compte : DAVIDFUENTES$

Domaine du compte : WORKGROUP

ID d’ouverture de session : 0x3e7

 

Type d’ouverture de session : 5

 

Nouvelle ouverture de session :

ID de sécurité : S-1-5-18

Nom du compte : SYSTEM

Domaine du compte : AUTORITE NT

ID d’ouverture de session : 0x3e7

GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

 

Informations sur le processus :

ID du processus : 0x2cc

Nom du processus : C:\Windows\System32\services.exe

 

Informations sur le réseau :

Nom de la station de travail :

Adresse du réseau source : -

Port source : -

 

Informations détaillées sur l’authentification :

Processus d’ouverture de session : Advapi

Package d’authentification : Negotiate

Services en transit : -

Nom du package (NTLM uniquement) : -

Longueur de la clé : 0

 

Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée.

 

Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe.

 

Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau).

 

Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté.

 

Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas.

 

Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique.

- Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC .

- Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session.

- Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM.

- La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée.

Record Number: 15049

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20090307042121.737745-000

Event Type: Succès de l'audit

User:

 

Computer Name: DavidFuentes

Event Code: 4672

Message: Privilèges spéciaux attribués à la nouvelle ouverture de session.

 

Sujet :

ID de sécurité : S-1-5-18

Nom du compte : SYSTEM

Domaine du compte : AUTORITE NT

ID d’ouverture de session : 0x3e7

 

Privilèges : SeAssignPrimaryTokenPrivilege

SeTcbPrivilege

SeSecurityPrivilege

SeTakeOwnershipPrivilege

SeLoadDriverPrivilege

SeBackupPrivilege

SeRestorePrivilege

SeDebugPrivilege

SeAuditPrivilege

SeSystemEnvironmentPrivilege

SeImpersonatePrivilege

Record Number: 15050

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20090307042121.737745-000

Event Type: Succès de l'audit

User:

 

Computer Name: DavidFuentes

Event Code: 4904

Message: Une tentative d’inscription de la source d’un événement de sécurité a été effectuée.

 

Sujet :

ID de sécurité : S-1-5-18

Nom du compte : DAVIDFUENTES$

Domaine du compte : WORKGROUP

ID d’ouverture de session : 0x3e7

 

Processus :

ID du processus : 0x6bc

Nom du processus : C:\Windows\System32\VSSVC.exe

 

Source de l’événement :

Nom de la source : VSSAudit

ID de la source de l’événement : 0x38e5d0f

Record Number: 15051

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20090307042210.175245-000

Event Type: Succès de l'audit

User:

 

Computer Name: DavidFuentes

Event Code: 4905

Message: Une tentative d’annulation d’inscription de la source d’un événement de sécurité a été effectuée.

 

Sujet :

ID de sécurité : S-1-5-18

Nom du compte : DAVIDFUENTES$

Domaine du compte : WORKGROUP

ID d’ouverture de session : 0x3e7

 

Processus :

ID du processus : 0x6bc

Nom du processus : C:\Windows\System32\VSSVC.exe

 

Source de l’événement :

Nom de la source : VSSAudit

ID de la source de l’événement : 0x38e5d0f

Record Number: 15052

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20090307042210.190870-000

Event Type: Succès de l'audit

User:

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files (x86)\QuickTime\QTSystem\

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

"PROCESSOR_ARCHITECTURE"=AMD64

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"USERNAME"=SYSTEM

"windir"=%SystemRoot%

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel

"PROCESSOR_REVISION"=0f0b

"NUMBER_OF_PROCESSORS"=2

"CLASSPATH"=.;C:\Program Files (x86)\QuickTime\QTSystem\QTJava.zip

"QTJAVA"=C:\Program Files (x86)\QuickTime\QTSystem\QTJava.zip

"HellgateEnv"=C:\Program Files\Flagship Studios\Hellgate London\

 

-----------------EOF-----------------

Lien vers le commentaire
Partager sur d’autres sites

Ok, on va faire des travaux. :P

 

Ta clé USB est sans doute infectée (gaffe, et elle a pu contaminer d'autres machines). Ne l'utilise pas pour le moment.

 

Désactive l'UAC avant ce qui suit (elle semble déjà désactivée, mais c'est à vérifier).

* Démarrer > Panneau de Configuration

* Double clique sur l'icône Comptes d'utilisateurs

* Clique ensuite sur le lien pour Désactiver le contrôle des utilisateurs et valide.

 

Télécharge ce fichier reg :

http://senduit.com/0d0f09

Double clique dessus pour l'ajouter au registre et confirme.

 

 

Télécharge OTMoveIt3 par OldTimer.

  • Enregistre ce fichier sur le Bureau.
  • Fais un double clic sur OTMoveIt3.exe pour lancer l'exécution de l'outil. (Note: Si tu utilises Vista, fais un clic droit sur le fichier puis choisir Exécuter en tant qu'administrateur).
  • Copie les lignes de la zone "Code" ci-dessous dans le Presse-papiers en les sélectionnant toutes puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier):
    :processes
    explorer.exe 
    :files
    C:\Windows\SysWOW64
    C:\autorun.inf
    :commands
    [start explorer]


  • Retourne dans la fenêtre de OTMoveIt3, fais un clic droit dans la zone de gauche intitulée "Paste List Of Files/Folders to Move" (sous la barre jaune) puis choisir Coller.
  • Clique sur le bouton rouge Moveit!.
  • Ferme OTMoveIt3
  • Poste dans ta prochaine réponse le rapport de OTMoveIt3 (contenu du fichier C:\_OTMoveIt\MovedFiles\********_******.log - les *** sont des chiffres représentant la date [moisjourannée] et l'heure)

Note: Si un fichier ou un dossier ne peut pas être déplacé immédiatement, un redémarrage sera peut-être nécessaire pour permettre de terminer le processus de déplacement. Si le redémarrage de la machine vous est demandé, choisir Oui/Yes.

Lien vers le commentaire
Partager sur d’autres sites

Voilà le rapport :

 

========== PROCESSES ==========

Unable to kill process: explorer.exe

========== FILES ==========

C:\Windows\SysWOW64\zh-TW moved successfully.

C:\Windows\SysWOW64\zh-HK moved successfully.

C:\Windows\SysWOW64\zh-CN moved successfully.

C:\Windows\SysWOW64\XPSViewer\fr-FR moved successfully.

C:\Windows\SysWOW64\XPSViewer\en-US moved successfully.

C:\Windows\SysWOW64\XPSViewer moved successfully.

C:\Windows\SysWOW64\xlive moved successfully.

C:\Windows\SysWOW64\winrm\040C moved successfully.

C:\Windows\SysWOW64\winrm moved successfully.

C:\Windows\SysWOW64\WCN\fr-FR moved successfully.

C:\Windows\SysWOW64\WCN moved successfully.

C:\Windows\SysWOW64\wbem\xml moved successfully.

C:\Windows\SysWOW64\wbem\tmf moved successfully.

C:\Windows\SysWOW64\wbem\Repository moved successfully.

C:\Windows\SysWOW64\wbem\Logs moved successfully.

C:\Windows\SysWOW64\wbem\fr-FR moved successfully.

C:\Windows\SysWOW64\wbem\AutoRecover moved successfully.

Folder move failed. C:\Windows\SysWOW64\wbem scheduled to be moved on reboot.

C:\Windows\SysWOW64\URTTEMP moved successfully.

C:\Windows\SysWOW64\uk-UA moved successfully.

C:\Windows\SysWOW64\tr-TR moved successfully.

C:\Windows\SysWOW64\th-TH moved successfully.

C:\Windows\SysWOW64\Tasks\Microsoft\Windows\WindowsCalendar moved successfully.

C:\Windows\SysWOW64\Tasks\Microsoft\Windows\SyncCenter moved successfully.

C:\Windows\SysWOW64\Tasks\Microsoft\Windows\PLA\System moved successfully.

C:\Windows\SysWOW64\Tasks\Microsoft\Windows\PLA moved successfully.

C:\Windows\SysWOW64\Tasks\Microsoft\Windows moved successfully.

C:\Windows\SysWOW64\Tasks\Microsoft moved successfully.

C:\Windows\SysWOW64\Tasks moved successfully.

C:\Windows\SysWOW64\sysprep\fr-FR moved successfully.

Folder move failed. C:\Windows\SysWOW64\sysprep scheduled to be moved on reboot.

C:\Windows\SysWOW64\sv-SE moved successfully.

C:\Windows\SysWOW64\sr-Latn-CS moved successfully.

Folder move failed. C:\Windows\SysWOW64\Speech\SpeechUX\fr-FR scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\Speech\SpeechUX scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\Speech\Engines\SR\fr-FR scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\Speech\Engines\SR scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\Speech\Engines scheduled to be moved on reboot.

C:\Windows\SysWOW64\Speech\Common moved successfully.

Folder move failed. C:\Windows\SysWOW64\Speech scheduled to be moved on reboot.

C:\Windows\SysWOW64\SLUI moved successfully.

C:\Windows\SysWOW64\slmgr\040C moved successfully.

C:\Windows\SysWOW64\slmgr moved successfully.

C:\Windows\SysWOW64\sl-SI moved successfully.

C:\Windows\SysWOW64\sk-SK moved successfully.

C:\Windows\SysWOW64\setup\fr-FR moved successfully.

Folder move failed. C:\Windows\SysWOW64\setup scheduled to be moved on reboot.

C:\Windows\SysWOW64\ru-RU moved successfully.

C:\Windows\SysWOW64\ro-RO moved successfully.

C:\Windows\SysWOW64\restore moved successfully.

C:\Windows\SysWOW64\ras moved successfully.

C:\Windows\SysWOW64\pt-PT moved successfully.

C:\Windows\SysWOW64\pt-BR moved successfully.

C:\Windows\SysWOW64\Printing_Admin_Scripts\fr-FR moved successfully.

C:\Windows\SysWOW64\Printing_Admin_Scripts moved successfully.

C:\Windows\SysWOW64\pl-PL moved successfully.

C:\Windows\SysWOW64\oobe\fr-FR moved successfully.

Folder move failed. C:\Windows\SysWOW64\oobe scheduled to be moved on reboot.

C:\Windows\SysWOW64\nl-NL moved successfully.

C:\Windows\SysWOW64\networklist\icons\StockIcons moved successfully.

C:\Windows\SysWOW64\networklist\icons moved successfully.

C:\Windows\SysWOW64\networklist moved successfully.

C:\Windows\SysWOW64\NDF moved successfully.

C:\Windows\SysWOW64\nb-NO moved successfully.

C:\Windows\SysWOW64\MUI\dispspec moved successfully.

C:\Windows\SysWOW64\MUI\040C moved successfully.

C:\Windows\SysWOW64\MUI\0409 moved successfully.

C:\Windows\SysWOW64\MUI moved successfully.

C:\Windows\SysWOW64\Msdtc\Trace moved successfully.

C:\Windows\SysWOW64\Msdtc moved successfully.

C:\Windows\SysWOW64\migwiz\fr-FR moved successfully.

C:\Windows\SysWOW64\migwiz\dlmanifests\Networking-MPSSVC-Svc moved successfully.

C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-WMI-Core moved successfully.

C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-Unimodem-Config moved successfully.

C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-TextServicesFramework-Migration-DL moved successfully.

C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-TapiSetup moved successfully.

C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-Sxs moved successfully.

C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-StorageMigration moved successfully.

C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-shmig-DL moved successfully.

C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-RasServer-MigPlugin moved successfully.

C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-RasConnectionManager moved successfully.

C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-RasApi moved successfully.

C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-PerformanceCounterInfrastructure-DL moved successfully.

C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-OfflineFiles-DL moved successfully.

C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-NetworkLoadBalancing-Core moved successfully.

C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-NetworkBridge moved successfully.

C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-NDIS moved successfully.

C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-msmq-messagingcoreservice moved successfully.

C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-MediaPlayer-DRM-DL moved successfully.

C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-MediaPlayer moved successfully.

C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-International-Core-DL moved successfully.

C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-IIS-DL moved successfully.

C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-IE-ESC moved successfully.

C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-IasServer-MigPlugin moved successfully.

C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-DirectoryServices-ADAM-DL moved successfully.

C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-DHCPServerMigPlugin-DL moved successfully.

C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-COM-DTC-Setup-DL moved successfully.

C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-COM-ComPlus-Setup-DL moved successfully.

C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-Bluetooth-Config moved successfully.

C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-ADFS-DL moved successfully.

C:\Windows\SysWOW64\migwiz\dlmanifests\BITSExtensions-Server moved successfully.

Folder move failed. C:\Windows\SysWOW64\migwiz\dlmanifests scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\migwiz scheduled to be moved on reboot.

C:\Windows\SysWOW64\migration\fr-FR moved successfully.

Folder move failed. C:\Windows\SysWOW64\migration scheduled to be moved on reboot.

C:\Windows\SysWOW64\manifeststore moved successfully.

Folder move failed. C:\Windows\SysWOW64\Macromed\Flash scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\Macromed scheduled to be moved on reboot.

C:\Windows\SysWOW64\lv-LV moved successfully.

C:\Windows\SysWOW64\lt-LT moved successfully.

C:\Windows\SysWOW64\LogFiles\Firewall moved successfully.

C:\Windows\SysWOW64\LogFiles moved successfully.

C:\Windows\SysWOW64\licensing\ppdlic moved successfully.

C:\Windows\SysWOW64\licensing\pkeyconfig moved successfully.

C:\Windows\SysWOW64\licensing\issuance moved successfully.

C:\Windows\SysWOW64\licensing\identity moved successfully.

C:\Windows\SysWOW64\licensing\channels\OCUR moved successfully.

C:\Windows\SysWOW64\licensing\channels moved successfully.

C:\Windows\SysWOW64\licensing moved successfully.

C:\Windows\SysWOW64\ko-KR moved successfully.

C:\Windows\SysWOW64\ja-JP moved successfully.

C:\Windows\SysWOW64\it-IT moved successfully.

C:\Windows\SysWOW64\IOSUBSYS moved successfully.

C:\Windows\SysWOW64\InstallShield\setupdir\0c0c moved successfully.

C:\Windows\SysWOW64\InstallShield\setupdir\0816 moved successfully.

C:\Windows\SysWOW64\InstallShield\setupdir\0804 moved successfully.

C:\Windows\SysWOW64\InstallShield\setupdir\0416 moved successfully.

C:\Windows\SysWOW64\InstallShield\setupdir\040c moved successfully.

C:\Windows\SysWOW64\InstallShield\setupdir\0404 moved successfully.

C:\Windows\SysWOW64\InstallShield\setupdir\002d moved successfully.

C:\Windows\SysWOW64\InstallShield\setupdir\0024 moved successfully.

C:\Windows\SysWOW64\InstallShield\setupdir\0021 moved successfully.

C:\Windows\SysWOW64\InstallShield\setupdir\001f moved successfully.

C:\Windows\SysWOW64\InstallShield\setupdir\001e moved successfully.

C:\Windows\SysWOW64\InstallShield\setupdir\001d moved successfully.

C:\Windows\SysWOW64\InstallShield\setupdir\001b moved successfully.

C:\Windows\SysWOW64\InstallShield\setupdir\001a moved successfully.

C:\Windows\SysWOW64\InstallShield\setupdir\0019 moved successfully.

C:\Windows\SysWOW64\InstallShield\setupdir\0015 moved successfully.

C:\Windows\SysWOW64\InstallShield\setupdir\0014 moved successfully.

C:\Windows\SysWOW64\InstallShield\setupdir\0013 moved successfully.

C:\Windows\SysWOW64\InstallShield\setupdir\0012 moved successfully.

C:\Windows\SysWOW64\InstallShield\setupdir\0011 moved successfully.

C:\Windows\SysWOW64\InstallShield\setupdir\0010 moved successfully.

C:\Windows\SysWOW64\InstallShield\setupdir\000e moved successfully.

C:\Windows\SysWOW64\InstallShield\setupdir\000b moved successfully.

C:\Windows\SysWOW64\InstallShield\setupdir\000a moved successfully.

C:\Windows\SysWOW64\InstallShield\setupdir\0009 moved successfully.

C:\Windows\SysWOW64\InstallShield\setupdir\0008 moved successfully.

C:\Windows\SysWOW64\InstallShield\setupdir\0007 moved successfully.

C:\Windows\SysWOW64\InstallShield\setupdir\0006 moved successfully.

C:\Windows\SysWOW64\InstallShield\setupdir\0005 moved successfully.

C:\Windows\SysWOW64\InstallShield\setupdir\0003 moved successfully.

C:\Windows\SysWOW64\InstallShield\setupdir moved successfully.

Folder move failed. C:\Windows\SysWOW64\InstallShield scheduled to be moved on reboot.

C:\Windows\SysWOW64\inetsrv moved successfully.

C:\Windows\SysWOW64\IME\SHARED\res moved successfully.

Folder move failed. C:\Windows\SysWOW64\IME\SHARED scheduled to be moved on reboot.

C:\Windows\SysWOW64\IME\IMETC10\applets moved successfully.

Folder move failed. C:\Windows\SysWOW64\IME\IMETC10 scheduled to be moved on reboot.

C:\Windows\SysWOW64\IME\IMESC5\applets moved successfully.

Folder move failed. C:\Windows\SysWOW64\IME\IMESC5 scheduled to be moved on reboot.

C:\Windows\SysWOW64\IME\imekr8\dicts moved successfully.

C:\Windows\SysWOW64\IME\imekr8\applets moved successfully.

Folder move failed. C:\Windows\SysWOW64\IME\imekr8 scheduled to be moved on reboot.

C:\Windows\SysWOW64\IME\IMEJP10\APPLETS moved successfully.

Folder move failed. C:\Windows\SysWOW64\IME\IMEJP10 scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\IME scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\icsxml scheduled to be moved on reboot.

C:\Windows\SysWOW64\ias moved successfully.

C:\Windows\SysWOW64\hu-HU moved successfully.

C:\Windows\SysWOW64\hr-HR moved successfully.

C:\Windows\SysWOW64\he-IL moved successfully.

C:\Windows\SysWOW64\GroupPolicyUsers moved successfully.

C:\Windows\SysWOW64\GroupPolicy moved successfully.

C:\Windows\SysWOW64\FxsTmp moved successfully.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\UltimateN scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\Ultimate scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\Starter scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\HomePremiumN scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\HomePremium scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\HomeBasicN scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\HomeBasic scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\EnterpriseN scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\Enterprise scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\businessn scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\business scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\UltimateN scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\Ultimate scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\Starter scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\HomePremiumN scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\HomePremium scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\HomeBasicN scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\HomeBasic scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\EnterpriseN scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\Enterprise scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\businessn scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\business scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\UltimateN scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\Ultimate scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\Starter scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\HomePremiumN scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\HomePremium scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\HomeBasicN scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\HomeBasic scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\EnterpriseN scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\Enterprise scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\businessn scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\business scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR scheduled to be moved on reboot.

C:\Windows\SysWOW64\fr moved successfully.

C:\Windows\SysWOW64\fi-FI moved successfully.

C:\Windows\SysWOW64\et-EE moved successfully.

C:\Windows\SysWOW64\es-ES moved successfully.

Folder move failed. C:\Windows\SysWOW64\en-US scheduled to be moved on reboot.

C:\Windows\SysWOW64\el-GR moved successfully.

Folder move failed. C:\Windows\SysWOW64\driverstore\fr-FR scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\driverstore scheduled to be moved on reboot.

C:\Windows\SysWOW64\drivers\UMDF\fr-FR moved successfully.

C:\Windows\SysWOW64\drivers\UMDF moved successfully.

C:\Windows\SysWOW64\drivers\fr-FR moved successfully.

C:\Windows\SysWOW64\drivers moved successfully.

C:\Windows\SysWOW64\de-DE moved successfully.

Folder move failed. C:\Windows\SysWOW64\Data scheduled to be moved on reboot.

C:\Windows\SysWOW64\da-DK moved successfully.

C:\Windows\SysWOW64\cs-CZ moved successfully.

C:\Windows\SysWOW64\config\TxR moved successfully.

C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies moved successfully.

C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows moved successfully.

C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs moved successfully.

C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs moved successfully.

C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates moved successfully.

C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My moved successfully.

Folder move failed. C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming scheduled to be moved on reboot.

C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData moved successfully.

C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content moved successfully.

C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache moved successfully.

C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft moved successfully.

C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow moved successfully.

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PIS8C71T moved successfully.

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIFZG1IP moved successfully.

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6LUEGZPT moved successfully.

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5UTCUAU2 moved successfully.

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 moved successfully.

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files moved successfully.

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5 moved successfully.

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History moved successfully.

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows moved successfully.

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft moved successfully.

C:\Windows\SysWOW64\config\systemprofile\AppData\Local moved successfully.

Folder move failed. C:\Windows\SysWOW64\config\systemprofile\AppData scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\config\systemprofile scheduled to be moved on reboot.

C:\Windows\SysWOW64\config\RegBack moved successfully.

C:\Windows\SysWOW64\config\Journal moved successfully.

Folder move failed. C:\Windows\SysWOW64\config scheduled to be moved on reboot.

C:\Windows\SysWOW64\com\fr-FR moved successfully.

C:\Windows\SysWOW64\com\dmp moved successfully.

Folder move failed. C:\Windows\SysWOW64\com scheduled to be moved on reboot.

C:\Windows\SysWOW64\Branding\fr-FR moved successfully.

C:\Windows\SysWOW64\Branding moved successfully.

C:\Windows\SysWOW64\bg-BG moved successfully.

C:\Windows\SysWOW64\ar-SA moved successfully.

C:\Windows\SysWOW64\AGEIA\AG1021 moved successfully.

C:\Windows\SysWOW64\AGEIA\AG1011 moved successfully.

C:\Windows\SysWOW64\AGEIA moved successfully.

Folder move failed. C:\Windows\SysWOW64\AdvancedInstallers scheduled to be moved on reboot.

C:\Windows\SysWOW64\3Planesoft\Screensaver Manager\Data moved successfully.

C:\Windows\SysWOW64\3Planesoft\Screensaver Manager moved successfully.

C:\Windows\SysWOW64\3Planesoft moved successfully.

C:\Windows\SysWOW64\040C moved successfully.

Folder move failed. C:\Windows\SysWOW64 scheduled to be moved on reboot.

C:\autorun.inf moved successfully.

========== COMMANDS ==========

Explorer started successfully

 

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 03082009_101630

 

Files moved on Reboot...

C:\Windows\SysWOW64\wbem\Logs moved successfully.

Folder move failed. C:\Windows\SysWOW64\wbem scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\sysprep scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\Speech\SpeechUX\fr-FR scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\Speech\SpeechUX\fr-FR scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\Speech\SpeechUX scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\Speech\Engines\SR\fr-FR scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\Speech\Engines\SR\fr-FR scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\Speech\Engines\SR scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\Speech\Engines\SR\fr-FR scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\Speech\Engines\SR scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\Speech\Engines scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\Speech\SpeechUX\fr-FR scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\Speech\SpeechUX scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\Speech\Engines\SR\fr-FR scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\Speech\Engines\SR scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\Speech\Engines scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\Speech scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\setup scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\oobe scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\migwiz\dlmanifests scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\migwiz\dlmanifests scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\migwiz scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\migration scheduled to be moved on reboot.

C:\Windows\SysWOW64\Macromed\Flash moved successfully.

C:\Windows\SysWOW64\Macromed moved successfully.

Folder move failed. C:\Windows\SysWOW64\InstallShield scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\IME\SHARED scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\IME\IMETC10 scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\IME\IMESC5 scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\IME\imekr8 scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\IME\IMEJP10 scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\IME\SHARED scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\IME\IMETC10 scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\IME\IMESC5 scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\IME\imekr8 scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\IME\IMEJP10 scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\IME scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\icsxml scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\UltimateN scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\Ultimate scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\Starter scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\HomePremiumN scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\HomePremium scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\HomeBasicN scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\HomeBasic scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\EnterpriseN scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\Enterprise scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\businessn scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\business scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\UltimateN scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\Ultimate scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\Starter scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\HomePremiumN scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\HomePremium scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\HomeBasicN scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\HomeBasic scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\EnterpriseN scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\Enterprise scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\businessn scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\business scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\UltimateN scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\Ultimate scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\Starter scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\HomePremiumN scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\HomePremium scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\HomeBasicN scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\HomeBasic scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\EnterpriseN scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\Enterprise scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\businessn scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\business scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\UltimateN scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\Ultimate scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\Starter scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\HomePremiumN scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\HomePremium scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\HomeBasicN scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\HomeBasic scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\EnterpriseN scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\Enterprise scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\businessn scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\business scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\UltimateN scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\Ultimate scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\Starter scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\HomePremiumN scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\HomePremium scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\HomeBasicN scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\HomeBasic scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\EnterpriseN scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\Enterprise scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\businessn scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\business scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\UltimateN scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\Ultimate scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\Starter scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\HomePremiumN scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\HomePremium scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\HomeBasicN scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\HomeBasic scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\EnterpriseN scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\Enterprise scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\businessn scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\business scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\UltimateN scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\Ultimate scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\Starter scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\HomePremiumN scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\HomePremium scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\HomeBasicN scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\HomeBasic scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\EnterpriseN scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\Enterprise scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\businessn scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\business scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\UltimateN scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\Ultimate scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\Starter scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\HomePremiumN scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\HomePremium scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\HomeBasicN scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\HomeBasic scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\EnterpriseN scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\Enterprise scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\businessn scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\business scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\UltimateN scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\Ultimate scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\Starter scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\HomePremiumN scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\HomePremium scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\HomeBasicN scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\HomeBasic scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\EnterpriseN scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\Enterprise scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\businessn scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\business scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\UltimateN scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\Ultimate scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\Starter scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\HomePremiumN scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\HomePremium scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\HomeBasicN scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\HomeBasic scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\EnterpriseN scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\Enterprise scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\businessn scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\business scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\UltimateN scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\Ultimate scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\Starter scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\HomePremiumN scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\HomePremium scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\HomeBasicN scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\HomeBasic scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\EnterpriseN scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\Enterprise scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\businessn scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\business scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\UltimateN scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\Ultimate scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\Starter scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\HomePremiumN scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\HomePremium scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\HomeBasicN scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\HomeBasic scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\EnterpriseN scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\Enterprise scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\businessn scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\business scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR scheduled to be moved on reboot.

C:\Windows\SysWOW64\en-US moved successfully.

Folder move failed. C:\Windows\SysWOW64\driverstore\fr-FR scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\driverstore\fr-FR scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\driverstore scheduled to be moved on reboot.

C:\Windows\SysWOW64\Data moved successfully.

C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs moved successfully.

C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs moved successfully.

C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates moved successfully.

C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My moved successfully.

Folder move failed. C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming scheduled to be moved on reboot.

C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData moved successfully.

C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content moved successfully.

C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache moved successfully.

C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft moved successfully.

C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow moved successfully.

Folder move failed. C:\Windows\SysWOW64\config\systemprofile\AppData scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\config\systemprofile\AppData scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\config\systemprofile scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\config\systemprofile\AppData scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\config\systemprofile scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\config scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\com scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\AdvancedInstallers scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\wbem scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\sysprep scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\Speech\SpeechUX\fr-FR scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\Speech\SpeechUX scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\Speech\Engines\SR\fr-FR scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\Speech\Engines\SR scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\Speech\Engines scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\Speech scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\setup scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\oobe scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\migwiz\dlmanifests scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\migwiz scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\migration scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\InstallShield scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\IME\SHARED scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\IME\IMETC10 scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\IME\IMESC5 scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\IME\imekr8 scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\IME\IMEJP10 scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\IME scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\icsxml scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\UltimateN scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\Ultimate scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\Starter scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\HomePremiumN scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\HomePremium scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\HomeBasicN scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\HomeBasic scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\EnterpriseN scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\Enterprise scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\businessn scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default\business scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\_Default scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\UltimateN scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\Ultimate scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\Starter scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\HomePremiumN scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\HomePremium scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\HomeBasicN scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\HomeBasic scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\EnterpriseN scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\Enterprise scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\businessn scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM\business scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\OEM scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\UltimateN scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\Ultimate scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\Starter scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\HomePremiumN scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\HomePremium scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\HomeBasicN scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\HomeBasic scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\EnterpriseN scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\Enterprise scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\businessn scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval\business scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses\eval scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR\Licenses scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\fr-FR scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\driverstore\fr-FR scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\driverstore scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\config\systemprofile\AppData scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\config\systemprofile scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\config scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\com scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64\AdvancedInstallers scheduled to be moved on reboot.

Folder move failed. C:\Windows\SysWOW64 scheduled to be moved on reboot.

Lien vers le commentaire
Partager sur d’autres sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

 Share

  • En ligne récemment   0 membre est en ligne

    Aucun utilisateur enregistré regarde cette page.

×
×
  • Créer...