A voir également:
- Probleme menu contextuel
- Windows 11 menu contextuel classique - Guide
- Menu déroulant excel - Guide
- Windows 11 menu démarrer classique - Guide
- Réinitialiser menu démarrer windows 10 - Guide
- Canon quick menu - Télécharger - Utilitaires
37 réponses
Utilisateur anonyme
13 juil. 2009 à 15:26
13 juil. 2009 à 15:26
salut :
*****************************************************
************** Option 1 (Recherche) **************
*****************************************************
Télécharge FindyKill (de Chiquitine29 et C_XX) sur ton bureau :
! Déconnecte toi et ferme toutes applications en cours !
* Double clique sur "FindyKill.exe" pour lancer l'installation et laisse les paramètres d'instalation par défaut .
* Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...)
* Double-clique sur le raccourci FindyKill qui est sur ton bureau pour lancer l'outil .
* Au menu principal choisis l'option " F " pour français et tape sur [entrée] .
* Au second menu Choisis l'option " 1 " (recherche) et tape sur [entrée]
Laisse travailler l'outil et ne touche à rien ...
--> Poste le rapport qui apparait à la fin , sur le forum ...
( le rapport est sauvegardé aussi sous C:\FindyKill.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
*****************************************************
************** Option 1 (Recherche) **************
*****************************************************
Télécharge FindyKill (de Chiquitine29 et C_XX) sur ton bureau :
! Déconnecte toi et ferme toutes applications en cours !
* Double clique sur "FindyKill.exe" pour lancer l'installation et laisse les paramètres d'instalation par défaut .
* Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...)
* Double-clique sur le raccourci FindyKill qui est sur ton bureau pour lancer l'outil .
* Au menu principal choisis l'option " F " pour français et tape sur [entrée] .
* Au second menu Choisis l'option " 1 " (recherche) et tape sur [entrée]
Laisse travailler l'outil et ne touche à rien ...
--> Poste le rapport qui apparait à la fin , sur le forum ...
( le rapport est sauvegardé aussi sous C:\FindyKill.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
hobywan
Messages postés
44
Date d'inscription
samedi 24 mai 2008
Statut
Membre
Dernière intervention
18 février 2016
1
13 juil. 2009 à 17:18
13 juil. 2009 à 17:18
Merci de suvre mon problème.
Ci dessous le rapport
############################## | FindyKill V6.005 |
# User : Jeff (Administrateurs) # JF-7A2AFBB7F80F
# Update on 11/07/09 by Chiquitine29 & C_XX
# Start at: 17:15:02 | 13/07/2009
# Website : http://pagesperso-orange.fr/NosTools/index.html
# AMD Athlon(tm) 64 X2 Dual Core Processor 4800+
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Enabled
# AV : AntiVir Desktop 9.0.1.26 [ Enabled | Updated ]
# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 298,08 Go (271,38 Go free) # NTFS
# D:\ # Disque fixe local # 189,92 Go (17,6 Go free) [Donnees] # NTFS
# E:\ # Disque CD-ROM
# F:\ # Disque CD-ROM # 542,71 Mo (0 Mo free) [TD3003401] # CDFS
# H:\ # Disque fixe local # 465,7 Go (137,5 Go free) [DISK MEMUP] # FAT32
############################## | Processus actifs |
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\Imgtask.exe
C:\Program Files\QUICKENW\QAGENT.EXE
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\mrtMngr.EXE
C:\Program Files\NewSoft\Presto! PVR\Monitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\INVISI~1\invtray.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\QUICKENW\QWDLLS.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Matrox Graphics Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe
C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.Pdesk.ServicesHost.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
################## | Registre Startup |
R1 - HKCU\..\Main: "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
R1 - HKCU\..\Main: "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
R1 - HKCU\..\Main: "Start Page"="https://www.google.fr/?gws_rd=ssl"
F2 - HKLM\..\logon:"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
F2 - HKLM\..\logon:"DefaultUserName"="Jeff"
F2 - HKLM\..\logon:"AltDefaultUserName"="Jeff"
F2 - HKLM\..\logon:"LegalNoticeCaption"=""
F2 - HKLM\..\logon:"LegalNoticeText"=""
04 - HKLM\..\Run: RTHDCPL=RTHDCPL.EXE
04 - HKLM\..\Run: SkyTel=SkyTel.EXE
04 - HKLM\..\Run: Alcmtr=ALCMTR.EXE
04 - HKLM\..\Run: Matrox PowerDesk SE="C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe"
04 - HKLM\..\Run: HPDJ Taskbar Utility=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
04 - HKLM\..\Run: ImgTask=C:\WINDOWS\Imgtask.exe
04 - HKLM\..\Run: QAGENT=C:\Program Files\QUICKENW\QAGENT.EXE
04 - HKLM\..\Run: QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
04 - HKLM\..\Run: SunJavaUpdateSched="C:\Program Files\Java\jre6\bin\jusched.exe"
04 - HKLM\..\Run: avgnt="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
04 - HKLM\..\Run: ChangeFilterMerit=C:\Program Files\NewSoft\Presto! PVR\ChangeFilterMerit.exe
04 - HKLM\..\Run: Presto! PVR Monitor=C:\Program Files\NewSoft\Presto! PVR\Monitor.exe
04 - HKLM\..\Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
04 - HKCU\..\Run: CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe
04 - HKCU\..\Run: Invisible Secrets 4=C:\PROGRA~1\INVISI~1\invtray.exe
04 - HKCU\..\Run: H/PC Connection Agent="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
04 - HKCU\..\Run: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\AdobeUpdater=
################## | Fichiers # Dossiers infectieux |
Présent ! C:\WINDOWS\Prefetch\MDELK.EXE-238AA5EF.pf
################## | C:\Documents and Settings\Jeff\Temporary Internet Files |
################## | All Drives ... |
Présent ! D:\recycler\S-1-5-21-1060284298-842925246-682003330-1003\Dd136\ClnBBear.com
Présent ! D:\recycler\S-1-5-21-1060284298-842925246-682003330-1003\Dd136\FixWEvar.com
Présent ! D:\recycler\S-1-5-21-1060284298-842925246-682003330-1003\Dd136\FixYaha.com
H:\autorun.inf # -> fichier appelé : "H:\sxs.exe" ( Absent ! )
Présent ! H:\autorun.inf [ff0724c80d3022bbd18b1785563abe96]
################## | Registre # Clés Run infectieuses |
Présent ! HKLM\software\microsoft\security center "FirewallDisableNotify" ( 0x1 )
################## | Registre # Mountpoints2 |
HKCU\..\..\Explorer\MountPoints2\{39e494f1-c7da-11dd-9349-001d7d925661}
Shell\AutoRun\command =sxs.exe
Shell\explore\Command =sxs.exe
Shell\open\Command =sxs.exe
################## | Etat / Services / Informations |
# Affichage des fichiers cachés : OK
# Mode sans echec : OK
# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 3 ( Good = 2 | Bad = 4 )
# Ip6Fw -> Start = 3 ( Good = 2 | Bad = 4 )
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )
################## | Cracks / Keygens / Serials |
################## | ! Fin du rapport # FindyKill V6.005 ! |
Ci dessous le rapport
############################## | FindyKill V6.005 |
# User : Jeff (Administrateurs) # JF-7A2AFBB7F80F
# Update on 11/07/09 by Chiquitine29 & C_XX
# Start at: 17:15:02 | 13/07/2009
# Website : http://pagesperso-orange.fr/NosTools/index.html
# AMD Athlon(tm) 64 X2 Dual Core Processor 4800+
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Enabled
# AV : AntiVir Desktop 9.0.1.26 [ Enabled | Updated ]
# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 298,08 Go (271,38 Go free) # NTFS
# D:\ # Disque fixe local # 189,92 Go (17,6 Go free) [Donnees] # NTFS
# E:\ # Disque CD-ROM
# F:\ # Disque CD-ROM # 542,71 Mo (0 Mo free) [TD3003401] # CDFS
# H:\ # Disque fixe local # 465,7 Go (137,5 Go free) [DISK MEMUP] # FAT32
############################## | Processus actifs |
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\Imgtask.exe
C:\Program Files\QUICKENW\QAGENT.EXE
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\mrtMngr.EXE
C:\Program Files\NewSoft\Presto! PVR\Monitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\INVISI~1\invtray.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\QUICKENW\QWDLLS.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Matrox Graphics Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe
C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.Pdesk.ServicesHost.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
################## | Registre Startup |
R1 - HKCU\..\Main: "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
R1 - HKCU\..\Main: "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
R1 - HKCU\..\Main: "Start Page"="https://www.google.fr/?gws_rd=ssl"
F2 - HKLM\..\logon:"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
F2 - HKLM\..\logon:"DefaultUserName"="Jeff"
F2 - HKLM\..\logon:"AltDefaultUserName"="Jeff"
F2 - HKLM\..\logon:"LegalNoticeCaption"=""
F2 - HKLM\..\logon:"LegalNoticeText"=""
04 - HKLM\..\Run: RTHDCPL=RTHDCPL.EXE
04 - HKLM\..\Run: SkyTel=SkyTel.EXE
04 - HKLM\..\Run: Alcmtr=ALCMTR.EXE
04 - HKLM\..\Run: Matrox PowerDesk SE="C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe"
04 - HKLM\..\Run: HPDJ Taskbar Utility=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
04 - HKLM\..\Run: ImgTask=C:\WINDOWS\Imgtask.exe
04 - HKLM\..\Run: QAGENT=C:\Program Files\QUICKENW\QAGENT.EXE
04 - HKLM\..\Run: QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
04 - HKLM\..\Run: SunJavaUpdateSched="C:\Program Files\Java\jre6\bin\jusched.exe"
04 - HKLM\..\Run: avgnt="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
04 - HKLM\..\Run: ChangeFilterMerit=C:\Program Files\NewSoft\Presto! PVR\ChangeFilterMerit.exe
04 - HKLM\..\Run: Presto! PVR Monitor=C:\Program Files\NewSoft\Presto! PVR\Monitor.exe
04 - HKLM\..\Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
04 - HKCU\..\Run: CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe
04 - HKCU\..\Run: Invisible Secrets 4=C:\PROGRA~1\INVISI~1\invtray.exe
04 - HKCU\..\Run: H/PC Connection Agent="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
04 - HKCU\..\Run: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\AdobeUpdater=
################## | Fichiers # Dossiers infectieux |
Présent ! C:\WINDOWS\Prefetch\MDELK.EXE-238AA5EF.pf
################## | C:\Documents and Settings\Jeff\Temporary Internet Files |
################## | All Drives ... |
Présent ! D:\recycler\S-1-5-21-1060284298-842925246-682003330-1003\Dd136\ClnBBear.com
Présent ! D:\recycler\S-1-5-21-1060284298-842925246-682003330-1003\Dd136\FixWEvar.com
Présent ! D:\recycler\S-1-5-21-1060284298-842925246-682003330-1003\Dd136\FixYaha.com
H:\autorun.inf # -> fichier appelé : "H:\sxs.exe" ( Absent ! )
Présent ! H:\autorun.inf [ff0724c80d3022bbd18b1785563abe96]
################## | Registre # Clés Run infectieuses |
Présent ! HKLM\software\microsoft\security center "FirewallDisableNotify" ( 0x1 )
################## | Registre # Mountpoints2 |
HKCU\..\..\Explorer\MountPoints2\{39e494f1-c7da-11dd-9349-001d7d925661}
Shell\AutoRun\command =sxs.exe
Shell\explore\Command =sxs.exe
Shell\open\Command =sxs.exe
################## | Etat / Services / Informations |
# Affichage des fichiers cachés : OK
# Mode sans echec : OK
# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 3 ( Good = 2 | Bad = 4 )
# Ip6Fw -> Start = 3 ( Good = 2 | Bad = 4 )
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )
################## | Cracks / Keygens / Serials |
################## | ! Fin du rapport # FindyKill V6.005 ! |
Utilisateur anonyme
13 juil. 2009 à 17:19
13 juil. 2009 à 17:19
*****************************************************
************* Option 2 (Suppression) *************
*****************************************************
! Déconnecte toi et ferme toutes application en cours ( navigateur compris ) .
* Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...)
* Relance "FindyKill" : au menu principal choisis l'option " F " pour français et tape sur [entrée] .
* Au second menu choisis l'option 2 (suppression) et tape sur [entrée]
* Le pc va redémarrer automatiquement ...
--> le programme va travailler , ne touche à rien ... , ton bureau ne sera pas accessible c est normal !
* Poste le rapport qui apparait à la fin ( le rapport est sauvegardé aussi sous C:\FindyKill.txt )
/!\ Si le Bureau ne réapparait pas, presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tape explorer.exe et valide
************* Option 2 (Suppression) *************
*****************************************************
! Déconnecte toi et ferme toutes application en cours ( navigateur compris ) .
* Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...)
* Relance "FindyKill" : au menu principal choisis l'option " F " pour français et tape sur [entrée] .
* Au second menu choisis l'option 2 (suppression) et tape sur [entrée]
* Le pc va redémarrer automatiquement ...
--> le programme va travailler , ne touche à rien ... , ton bureau ne sera pas accessible c est normal !
* Poste le rapport qui apparait à la fin ( le rapport est sauvegardé aussi sous C:\FindyKill.txt )
/!\ Si le Bureau ne réapparait pas, presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tape explorer.exe et valide
hobywan
Messages postés
44
Date d'inscription
samedi 24 mai 2008
Statut
Membre
Dernière intervention
18 février 2016
1
13 juil. 2009 à 18:09
13 juil. 2009 à 18:09
rebonjour,
j'ai nettoyé avec l'option 2, ca a l'air bon, le menu du disque externe est redevenu normal.
ci joint le rapport.
y a t il d'autres manips à faire!?
Merci pae avance.
############################## | FindyKill V6.005 |
# User : Jeff (Administrateurs) # JF-7A2AFBB7F80F
# Update on 11/07/09 by Chiquitine29 & C_XX
# Start at: 17:43:48 | 13/07/2009
# Website : http://pagesperso-orange.fr/NosTools/index.html
# AMD Athlon(tm) 64 X2 Dual Core Processor 4800+
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Enabled
# AV : AntiVir Desktop 9.0.1.26 [ Enabled | Updated ]
# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 298,08 Go (271,41 Go free) # NTFS
# D:\ # Disque fixe local # 189,92 Go (17,57 Go free) [Donnees] # NTFS
# E:\ # Disque CD-ROM
# F:\ # Disque CD-ROM # 542,71 Mo (0 Mo free) [TD3003401] # CDFS
# H:\ # Disque fixe local # 465,7 Go (137,5 Go free) [DISK MEMUP] # FAT32
############################## | Processus actifs |
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Matrox Graphics Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe
C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.Pdesk.ServicesHost.exe
C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\userinit.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
################## | Fichiers # Dossiers infectieux |
Supprimé ! C:\WINDOWS\Prefetch\MDELK.EXE-238AA5EF.pf
################## | C:\Documents and Settings\Jeff\Temporary Internet Files |
################## | All Drives ... |
Supprimé ! D:\recycler\S-1-5-21-1060284298-842925246-682003330-1003\Dd136\ClnBBear.com
Supprimé ! D:\recycler\S-1-5-21-1060284298-842925246-682003330-1003\Dd136\FixWEvar.com
Supprimé ! D:\recycler\S-1-5-21-1060284298-842925246-682003330-1003\Dd136\FixYaha.com
H:\autorun.inf # -> fichier appelé : "H:\sxs.exe" ( Absent ! )
Supprimé ! H:\autorun.inf
################## | Autres ... |
################## | Registre # Clés Run infectieuses |
# HKLM\software\microsoft\security center "FirewallDisableNotify" # -> Reset sucessfully !
################## | Registre # Mountpoints2 |
################## | Listing des fichiers présent |
[08/12/2008 21:47|--a------|0] - C:\AUTOEXEC.BAT
[08/12/2008 21:54|-r-hs----|224] - C:\boot.ini
[05/08/2004 14:00|-rahs----|4952] - C:\Bootfont.bin
[08/12/2008 21:47|--a------|0] - C:\CONFIG.SYS
[08/12/2008 21:55|--a------|206] - C:\csb.log
[16/04/2009 20:13|--a------|6089] - C:\dir.html
[05/05/2009 21:26|--a------|1208] - C:\enfants.txt
[05/05/2009 22:17|--a------|2333] - C:\films.txt
[13/07/2009 18:02|--a------|3671] - C:\FindyKill.txt
[13/07/2009 15:00|--a------|1779] - C:\fixnavi.txt
[08/12/2008 21:47|-rahs----|0] - C:\IO.SYS
[08/12/2008 21:47|-rahs----|0] - C:\MSDOS.SYS
[05/08/2004 14:00|-rahs----|47564] - C:\NTDETECT.COM
[09/12/2008 08:45|-rahs----|252240] - C:\ntldr
[?|?|?] - C:\pagefile.sys
[08/12/2008 21:55|--a------|423] - C:\RHDSetup.log
[29/12/2003 00:38|--a------|0] - D:\AUTOEXEC.BAT
[29/12/2003 00:38|--a------|0] - D:\CONFIG.SYS
[08/12/2008 08:20|--a------|86] - D:\CSB.LOG
[14/07/2008 18:59|--a------|1316] - D:\Gulli - 08-07-2008 11h33 1h.ts
[24/04/2004 14:46|--a------|199739] - D:\Image2.psp
[29/12/2003 00:38|-rahs----|0] - D:\IO.SYS
[29/12/2003 00:38|-rahs----|0] - D:\MSDOS.SYS
[21/10/2004 17:04|--a------|980992] - D:\oggcodecs.msi
[07/12/2008 19:40|--a------|23] - D:\Q3.DIR
[08/12/2008 08:22|--a------|423] - D:\RHDSetup.log
[20/02/2005 01:43|--ahs----|8704] - D:\Thumbs.db
[08/06/2008 23:00|--a------|52259440] - D:\TMC - 04-06-2008 17h14 3h.ts
[10/02/2007 14:29|-r-------|2225] - F:\CONFIG.LOG
[08/03/2006 09:48|-r-------|628011] - F:\DB_DWNL.OUT
[10/03/2006 05:57|-r-------|6174414] - F:\DCN.CAT
[10/03/2006 05:58|-r-------|71842209] - F:\FRANC.DEG
[08/03/2006 20:10|-r-------|14935457] - F:\FRANC002.DEG
[10/03/2006 05:58|-r-------|995328] - F:\FRANC002.DPL
[10/03/2006 05:59|-r-------|20297438] - F:\FRANC002.DRL
[08/03/2006 20:09|-r-------|1022653] - F:\FRANC100.DEG
[10/03/2006 05:58|-r-------|3888] - F:\FRANC100.DPL
[10/03/2006 05:59|-r-------|5539274] - F:\FRANC100.DRL
[10/03/2006 05:59|-r-------|25714] - F:\FRANCCAT.POI
[10/02/2007 14:39|-r-------|13816803] - F:\FRANCDPA.LZW
[10/02/2007 14:39|-r-------|4280592] - F:\FRANCDSP.POI
[10/02/2007 14:39|-r-------|13015446] - F:\FRANCPOI.DAT
[10/02/2007 14:39|-r-------|537489] - F:\FRANCSAF.DSC
[10/02/2007 14:39|-r-------|451437] - F:\FRANCSAF.DST
[10/02/2007 14:39|-r-------|1086164] - F:\FRANCSAU.DSC
[10/02/2007 14:39|-r-------|1791440] - F:\FRANCSAU.DST
[10/02/2007 14:39|-r-------|2172940] - F:\FRANCSCC.DST
[10/03/2006 05:59|-r-------|71016] - F:\FRANCSCC.IMP
[10/02/2007 14:39|-r-------|480352] - F:\FRANCSEM.DSC
[10/02/2007 14:39|-r-------|369950] - F:\FRANCSEM.DST
[10/02/2007 14:39|-r-------|1944426] - F:\FRANCSHR.DSC
[10/02/2007 14:39|-r-------|2232930] - F:\FRANCSHR.DST
[10/02/2007 14:39|-r-------|172941] - F:\FRANCSSH.DSC
[10/02/2007 14:39|-r-------|180026] - F:\FRANCSSH.DST
[10/02/2007 14:39|-r-------|590393] - F:\FRANCSSP.DSC
[10/02/2007 14:39|-r-------|520870] - F:\FRANCSSP.DST
[10/02/2007 14:39|-r-------|6304586] - F:\FRANCSTR.DSC
[10/02/2007 14:39|-r-------|8930201] - F:\FRANCSTR.DST
[10/02/2007 14:39|-r-------|660943] - F:\FRANCSTU.DSC
[10/02/2007 14:39|-r-------|540764] - F:\FRANCSTU.DST
[10/03/2006 05:59|-r-------|3600] - F:\FRANC_DA.POI
[10/03/2006 05:59|-r-------|3600] - F:\FRANC_DE.POI
[10/03/2006 05:28|-r-------|226495668] - F:\FRANC_DET.DRS
[10/03/2006 05:59|-r-------|3600] - F:\FRANC_ES.POI
[10/03/2006 05:56|-r-------|1105920] - F:\FRANC_EX.DPS
[10/03/2006 05:56|-r-------|20864572] - F:\FRANC_EX.DSS
[10/03/2006 05:57|-r-------|5838144] - F:\FRANC_EX.RID
[10/03/2006 05:59|-r-------|3600] - F:\FRANC_FR.POI
[10/03/2006 05:59|-r-------|3600] - F:\FRANC_IT.POI
[10/03/2006 05:59|-r-------|3600] - F:\FRANC_NL.POI
[10/02/2007 14:38|-r-------|16683115] - F:\FRANC_NOMSERV.DAT
[08/03/2006 15:37|-r-------|575768] - F:\FRANC_NV.DAT
[10/03/2006 05:59|-r-------|3600] - F:\FRANC_PO.POI
[10/03/2006 05:59|-r-------|3600] - F:\FRANC_SW.POI
[10/03/2006 05:59|-r-------|3600] - F:\FRANC_UK.POI
[10/02/2007 14:39|-r-------|414898] - F:\GRUPPO_2.DAT
[10/02/2007 14:39|-r-------|728847] - F:\GUIDA_CHAMPERARD.POI
[08/03/2006 16:40|-r-------|402467] - F:\SCITTANAME.DAT
[06/03/2006 15:17|-r-------|86] - F:\SIF.VER
[06/03/2006 15:17|-r-------|4] - F:\SW_VER.DAT
[16/04/2009 20:12|--a------|416190] - H:\DirLister_setup.exe
[27/12/2008 17:55|--a------|22148280] - H:\antivir_workstation_winu_fr_h.exe
[30/07/2008 10:45|--a------|9501920] - H:\vlc-0.8.6i-win32.exe
################## | Vaccination |
# C:\autorun.inf ( # Not infected ) -> Folder created by FindyKill.
# D:\autorun.inf ( # Not infected ) -> Folder created by FindyKill.
# H:\autorun.inf ( # Not infected ) -> Folder created by FindyKill.
################## | Etat / Services / Informations |
# Mode sans echec : OK
# Affichage des fichiers cachés : OK
# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 2 ( Good = 2 | Bad = 4 )
# Ip6Fw -> Start = 2 ( Good = 2 | Bad = 4 )
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )
################## | PEH ... |
################## | Cracks / Keygens / Serials |
################## | ! Fin du rapport # FindyKill V6.005 ! |
j'ai nettoyé avec l'option 2, ca a l'air bon, le menu du disque externe est redevenu normal.
ci joint le rapport.
y a t il d'autres manips à faire!?
Merci pae avance.
############################## | FindyKill V6.005 |
# User : Jeff (Administrateurs) # JF-7A2AFBB7F80F
# Update on 11/07/09 by Chiquitine29 & C_XX
# Start at: 17:43:48 | 13/07/2009
# Website : http://pagesperso-orange.fr/NosTools/index.html
# AMD Athlon(tm) 64 X2 Dual Core Processor 4800+
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Enabled
# AV : AntiVir Desktop 9.0.1.26 [ Enabled | Updated ]
# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 298,08 Go (271,41 Go free) # NTFS
# D:\ # Disque fixe local # 189,92 Go (17,57 Go free) [Donnees] # NTFS
# E:\ # Disque CD-ROM
# F:\ # Disque CD-ROM # 542,71 Mo (0 Mo free) [TD3003401] # CDFS
# H:\ # Disque fixe local # 465,7 Go (137,5 Go free) [DISK MEMUP] # FAT32
############################## | Processus actifs |
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Matrox Graphics Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe
C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.Pdesk.ServicesHost.exe
C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\userinit.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
################## | Fichiers # Dossiers infectieux |
Supprimé ! C:\WINDOWS\Prefetch\MDELK.EXE-238AA5EF.pf
################## | C:\Documents and Settings\Jeff\Temporary Internet Files |
################## | All Drives ... |
Supprimé ! D:\recycler\S-1-5-21-1060284298-842925246-682003330-1003\Dd136\ClnBBear.com
Supprimé ! D:\recycler\S-1-5-21-1060284298-842925246-682003330-1003\Dd136\FixWEvar.com
Supprimé ! D:\recycler\S-1-5-21-1060284298-842925246-682003330-1003\Dd136\FixYaha.com
H:\autorun.inf # -> fichier appelé : "H:\sxs.exe" ( Absent ! )
Supprimé ! H:\autorun.inf
################## | Autres ... |
################## | Registre # Clés Run infectieuses |
# HKLM\software\microsoft\security center "FirewallDisableNotify" # -> Reset sucessfully !
################## | Registre # Mountpoints2 |
################## | Listing des fichiers présent |
[08/12/2008 21:47|--a------|0] - C:\AUTOEXEC.BAT
[08/12/2008 21:54|-r-hs----|224] - C:\boot.ini
[05/08/2004 14:00|-rahs----|4952] - C:\Bootfont.bin
[08/12/2008 21:47|--a------|0] - C:\CONFIG.SYS
[08/12/2008 21:55|--a------|206] - C:\csb.log
[16/04/2009 20:13|--a------|6089] - C:\dir.html
[05/05/2009 21:26|--a------|1208] - C:\enfants.txt
[05/05/2009 22:17|--a------|2333] - C:\films.txt
[13/07/2009 18:02|--a------|3671] - C:\FindyKill.txt
[13/07/2009 15:00|--a------|1779] - C:\fixnavi.txt
[08/12/2008 21:47|-rahs----|0] - C:\IO.SYS
[08/12/2008 21:47|-rahs----|0] - C:\MSDOS.SYS
[05/08/2004 14:00|-rahs----|47564] - C:\NTDETECT.COM
[09/12/2008 08:45|-rahs----|252240] - C:\ntldr
[?|?|?] - C:\pagefile.sys
[08/12/2008 21:55|--a------|423] - C:\RHDSetup.log
[29/12/2003 00:38|--a------|0] - D:\AUTOEXEC.BAT
[29/12/2003 00:38|--a------|0] - D:\CONFIG.SYS
[08/12/2008 08:20|--a------|86] - D:\CSB.LOG
[14/07/2008 18:59|--a------|1316] - D:\Gulli - 08-07-2008 11h33 1h.ts
[24/04/2004 14:46|--a------|199739] - D:\Image2.psp
[29/12/2003 00:38|-rahs----|0] - D:\IO.SYS
[29/12/2003 00:38|-rahs----|0] - D:\MSDOS.SYS
[21/10/2004 17:04|--a------|980992] - D:\oggcodecs.msi
[07/12/2008 19:40|--a------|23] - D:\Q3.DIR
[08/12/2008 08:22|--a------|423] - D:\RHDSetup.log
[20/02/2005 01:43|--ahs----|8704] - D:\Thumbs.db
[08/06/2008 23:00|--a------|52259440] - D:\TMC - 04-06-2008 17h14 3h.ts
[10/02/2007 14:29|-r-------|2225] - F:\CONFIG.LOG
[08/03/2006 09:48|-r-------|628011] - F:\DB_DWNL.OUT
[10/03/2006 05:57|-r-------|6174414] - F:\DCN.CAT
[10/03/2006 05:58|-r-------|71842209] - F:\FRANC.DEG
[08/03/2006 20:10|-r-------|14935457] - F:\FRANC002.DEG
[10/03/2006 05:58|-r-------|995328] - F:\FRANC002.DPL
[10/03/2006 05:59|-r-------|20297438] - F:\FRANC002.DRL
[08/03/2006 20:09|-r-------|1022653] - F:\FRANC100.DEG
[10/03/2006 05:58|-r-------|3888] - F:\FRANC100.DPL
[10/03/2006 05:59|-r-------|5539274] - F:\FRANC100.DRL
[10/03/2006 05:59|-r-------|25714] - F:\FRANCCAT.POI
[10/02/2007 14:39|-r-------|13816803] - F:\FRANCDPA.LZW
[10/02/2007 14:39|-r-------|4280592] - F:\FRANCDSP.POI
[10/02/2007 14:39|-r-------|13015446] - F:\FRANCPOI.DAT
[10/02/2007 14:39|-r-------|537489] - F:\FRANCSAF.DSC
[10/02/2007 14:39|-r-------|451437] - F:\FRANCSAF.DST
[10/02/2007 14:39|-r-------|1086164] - F:\FRANCSAU.DSC
[10/02/2007 14:39|-r-------|1791440] - F:\FRANCSAU.DST
[10/02/2007 14:39|-r-------|2172940] - F:\FRANCSCC.DST
[10/03/2006 05:59|-r-------|71016] - F:\FRANCSCC.IMP
[10/02/2007 14:39|-r-------|480352] - F:\FRANCSEM.DSC
[10/02/2007 14:39|-r-------|369950] - F:\FRANCSEM.DST
[10/02/2007 14:39|-r-------|1944426] - F:\FRANCSHR.DSC
[10/02/2007 14:39|-r-------|2232930] - F:\FRANCSHR.DST
[10/02/2007 14:39|-r-------|172941] - F:\FRANCSSH.DSC
[10/02/2007 14:39|-r-------|180026] - F:\FRANCSSH.DST
[10/02/2007 14:39|-r-------|590393] - F:\FRANCSSP.DSC
[10/02/2007 14:39|-r-------|520870] - F:\FRANCSSP.DST
[10/02/2007 14:39|-r-------|6304586] - F:\FRANCSTR.DSC
[10/02/2007 14:39|-r-------|8930201] - F:\FRANCSTR.DST
[10/02/2007 14:39|-r-------|660943] - F:\FRANCSTU.DSC
[10/02/2007 14:39|-r-------|540764] - F:\FRANCSTU.DST
[10/03/2006 05:59|-r-------|3600] - F:\FRANC_DA.POI
[10/03/2006 05:59|-r-------|3600] - F:\FRANC_DE.POI
[10/03/2006 05:28|-r-------|226495668] - F:\FRANC_DET.DRS
[10/03/2006 05:59|-r-------|3600] - F:\FRANC_ES.POI
[10/03/2006 05:56|-r-------|1105920] - F:\FRANC_EX.DPS
[10/03/2006 05:56|-r-------|20864572] - F:\FRANC_EX.DSS
[10/03/2006 05:57|-r-------|5838144] - F:\FRANC_EX.RID
[10/03/2006 05:59|-r-------|3600] - F:\FRANC_FR.POI
[10/03/2006 05:59|-r-------|3600] - F:\FRANC_IT.POI
[10/03/2006 05:59|-r-------|3600] - F:\FRANC_NL.POI
[10/02/2007 14:38|-r-------|16683115] - F:\FRANC_NOMSERV.DAT
[08/03/2006 15:37|-r-------|575768] - F:\FRANC_NV.DAT
[10/03/2006 05:59|-r-------|3600] - F:\FRANC_PO.POI
[10/03/2006 05:59|-r-------|3600] - F:\FRANC_SW.POI
[10/03/2006 05:59|-r-------|3600] - F:\FRANC_UK.POI
[10/02/2007 14:39|-r-------|414898] - F:\GRUPPO_2.DAT
[10/02/2007 14:39|-r-------|728847] - F:\GUIDA_CHAMPERARD.POI
[08/03/2006 16:40|-r-------|402467] - F:\SCITTANAME.DAT
[06/03/2006 15:17|-r-------|86] - F:\SIF.VER
[06/03/2006 15:17|-r-------|4] - F:\SW_VER.DAT
[16/04/2009 20:12|--a------|416190] - H:\DirLister_setup.exe
[27/12/2008 17:55|--a------|22148280] - H:\antivir_workstation_winu_fr_h.exe
[30/07/2008 10:45|--a------|9501920] - H:\vlc-0.8.6i-win32.exe
################## | Vaccination |
# C:\autorun.inf ( # Not infected ) -> Folder created by FindyKill.
# D:\autorun.inf ( # Not infected ) -> Folder created by FindyKill.
# H:\autorun.inf ( # Not infected ) -> Folder created by FindyKill.
################## | Etat / Services / Informations |
# Mode sans echec : OK
# Affichage des fichiers cachés : OK
# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 2 ( Good = 2 | Bad = 4 )
# Ip6Fw -> Start = 2 ( Good = 2 | Bad = 4 )
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )
################## | PEH ... |
################## | Cracks / Keygens / Serials |
################## | ! Fin du rapport # FindyKill V6.005 ! |
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Utilisateur anonyme
13 juil. 2009 à 18:17
13 juil. 2009 à 18:17
Télécharge OTL de OLDTimer
et enregistre le sur ton Bureau.
Double clic sur OTL.exe pour le lancer.
Coche les 2 cases Lop et Purity
Coche la case devant scan all users
Clic sur Run Scan.
A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).
Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)
NE LE POSTE PAS SUR LE FORUM
Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/
Clique sur Parcourir et cherche le fichier ci-dessus.
Clique sur Ouvrir.
Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt
est ajouté dans la page.
Copie ce lien dans ta réponse.
Tu feras la meme chose avec le "Extra.txt" s'il t'est demandé
et enregistre le sur ton Bureau.
Double clic sur OTL.exe pour le lancer.
Coche les 2 cases Lop et Purity
Coche la case devant scan all users
Clic sur Run Scan.
A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).
Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)
NE LE POSTE PAS SUR LE FORUM
Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/
Clique sur Parcourir et cherche le fichier ci-dessus.
Clique sur Ouvrir.
Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt
est ajouté dans la page.
Copie ce lien dans ta réponse.
Tu feras la meme chose avec le "Extra.txt" s'il t'est demandé
hobywan
Messages postés
44
Date d'inscription
samedi 24 mai 2008
Statut
Membre
Dernière intervention
18 février 2016
1
15 juil. 2009 à 20:57
15 juil. 2009 à 20:57
ok voici le otl.txt
http://www.cijoint.fr/cjlink.php?file=cj200907/cijMfIrCQR.txt
Merci.
http://www.cijoint.fr/cjlink.php?file=cj200907/cijMfIrCQR.txt
Merci.
Utilisateur anonyme
15 juil. 2009 à 21:20
15 juil. 2009 à 21:20
Télécharge HostXpert sur ton Bureau :
---> Décompresse-le (Clic droit >> Extraire ici)
---> Double-clique sur HostsXpert pour le lancer
---> clique sur le bouton "Restore MS Hosts File" puis ferme le programme
PS : Avant de cliquer sur le bouton "Restore MS Hosts File", vérifie que le cadenas en haut à gauche est ouvert sinon tu vas avoir un message d'erreur.
s'il est fermé , clique dessus :)
ensuite :
Double clic sur OTL.exe pour le lancer.
Copie la liste qui se trouve en gras ci-dessous,
et colle-la dans la zone sous Customs Scans/Fixes
:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
TeaTimer.exe
:files
C:\WINDOWS\SlantAdj.dll
C:\found.002.*
C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
:commands
[emptytemp]
[start explorer]
[reboot]
Clique sur RunFix pour lancer la suppression.
Poste le rapport.
ensuite :
Clique sur le menu Demarrer /Panneau de configuration/Options des dossiers/ puis dans l'onglet Affichage
- Coche Afficher les fichiers et dossiers cachés
- Décoche Masquer les extensions des fichiers dont le type est connu
- Décoche Masquer les fichiers protégés du système d'exploitation (recommandé)
clique sur Appliquer, puis OK.
N'oublie pas de recacher à nouveau les fichiers cachés et protégés du système d'exploitation en fin de désinfection, c'est important
Fais analyser le(s) fichier(s) suivants sur Virustotal :
Virus Total
* Clique sur Parcourir en haut, choisis Poste de travail et cherche ces fichiers :
C:\WINDOWS\Imgtask.exe
* Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
* Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
* Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté
* Une nouvelle fenêtre de ton navigateur va apparaître
* Clique alors sur les deux fleches
* Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
* Enfin colle le résultat dans ta prochaine réponse.
---> Décompresse-le (Clic droit >> Extraire ici)
---> Double-clique sur HostsXpert pour le lancer
---> clique sur le bouton "Restore MS Hosts File" puis ferme le programme
PS : Avant de cliquer sur le bouton "Restore MS Hosts File", vérifie que le cadenas en haut à gauche est ouvert sinon tu vas avoir un message d'erreur.
s'il est fermé , clique dessus :)
ensuite :
Double clic sur OTL.exe pour le lancer.
Copie la liste qui se trouve en gras ci-dessous,
et colle-la dans la zone sous Customs Scans/Fixes
:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
TeaTimer.exe
:files
C:\WINDOWS\SlantAdj.dll
C:\found.002.*
C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
:commands
[emptytemp]
[start explorer]
[reboot]
Clique sur RunFix pour lancer la suppression.
Poste le rapport.
ensuite :
Clique sur le menu Demarrer /Panneau de configuration/Options des dossiers/ puis dans l'onglet Affichage
- Coche Afficher les fichiers et dossiers cachés
- Décoche Masquer les extensions des fichiers dont le type est connu
- Décoche Masquer les fichiers protégés du système d'exploitation (recommandé)
clique sur Appliquer, puis OK.
N'oublie pas de recacher à nouveau les fichiers cachés et protégés du système d'exploitation en fin de désinfection, c'est important
Fais analyser le(s) fichier(s) suivants sur Virustotal :
Virus Total
* Clique sur Parcourir en haut, choisis Poste de travail et cherche ces fichiers :
C:\WINDOWS\Imgtask.exe
* Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
* Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
* Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté
* Une nouvelle fenêtre de ton navigateur va apparaître
* Clique alors sur les deux fleches
* Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
* Enfin colle le résultat dans ta prochaine réponse.
hobywan
Messages postés
44
Date d'inscription
samedi 24 mai 2008
Statut
Membre
Dernière intervention
18 février 2016
1
15 juil. 2009 à 21:57
15 juil. 2009 à 21:57
voici le log apres otl.
par contre j'ai analyse imgtask sur virut total mais je n'ai pas le menu formaté.
pourtan j'ai bien la fin de l'analyse0.
Merci.
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
Process iexplore.exe killed successfully!
No active process named firefox.exe was found!
No active process named msnmsgr.exe was found!
No active process named TeaTimer.exe was found!
========== FILES ==========
File\Folder C:\WINDOWS\SlantAdj.dll not found.
File\Folder C:\found.002.* not found.
File\Folder C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrateur
->Temporary Internet Files folder emptied: 0 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Jeff
->Temp folder emptied: 587839 bytes
->Temporary Internet Files folder emptied: 629422 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Sabine
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 3954 bytes
Windows Temp folder emptied: 2531 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 1,20 mb
OTL by OldTimer - Version 3.0.7.1 log created on 07152009_214621
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
par contre j'ai analyse imgtask sur virut total mais je n'ai pas le menu formaté.
pourtan j'ai bien la fin de l'analyse0.
Merci.
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
Process iexplore.exe killed successfully!
No active process named firefox.exe was found!
No active process named msnmsgr.exe was found!
No active process named TeaTimer.exe was found!
========== FILES ==========
File\Folder C:\WINDOWS\SlantAdj.dll not found.
File\Folder C:\found.002.* not found.
File\Folder C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrateur
->Temporary Internet Files folder emptied: 0 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Jeff
->Temp folder emptied: 587839 bytes
->Temporary Internet Files folder emptied: 629422 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Sabine
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 3954 bytes
Windows Temp folder emptied: 2531 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 1,20 mb
OTL by OldTimer - Version 3.0.7.1 log created on 07152009_214621
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
hobywan
Messages postés
44
Date d'inscription
samedi 24 mai 2008
Statut
Membre
Dernière intervention
18 février 2016
1
15 juil. 2009 à 22:02
15 juil. 2009 à 22:02
je refais le otl en sans echec?
hobywan
Messages postés
44
Date d'inscription
samedi 24 mai 2008
Statut
Membre
Dernière intervention
18 février 2016
1
15 juil. 2009 à 22:15
15 juil. 2009 à 22:15
En fait comme le PC a rebooté j'ai refait otl mais j'ai pas sauvé le log la 1er fois ca a donc peut etre marché.
je remet le lien du scan, mais je ne retrouve pas trace des fichiers.
http://www.cijoint.fr/cjlink.php?file=cj200907/cijOxWT2ko.txt
je remet le lien du scan, mais je ne retrouve pas trace des fichiers.
http://www.cijoint.fr/cjlink.php?file=cj200907/cijOxWT2ko.txt
hobywan
Messages postés
44
Date d'inscription
samedi 24 mai 2008
Statut
Membre
Dernière intervention
18 février 2016
1
15 juil. 2009 à 22:17
15 juil. 2009 à 22:17
ca y est j'ai trouvé formaté
voici le log
Fichier Imgtask.exe reçu le 2009.07.03 10:28:16 (UTC)Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.18 2009.07.03 -
AhnLab-V3 5.0.0.2 2009.07.03 Win-Trojan/Agent.20480.UM
AntiVir 7.9.0.204 2009.07.03 -
Antiy-AVL 2.0.3.1 2009.07.03 -
Authentium 5.1.2.4 2009.07.02 -
Avast 4.8.1335.0 2009.07.02 -
AVG 8.5.0.386 2009.07.03 Agent.AXSO
BitDefender 7.2 2009.07.03 -
CAT-QuickHeal 10.00 2009.07.03 Trojan.Agent.IRC
ClamAV 0.94.1 2009.07.03 -
Comodo 1538 2009.07.02 -
DrWeb 5.0.0.12182 2009.07.03 -
eSafe 7.0.17.0 2009.07.02 -
eTrust-Vet 31.6.6595 2009.07.03 -
F-Prot 4.4.4.56 2009.07.02 -
F-Secure 8.0.14470.0 2009.07.03 -
Fortinet 3.117.0.0 2009.07.03 W32/AutoRun.ENN!worm
GData 19 2009.07.03 -
Ikarus T3.1.1.64.0 2009.07.03 -
Jiangmin 11.0.706 2009.07.03 -
K7AntiVirus 7.10.782 2009.07.02 Trojan.Win32.Malware.1
Kaspersky 7.0.0.125 2009.07.03 -
McAfee 5664 2009.07.02 -
McAfee+Artemis 5664 2009.07.02 -
McAfee-GW-Edition 6.8.5 2009.07.03 Heuristic.BehavesLike.Win32.Downloader.P
Microsoft 1.4803 2009.07.03 Worm:Win32/Autorun.EX
NOD32 4212 2009.07.03 -
Norman 6.01.09 2009.07.02 W32/Agent.LBXL
nProtect 2009.1.8.0 2009.07.03 Trojan/W32.Agent.20480.CS
Panda 10.0.0.14 2009.07.02 Generic Worm
PCTools 4.4.2.0 2009.07.02 -
Prevx 3.0 2009.07.03 -
Rising 21.36.42.00 2009.07.03 -
Sophos 4.43.0 2009.07.03 -
Sunbelt 3.2.1858.2 2009.07.02 -
Symantec 1.4.4.12 2009.07.03 -
TheHacker 6.3.4.3.360 2009.07.03 -
TrendMicro 8.950.0.1094 2009.07.03 -
VBA32 3.12.10.7 2009.07.03 -
ViRobot 2009.7.3.1818 2009.07.03 -
VirusBuster 4.6.5.0 2009.07.02 Worm.Autorun.DNH
Information additionnelle
File size: 20480 bytes
MD5 : ec2be395ee7f66546499deccbbd912b5
SHA1 : 45d2c1c8ff2f32b8c6781f2ca96cafdea5fa467a
SHA256: f8773230a23dc09b4286f99caf95ee6934f9b33a6b0f5c3ba4d41285a0c660a2
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x1B1C<BR>timedatestamp.....: 0x457F72F1 (Wed Dec 13 04:26:41 2006)<BR>machinetype.......: 0x14C (Intel I386)<BR><BR>( 4 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0xE1A 0x1000 5.26 8592d30377d3e3a0d9d7da580c204478<BR>.rdata 0x2000 0xB50 0x1000 3.76 ae79d83774d7137d778aa29a28a8092a<BR>.data 0x3000 0x1E0 0x1000 0.47 0577e6263420c4825029d9105034e944<BR>.rsrc 0x4000 0x460 0x1000 1.04 aee53392f080b61b6ff6d6943b859e8b<BR><BR>( 6 imports )<BR><BR>> advapi32.dll: RegCloseKey, RegQueryValueExA, RegSetValueExA, RegOpenKeyExA<BR>> kernel32.dll: GetStartupInfoA, GetModuleHandleA, GetModuleFileNameA, GetLastError, CreateMutexA<BR>> mfc42.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -<BR>> msvcrt.dll: _controlfp, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, _setmbcp, __CxxFrameHandler, __dllonexit, _onexit, __1type_info@@UAE@XZ, _except_handler3, __getmainargs, _acmdln, exit, _XcptFilter, _exit<BR>> shell32.dll: ShellExecuteA<BR>> user32.dll: SendMessageA, SetTimer, KillTimer, LoadIconA, EnableWindow<BR><BR>( 0 exports )<BR>
TrID : File type identification<BR>Win32 Dynamic Link Library (generic) (65.4%)<BR>Generic Win/DOS Executable (17.2%)<BR>DOS Executable Generic (17.2%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ThreatExpert: <A href="https://www.symantec.com?md5=ec2be395ee7f66546499deccbbd912b5" target=_blank>https://www.symantec.com?md5=ec2be395ee7f66546499deccbbd912b5</A>
ssdeep: 192:5OKQxkPYIymui41LlFYulawtZFuli61oynLEyK/:z6iWZFYstPn61dEyK/
PEiD : Armadillo v1.71
CWSandbox: <A href="http://research.sunbelt-software.com/..." target=_blank>http://research.sunbelt-software.com/...
RDS : NSRL Reference Data Set<BR>-
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.18 2009.07.03 -
AhnLab-V3 5.0.0.2 2009.07.03 Win-Trojan/Agent.20480.UM
AntiVir 7.9.0.204 2009.07.03 -
Antiy-AVL 2.0.3.1 2009.07.03 -
Authentium 5.1.2.4 2009.07.02 -
Avast 4.8.1335.0 2009.07.02 -
AVG 8.5.0.386 2009.07.03 Agent.AXSO
BitDefender 7.2 2009.07.03 -
CAT-QuickHeal 10.00 2009.07.03 Trojan.Agent.IRC
ClamAV 0.94.1 2009.07.03 -
Comodo 1538 2009.07.02 -
DrWeb 5.0.0.12182 2009.07.03 -
eSafe 7.0.17.0 2009.07.02 -
eTrust-Vet 31.6.6595 2009.07.03 -
F-Prot 4.4.4.56 2009.07.02 -
F-Secure 8.0.14470.0 2009.07.03 -
Fortinet 3.117.0.0 2009.07.03 W32/AutoRun.ENN!worm
GData 19 2009.07.03 -
Ikarus T3.1.1.64.0 2009.07.03 -
Jiangmin 11.0.706 2009.07.03 -
K7AntiVirus 7.10.782 2009.07.02 Trojan.Win32.Malware.1
Kaspersky 7.0.0.125 2009.07.03 -
McAfee 5664 2009.07.02 -
McAfee+Artemis 5664 2009.07.02 -
McAfee-GW-Edition 6.8.5 2009.07.03 Heuristic.BehavesLike.Win32.Downloader.P
Microsoft 1.4803 2009.07.03 Worm:Win32/Autorun.EX
NOD32 4212 2009.07.03 -
Norman 6.01.09 2009.07.02 W32/Agent.LBXL
nProtect 2009.1.8.0 2009.07.03 Trojan/W32.Agent.20480.CS
Panda 10.0.0.14 2009.07.02 Generic Worm
PCTools 4.4.2.0 2009.07.02 -
Prevx 3.0 2009.07.03 -
Rising 21.36.42.00 2009.07.03 -
Sophos 4.43.0 2009.07.03 -
Sunbelt 3.2.1858.2 2009.07.02 -
Symantec 1.4.4.12 2009.07.03 -
TheHacker 6.3.4.3.360 2009.07.03 -
TrendMicro 8.950.0.1094 2009.07.03 -
VBA32 3.12.10.7 2009.07.03 -
ViRobot 2009.7.3.1818 2009.07.03 -
VirusBuster 4.6.5.0 2009.07.02 Worm.Autorun.DNH
Information additionnelle
File size: 20480 bytes
MD5 : ec2be395ee7f66546499deccbbd912b5
SHA1 : 45d2c1c8ff2f32b8c6781f2ca96cafdea5fa467a
SHA256: f8773230a23dc09b4286f99caf95ee6934f9b33a6b0f5c3ba4d41285a0c660a2
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x1B1C<BR>timedatestamp.....: 0x457F72F1 (Wed Dec 13 04:26:41 2006)<BR>machinetype.......: 0x14C (Intel I386)<BR><BR>( 4 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0xE1A 0x1000 5.26 8592d30377d3e3a0d9d7da580c204478<BR>.rdata 0x2000 0xB50 0x1000 3.76 ae79d83774d7137d778aa29a28a8092a<BR>.data 0x3000 0x1E0 0x1000 0.47 0577e6263420c4825029d9105034e944<BR>.rsrc 0x4000 0x460 0x1000 1.04 aee53392f080b61b6ff6d6943b859e8b<BR><BR>( 6 imports )<BR><BR>> advapi32.dll: RegCloseKey, RegQueryValueExA, RegSetValueExA, RegOpenKeyExA<BR>> kernel32.dll: GetStartupInfoA, GetModuleHandleA, GetModuleFileNameA, GetLastError, CreateMutexA<BR>> mfc42.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -<BR>> msvcrt.dll: _controlfp, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, _setmbcp, __CxxFrameHandler, __dllonexit, _onexit, __1type_info@@UAE@XZ, _except_handler3, __getmainargs, _acmdln, exit, _XcptFilter, _exit<BR>> shell32.dll: ShellExecuteA<BR>> user32.dll: SendMessageA, SetTimer, KillTimer, LoadIconA, EnableWindow<BR><BR>( 0 exports )<BR>
TrID : File type identification<BR>Win32 Dynamic Link Library (generic) (65.4%)<BR>Generic Win/DOS Executable (17.2%)<BR>DOS Executable Generic (17.2%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ThreatExpert: <A href="https://www.symantec.com?md5=ec2be395ee7f66546499deccbbd912b5" target=_blank>https://www.symantec.com?md5=ec2be395ee7f66546499deccbbd912b5</A>
ssdeep: 192:5OKQxkPYIymui41LlFYulawtZFuli61oynLEyK/:z6iWZFYstPn61dEyK/
PEiD : Armadillo v1.71
CWSandbox: <A href="http://research.sunbelt-software.com/..." target=_blank>http://research.sunbelt-software.com/...
RDS : NSRL Reference Data Set<BR>-
voici le log
Fichier Imgtask.exe reçu le 2009.07.03 10:28:16 (UTC)Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.18 2009.07.03 -
AhnLab-V3 5.0.0.2 2009.07.03 Win-Trojan/Agent.20480.UM
AntiVir 7.9.0.204 2009.07.03 -
Antiy-AVL 2.0.3.1 2009.07.03 -
Authentium 5.1.2.4 2009.07.02 -
Avast 4.8.1335.0 2009.07.02 -
AVG 8.5.0.386 2009.07.03 Agent.AXSO
BitDefender 7.2 2009.07.03 -
CAT-QuickHeal 10.00 2009.07.03 Trojan.Agent.IRC
ClamAV 0.94.1 2009.07.03 -
Comodo 1538 2009.07.02 -
DrWeb 5.0.0.12182 2009.07.03 -
eSafe 7.0.17.0 2009.07.02 -
eTrust-Vet 31.6.6595 2009.07.03 -
F-Prot 4.4.4.56 2009.07.02 -
F-Secure 8.0.14470.0 2009.07.03 -
Fortinet 3.117.0.0 2009.07.03 W32/AutoRun.ENN!worm
GData 19 2009.07.03 -
Ikarus T3.1.1.64.0 2009.07.03 -
Jiangmin 11.0.706 2009.07.03 -
K7AntiVirus 7.10.782 2009.07.02 Trojan.Win32.Malware.1
Kaspersky 7.0.0.125 2009.07.03 -
McAfee 5664 2009.07.02 -
McAfee+Artemis 5664 2009.07.02 -
McAfee-GW-Edition 6.8.5 2009.07.03 Heuristic.BehavesLike.Win32.Downloader.P
Microsoft 1.4803 2009.07.03 Worm:Win32/Autorun.EX
NOD32 4212 2009.07.03 -
Norman 6.01.09 2009.07.02 W32/Agent.LBXL
nProtect 2009.1.8.0 2009.07.03 Trojan/W32.Agent.20480.CS
Panda 10.0.0.14 2009.07.02 Generic Worm
PCTools 4.4.2.0 2009.07.02 -
Prevx 3.0 2009.07.03 -
Rising 21.36.42.00 2009.07.03 -
Sophos 4.43.0 2009.07.03 -
Sunbelt 3.2.1858.2 2009.07.02 -
Symantec 1.4.4.12 2009.07.03 -
TheHacker 6.3.4.3.360 2009.07.03 -
TrendMicro 8.950.0.1094 2009.07.03 -
VBA32 3.12.10.7 2009.07.03 -
ViRobot 2009.7.3.1818 2009.07.03 -
VirusBuster 4.6.5.0 2009.07.02 Worm.Autorun.DNH
Information additionnelle
File size: 20480 bytes
MD5 : ec2be395ee7f66546499deccbbd912b5
SHA1 : 45d2c1c8ff2f32b8c6781f2ca96cafdea5fa467a
SHA256: f8773230a23dc09b4286f99caf95ee6934f9b33a6b0f5c3ba4d41285a0c660a2
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x1B1C<BR>timedatestamp.....: 0x457F72F1 (Wed Dec 13 04:26:41 2006)<BR>machinetype.......: 0x14C (Intel I386)<BR><BR>( 4 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0xE1A 0x1000 5.26 8592d30377d3e3a0d9d7da580c204478<BR>.rdata 0x2000 0xB50 0x1000 3.76 ae79d83774d7137d778aa29a28a8092a<BR>.data 0x3000 0x1E0 0x1000 0.47 0577e6263420c4825029d9105034e944<BR>.rsrc 0x4000 0x460 0x1000 1.04 aee53392f080b61b6ff6d6943b859e8b<BR><BR>( 6 imports )<BR><BR>> advapi32.dll: RegCloseKey, RegQueryValueExA, RegSetValueExA, RegOpenKeyExA<BR>> kernel32.dll: GetStartupInfoA, GetModuleHandleA, GetModuleFileNameA, GetLastError, CreateMutexA<BR>> mfc42.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -<BR>> msvcrt.dll: _controlfp, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, _setmbcp, __CxxFrameHandler, __dllonexit, _onexit, __1type_info@@UAE@XZ, _except_handler3, __getmainargs, _acmdln, exit, _XcptFilter, _exit<BR>> shell32.dll: ShellExecuteA<BR>> user32.dll: SendMessageA, SetTimer, KillTimer, LoadIconA, EnableWindow<BR><BR>( 0 exports )<BR>
TrID : File type identification<BR>Win32 Dynamic Link Library (generic) (65.4%)<BR>Generic Win/DOS Executable (17.2%)<BR>DOS Executable Generic (17.2%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ThreatExpert: <A href="https://www.symantec.com?md5=ec2be395ee7f66546499deccbbd912b5" target=_blank>https://www.symantec.com?md5=ec2be395ee7f66546499deccbbd912b5</A>
ssdeep: 192:5OKQxkPYIymui41LlFYulawtZFuli61oynLEyK/:z6iWZFYstPn61dEyK/
PEiD : Armadillo v1.71
CWSandbox: <A href="http://research.sunbelt-software.com/..." target=_blank>http://research.sunbelt-software.com/...
RDS : NSRL Reference Data Set<BR>-
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.18 2009.07.03 -
AhnLab-V3 5.0.0.2 2009.07.03 Win-Trojan/Agent.20480.UM
AntiVir 7.9.0.204 2009.07.03 -
Antiy-AVL 2.0.3.1 2009.07.03 -
Authentium 5.1.2.4 2009.07.02 -
Avast 4.8.1335.0 2009.07.02 -
AVG 8.5.0.386 2009.07.03 Agent.AXSO
BitDefender 7.2 2009.07.03 -
CAT-QuickHeal 10.00 2009.07.03 Trojan.Agent.IRC
ClamAV 0.94.1 2009.07.03 -
Comodo 1538 2009.07.02 -
DrWeb 5.0.0.12182 2009.07.03 -
eSafe 7.0.17.0 2009.07.02 -
eTrust-Vet 31.6.6595 2009.07.03 -
F-Prot 4.4.4.56 2009.07.02 -
F-Secure 8.0.14470.0 2009.07.03 -
Fortinet 3.117.0.0 2009.07.03 W32/AutoRun.ENN!worm
GData 19 2009.07.03 -
Ikarus T3.1.1.64.0 2009.07.03 -
Jiangmin 11.0.706 2009.07.03 -
K7AntiVirus 7.10.782 2009.07.02 Trojan.Win32.Malware.1
Kaspersky 7.0.0.125 2009.07.03 -
McAfee 5664 2009.07.02 -
McAfee+Artemis 5664 2009.07.02 -
McAfee-GW-Edition 6.8.5 2009.07.03 Heuristic.BehavesLike.Win32.Downloader.P
Microsoft 1.4803 2009.07.03 Worm:Win32/Autorun.EX
NOD32 4212 2009.07.03 -
Norman 6.01.09 2009.07.02 W32/Agent.LBXL
nProtect 2009.1.8.0 2009.07.03 Trojan/W32.Agent.20480.CS
Panda 10.0.0.14 2009.07.02 Generic Worm
PCTools 4.4.2.0 2009.07.02 -
Prevx 3.0 2009.07.03 -
Rising 21.36.42.00 2009.07.03 -
Sophos 4.43.0 2009.07.03 -
Sunbelt 3.2.1858.2 2009.07.02 -
Symantec 1.4.4.12 2009.07.03 -
TheHacker 6.3.4.3.360 2009.07.03 -
TrendMicro 8.950.0.1094 2009.07.03 -
VBA32 3.12.10.7 2009.07.03 -
ViRobot 2009.7.3.1818 2009.07.03 -
VirusBuster 4.6.5.0 2009.07.02 Worm.Autorun.DNH
Information additionnelle
File size: 20480 bytes
MD5 : ec2be395ee7f66546499deccbbd912b5
SHA1 : 45d2c1c8ff2f32b8c6781f2ca96cafdea5fa467a
SHA256: f8773230a23dc09b4286f99caf95ee6934f9b33a6b0f5c3ba4d41285a0c660a2
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x1B1C<BR>timedatestamp.....: 0x457F72F1 (Wed Dec 13 04:26:41 2006)<BR>machinetype.......: 0x14C (Intel I386)<BR><BR>( 4 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0xE1A 0x1000 5.26 8592d30377d3e3a0d9d7da580c204478<BR>.rdata 0x2000 0xB50 0x1000 3.76 ae79d83774d7137d778aa29a28a8092a<BR>.data 0x3000 0x1E0 0x1000 0.47 0577e6263420c4825029d9105034e944<BR>.rsrc 0x4000 0x460 0x1000 1.04 aee53392f080b61b6ff6d6943b859e8b<BR><BR>( 6 imports )<BR><BR>> advapi32.dll: RegCloseKey, RegQueryValueExA, RegSetValueExA, RegOpenKeyExA<BR>> kernel32.dll: GetStartupInfoA, GetModuleHandleA, GetModuleFileNameA, GetLastError, CreateMutexA<BR>> mfc42.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -<BR>> msvcrt.dll: _controlfp, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, _setmbcp, __CxxFrameHandler, __dllonexit, _onexit, __1type_info@@UAE@XZ, _except_handler3, __getmainargs, _acmdln, exit, _XcptFilter, _exit<BR>> shell32.dll: ShellExecuteA<BR>> user32.dll: SendMessageA, SetTimer, KillTimer, LoadIconA, EnableWindow<BR><BR>( 0 exports )<BR>
TrID : File type identification<BR>Win32 Dynamic Link Library (generic) (65.4%)<BR>Generic Win/DOS Executable (17.2%)<BR>DOS Executable Generic (17.2%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ThreatExpert: <A href="https://www.symantec.com?md5=ec2be395ee7f66546499deccbbd912b5" target=_blank>https://www.symantec.com?md5=ec2be395ee7f66546499deccbbd912b5</A>
ssdeep: 192:5OKQxkPYIymui41LlFYulawtZFuli61oynLEyK/:z6iWZFYstPn61dEyK/
PEiD : Armadillo v1.71
CWSandbox: <A href="http://research.sunbelt-software.com/..." target=_blank>http://research.sunbelt-software.com/...
RDS : NSRL Reference Data Set<BR>-
Utilisateur anonyme
15 juil. 2009 à 22:59
15 juil. 2009 à 22:59
supprime-la manuellement puis :
♦ Télécharge Ad-remover ( de C_XX ) sur ton bureau :
♦ Déconnecte toi et ferme toutes applications en cours !
♦ Double clique sur "Ad-R.exe" pour lancer l'installation et laisse les paramètres d'installation par défaut .
♦ Double-clique sur le raccourci Ad-remover qui est sur ton bureau pour lancer l'outil .
♦ Au menu principal choisis l'option "L" et tape sur [entrée] .
♦ Laisse travailler l'outil et ne touche à rien ...
♦ Poste le rapport qui apparait à la fin , sur le forum ...
( Le rapport est sauvegardé aussi sous C:\Ad-report.log )
( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )
♦ Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
Aides en images (Installation)
Aides en images (Recherche)
♦ Télécharge Ad-remover ( de C_XX ) sur ton bureau :
♦ Déconnecte toi et ferme toutes applications en cours !
♦ Double clique sur "Ad-R.exe" pour lancer l'installation et laisse les paramètres d'installation par défaut .
♦ Double-clique sur le raccourci Ad-remover qui est sur ton bureau pour lancer l'outil .
♦ Au menu principal choisis l'option "L" et tape sur [entrée] .
♦ Laisse travailler l'outil et ne touche à rien ...
♦ Poste le rapport qui apparait à la fin , sur le forum ...
( Le rapport est sauvegardé aussi sous C:\Ad-report.log )
( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )
♦ Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
Aides en images (Installation)
Aides en images (Recherche)
hobywan
Messages postés
44
Date d'inscription
samedi 24 mai 2008
Statut
Membre
Dernière intervention
18 février 2016
1
15 juil. 2009 à 23:19
15 juil. 2009 à 23:19
excuse moi, je dois suprimer quoi manuellement ?
hobywan
Messages postés
44
Date d'inscription
samedi 24 mai 2008
Statut
Membre
Dernière intervention
18 février 2016
1
15 juil. 2009 à 23:59
15 juil. 2009 à 23:59
ok merci.
Pour l'effacer il m'a dabord fallu arreter le processus dans le gestionaire des taches.
Voici le log de Ad-R.
.
======= RAPPORT D'AD-REMOVER 1.1.4.5_O | UNIQUEMENT XP/VISTA/SEVEN =======
.
Mit à jour par C_XX le 24/06/2009 à 7:10 PM
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 23:40:32, 15/07/2009 | Mode Normal | Option: CLEAN
Exécuté de: C:\Program Files\Ad-remover\
Système d'exploitation: Microsoft® Windows XP™ Service Pack 3 v5.1.2600
Nom du PC: JF-7A2AFBB7F80F | Utilisateur actuel: Jeff
.
Administrateur: Administrateur
N'est pas administrateur: HelpAssistant *Desactive*
N'est pas administrateur: Invité
Administrateur: Jeff
Administrateur: Sabine
N'est pas administrateur: SUPPORT_388945a0 *Desactive*
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.
.
.
(!) -- Fichiers temporaires supprimés.
.
============== Scan additionnel ==============
.
.
.
* Internet Explorer Version 7.0.5730.13 *
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
Tabs: res://ieframe.dll/tabswelcome.htm
.
===================================
.
1857 Octet(s) - C:\Ad-Report-CLEAN.log
756 Octet(s) - C:\Ad-Report-SCAN.log
.
0 Fichier(s) - C:\DOCUME~1\Jeff\LOCALS~1\Temp
3 Fichier(s) - C:\WINDOWS\Temp
.
16 Fichier(s) - C:\Program Files\Ad-remover\BACKUP
0 Fichier(s) - C:\Program Files\Ad-remover\QUARANTINE
.
Fin à: 23:52:40 | 15/07/2009
.
============== E.O.F ==============
.
Pour l'effacer il m'a dabord fallu arreter le processus dans le gestionaire des taches.
Voici le log de Ad-R.
.
======= RAPPORT D'AD-REMOVER 1.1.4.5_O | UNIQUEMENT XP/VISTA/SEVEN =======
.
Mit à jour par C_XX le 24/06/2009 à 7:10 PM
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 23:40:32, 15/07/2009 | Mode Normal | Option: CLEAN
Exécuté de: C:\Program Files\Ad-remover\
Système d'exploitation: Microsoft® Windows XP™ Service Pack 3 v5.1.2600
Nom du PC: JF-7A2AFBB7F80F | Utilisateur actuel: Jeff
.
Administrateur: Administrateur
N'est pas administrateur: HelpAssistant *Desactive*
N'est pas administrateur: Invité
Administrateur: Jeff
Administrateur: Sabine
N'est pas administrateur: SUPPORT_388945a0 *Desactive*
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.
.
.
(!) -- Fichiers temporaires supprimés.
.
============== Scan additionnel ==============
.
.
.
* Internet Explorer Version 7.0.5730.13 *
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
Tabs: res://ieframe.dll/tabswelcome.htm
.
===================================
.
1857 Octet(s) - C:\Ad-Report-CLEAN.log
756 Octet(s) - C:\Ad-Report-SCAN.log
.
0 Fichier(s) - C:\DOCUME~1\Jeff\LOCALS~1\Temp
3 Fichier(s) - C:\WINDOWS\Temp
.
16 Fichier(s) - C:\Program Files\Ad-remover\BACKUP
0 Fichier(s) - C:\Program Files\Ad-remover\QUARANTINE
.
Fin à: 23:52:40 | 15/07/2009
.
============== E.O.F ==============
.
hobywan
Messages postés
44
Date d'inscription
samedi 24 mai 2008
Statut
Membre
Dernière intervention
18 février 2016
1
16 juil. 2009 à 00:29
16 juil. 2009 à 00:29
bien sur voila qui est fait.
http://www.cijoint.fr/cjlink.php?file=cj200907/ciji7r4AWS.txt
http://www.cijoint.fr/cjlink.php?file=cj200907/ciji7r4AWS.txt
Utilisateur anonyme
16 juil. 2009 à 01:05
16 juil. 2009 à 01:05
Double clic sur OTL.exe pour le lancer.
Copie la liste qui se trouve en gras ci-dessous,
et colle-la dans la zone sous Customs Scans/Fixes
:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
TeaTimer.exe
:OTL
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\ipp - No CLSID value found
O4 - HKLM..\Run: [ImgTask] C:\WINDOWS\Imgtask.exe File not found
:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=-
"Alcmtr"=-
:files
C:\Documents and Settings\Sabine\Application Data\Search Settings
C:\Documents and Settings\Sabine\Application Data\pdfforge
C:\WINDOWS\System32\TWAIN32d.dll
C:\found.*
:commands
[emptytemp]
[start explorer]
[reboot]
Clique sur RunFix pour lancer la suppression.
Poste le rapport.
==========
Copie la liste qui se trouve en gras ci-dessous,
et colle-la dans la zone sous Customs Scans/Fixes
:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
TeaTimer.exe
:OTL
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\ipp - No CLSID value found
O4 - HKLM..\Run: [ImgTask] C:\WINDOWS\Imgtask.exe File not found
:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=-
"Alcmtr"=-
:files
C:\Documents and Settings\Sabine\Application Data\Search Settings
C:\Documents and Settings\Sabine\Application Data\pdfforge
C:\WINDOWS\System32\TWAIN32d.dll
C:\found.*
:commands
[emptytemp]
[start explorer]
[reboot]
Clique sur RunFix pour lancer la suppression.
Poste le rapport.
==========
hobywan
Messages postés
44
Date d'inscription
samedi 24 mai 2008
Statut
Membre
Dernière intervention
18 février 2016
1
16 juil. 2009 à 01:15
16 juil. 2009 à 01:15
voili voilou....
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
Process iexplore.exe killed successfully!
No active process named firefox.exe was found!
No active process named msnmsgr.exe was found!
No active process named TeaTimer.exe was found!
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
File Protocol\Handler\msdaipp - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ipp\ deleted successfully.
File Protocol\Handler\ipp - No CLSID value found not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ImgTask deleted successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run not found.
========== FILES ==========
C:\Documents and Settings\Sabine\Application Data\Search Settings\kb128\temp moved successfully.
C:\Documents and Settings\Sabine\Application Data\Search Settings\kb128 moved successfully.
C:\Documents and Settings\Sabine\Application Data\Search Settings moved successfully.
C:\Documents and Settings\Sabine\Application Data\pdfforge\temp moved successfully.
C:\Documents and Settings\Sabine\Application Data\pdfforge\res moved successfully.
C:\Documents and Settings\Sabine\Application Data\pdfforge moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\TWAIN32d.dll
C:\WINDOWS\System32\TWAIN32d.dll NOT unregistered.
C:\WINDOWS\System32\TWAIN32d.dll moved successfully.
C:\found.000 moved successfully.
C:\found.001\dir0000.chk\Temporary Internet Files\Content.IE5\QEE7U4IS moved successfully.
C:\found.001\dir0000.chk\Temporary Internet Files\Content.IE5\PN6PT60D moved successfully.
C:\found.001\dir0000.chk\Temporary Internet Files\Content.IE5\FLFT2TBD moved successfully.
C:\found.001\dir0000.chk\Temporary Internet Files\Content.IE5\FIL94N6T moved successfully.
C:\found.001\dir0000.chk\Temporary Internet Files\Content.IE5\5HZK4EJV moved successfully.
C:\found.001\dir0000.chk\Temporary Internet Files\Content.IE5 moved successfully.
C:\found.001\dir0000.chk\Temporary Internet Files moved successfully.
C:\found.001\dir0000.chk\Temp moved successfully.
C:\found.001\dir0000.chk\Historique\History.IE5 moved successfully.
C:\found.001\dir0000.chk\Historique moved successfully.
C:\found.001\dir0000.chk\Application Data\Microsoft\Windows moved successfully.
C:\found.001\dir0000.chk\Application Data\Microsoft\Credentials\S-1-5-20 moved successfully.
C:\found.001\dir0000.chk\Application Data\Microsoft\Credentials moved successfully.
C:\found.001\dir0000.chk\Application Data\Microsoft moved successfully.
C:\found.001\dir0000.chk\Application Data\Matrox moved successfully.
C:\found.001\dir0000.chk\Application Data\Google\Update\Manifest\Initial moved successfully.
C:\found.001\dir0000.chk\Application Data\Google\Update\Manifest moved successfully.
C:\found.001\dir0000.chk\Application Data\Google\Update moved successfully.
C:\found.001\dir0000.chk\Application Data\Google moved successfully.
C:\found.001\dir0000.chk\Application Data\Apple\Apple Software Update moved successfully.
C:\found.001\dir0000.chk\Application Data\Apple moved successfully.
C:\found.001\dir0000.chk\Application Data moved successfully.
C:\found.001\dir0000.chk moved successfully.
C:\found.001 moved successfully.
Folder move failed. C:\found.003\dir0000.chk scheduled to be moved on reboot.
C:\found.003 moved successfully.
C:\found.004\dir0002.chk\update moved successfully.
C:\found.004\dir0002.chk moved successfully.
C:\found.004\dir0001.chk\KB970238\update moved successfully.
C:\found.004\dir0001.chk\KB970238\SP3QFE moved successfully.
C:\found.004\dir0001.chk\KB970238 moved successfully.
C:\found.004\dir0001.chk\KB969898\update moved successfully.
C:\found.004\dir0001.chk\KB969898 moved successfully.
C:\found.004\dir0001.chk\KB969897-IE7\update moved successfully.
C:\found.004\dir0001.chk\KB969897-IE7\SP3QFE moved successfully.
C:\found.004\dir0001.chk\KB969897-IE7 moved successfully.
C:\found.004\dir0001.chk\KB968537\update moved successfully.
C:\found.004\dir0001.chk\KB968537\SP3QFE moved successfully.
C:\found.004\dir0001.chk\KB968537 moved successfully.
C:\found.004\dir0001.chk\KB967715\update moved successfully.
C:\found.004\dir0001.chk\KB967715\SP3QFE moved successfully.
C:\found.004\dir0001.chk\KB967715 moved successfully.
C:\found.004\dir0001.chk\KB963027-IE7\update moved successfully.
C:\found.004\dir0001.chk\KB963027-IE7\SP3QFE moved successfully.
C:\found.004\dir0001.chk\KB963027-IE7 moved successfully.
C:\found.004\dir0001.chk\KB961501\update moved successfully.
C:\found.004\dir0001.chk\KB961501\SP3QFE moved successfully.
C:\found.004\dir0001.chk\KB961501 moved successfully.
C:\found.004\dir0001.chk\KB961373\update moved successfully.
C:\found.004\dir0001.chk\KB961373\SP3QFE moved successfully.
C:\found.004\dir0001.chk\KB961373 moved successfully.
C:\found.004\dir0001.chk\KB961260-IE7\update moved successfully.
C:\found.004\dir0001.chk\KB961260-IE7\SP2QFE moved successfully.
C:\found.004\dir0001.chk\KB961260-IE7 moved successfully.
C:\found.004\dir0001.chk\KB960803\update moved successfully.
C:\found.004\dir0001.chk\KB960803\SP3QFE moved successfully.
C:\found.004\dir0001.chk\KB960803 moved successfully.
C:\found.004\dir0001.chk\KB960715\update moved successfully.
C:\found.004\dir0001.chk\KB960715 moved successfully.
C:\found.004\dir0001.chk\KB960714-IE7\update moved successfully.
C:\found.004\dir0001.chk\KB960714-IE7\SP2QFE moved successfully.
C:\found.004\dir0001.chk\KB960714-IE7 moved successfully.
C:\found.004\dir0001.chk\KB960225\update moved successfully.
C:\found.004\dir0001.chk\KB960225\SP3QFE moved successfully.
C:\found.004\dir0001.chk\KB960225 moved successfully.
C:\found.004\dir0001.chk\KB959426\update moved successfully.
C:\found.004\dir0001.chk\KB959426\SP3QFE moved successfully.
C:\found.004\dir0001.chk\KB959426 moved successfully.
C:\found.004\dir0001.chk\KB958690\update moved successfully.
C:\found.004\dir0001.chk\KB958690\SP3QFE moved successfully.
C:\found.004\dir0001.chk\KB958690 moved successfully.
C:\found.004\dir0001.chk\KB958687\update moved successfully.
C:\found.004\dir0001.chk\KB958687\SP3QFE moved successfully.
C:\found.004\dir0001.chk\KB958687 moved successfully.
C:\found.004\dir0001.chk\KB958644\update moved successfully.
C:\found.004\dir0001.chk\KB958644\SP3QFE moved successfully.
C:\found.004\dir0001.chk\KB958644 moved successfully.
C:\found.004\dir0001.chk\KB958215-IE7\update moved successfully.
C:\found.004\dir0001.chk\KB958215-IE7\SP2QFE moved successfully.
C:\found.004\dir0001.chk\KB958215-IE7 moved successfully.
C:\found.004\dir0001.chk\KB957097\update moved successfully.
C:\found.004\dir0001.chk\KB957097\SP3QFE moved successfully.
C:\found.004\dir0001.chk\KB957097 moved successfully.
C:\found.004\dir0001.chk\KB957095\update moved successfully.
C:\found.004\dir0001.chk\KB957095\SP3QFE moved successfully.
C:\found.004\dir0001.chk\KB957095 moved successfully.
C:\found.004\dir0001.chk\KB956841\update moved successfully.
C:\found.004\dir0001.chk\KB956841\SP3QFE moved successfully.
C:\found.004\dir0001.chk\KB956841 moved successfully.
C:\found.004\dir0001.chk\KB956803\update moved successfully.
C:\found.004\dir0001.chk\KB956803\SP3QFE moved successfully.
C:\found.004\dir0001.chk\KB956803 moved successfully.
C:\found.004\dir0001.chk\KB956802\update moved successfully.
C:\found.004\dir0001.chk\KB956802\SP3QFE moved successfully.
C:\found.004\dir0001.chk\KB956802 moved successfully.
C:\found.004\dir0001.chk\KB956572\update moved successfully.
C:\found.004\dir0001.chk\KB956572\SP3QFE moved successfully.
C:\found.004\dir0001.chk\KB956572 moved successfully.
C:\found.004\dir0001.chk\KB956391\update moved successfully.
C:\found.004\dir0001.chk\KB956391 moved successfully.
C:\found.004\dir0001.chk\KB956390-IE7\update moved successfully.
C:\found.004\dir0001.chk\KB956390-IE7\SP2QFE moved successfully.
C:\found.004\dir0001.chk\KB956390-IE7 moved successfully.
C:\found.004\dir0001.chk\KB956390\update moved successfully.
C:\found.004\dir0001.chk\KB956390\SP3QFE moved successfully.
C:\found.004\dir0001.chk\KB956390 moved successfully.
C:\found.004\dir0001.chk\KB955839\update moved successfully.
C:\found.004\dir0001.chk\KB955839\SP3QFE moved successfully.
C:\found.004\dir0001.chk\KB955839 moved successfully.
C:\found.004\dir0001.chk\KB955069\update moved successfully.
C:\found.004\dir0001.chk\KB955069\SP3QFE moved successfully.
C:\found.004\dir0001.chk\KB955069 moved successfully.
C:\found.004\dir0001.chk\KB954600\update moved successfully.
C:\found.004\dir0001.chk\KB954600\SP3QFE moved successfully.
C:\found.004\dir0001.chk\KB954600 moved successfully.
C:\found.004\dir0001.chk\KB954459\update moved successfully.
C:\found.004\dir0001.chk\KB954459\SP3QFE moved successfully.
C:\found.004\dir0001.chk\KB954459 moved successfully.
C:\found.004\dir0001.chk\KB954211\update moved successfully.
C:\found.004\dir0001.chk\KB954211\SP3QFE moved successfully.
C:\found.004\dir0001.chk\KB954211 moved successfully.
C:\found.004\dir0001.chk\KB952954\update moved successfully.
C:\found.004\dir0001.chk\KB952954\SP3QFE moved successfully.
C:\found.004\dir0001.chk\KB952954 moved successfully.
C:\found.004\dir0001.chk\KB952287\update moved successfully.
C:\found.004\dir0001.chk\KB952287\SP3QFE moved successfully.
C:\found.004\dir0001.chk\KB952287 moved successfully.
C:\found.004\dir0001.chk\KB952004\update moved successfully.
C:\found.004\dir0001.chk\KB952004\SP3QFE moved successfully.
C:\found.004\dir0001.chk\KB952004 moved successfully.
C:\found.004\dir0001.chk\KB951978\update moved successfully.
C:\found.004\dir0001.chk\KB951978\SP3QFE moved successfully.
C:\found.004\dir0001.chk\KB951978 moved successfully.
C:\found.004\dir0001.chk\KB951748\update moved successfully.
C:\found.004\dir0001.chk\KB951748\SP3QFE moved successfully.
C:\found.004\dir0001.chk\KB951748 moved successfully.
C:\found.004\dir0001.chk\KB951698\update moved successfully.
C:\found.004\dir0001.chk\KB951698\SP3QFE moved successfully.
C:\found.004\dir0001.chk\KB951698 moved successfully.
C:\found.004\dir0001.chk\KB951376-v2\update moved successfully.
C:\found.004\dir0001.chk\KB951376-v2\SP3QFE moved successfully.
C:\found.004\dir0001.chk\KB951376-v2 moved successfully.
C:\found.004\dir0001.chk\KB951072-v2\update moved successfully.
C:\found.004\dir0001.chk\KB951072-v2\SP3QFE moved successfully.
C:\found.004\dir0001.chk\KB951072-v2 moved successfully.
C:\found.004\dir0001.chk\KB951066\update moved successfully.
C:\found.004\dir0001.chk\KB951066\SP3QFE moved successfully.
C:\found.004\dir0001.chk\KB951066 moved successfully.
C:\found.004\dir0001.chk\KB950974\update moved successfully.
C:\found.004\dir0001.chk\KB950974\SP3QFE moved successfully.
C:\found.004\dir0001.chk\KB950974 moved successfully.
C:\found.004\dir0001.chk\KB950762\update moved successfully.
C:\found.004\dir0001.chk\KB950762\SP3QFE moved successfully.
C:\found.004\dir0001.chk\KB950762 moved successfully.
C:\found.004\dir0001.chk\KB946648\update moved successfully.
C:\found.004\dir0001.chk\KB946648\SP3QFE moved successfully.
C:\found.004\dir0001.chk\KB946648 moved successfully.
C:\found.004\dir0001.chk\KB944338-v2 moved successfully.
C:\found.004\dir0001.chk\KB938127-v2-IE7\update moved successfully.
C:\found.004\dir0001.chk\KB938127-v2-IE7\SP2QFE moved successfully.
C:\found.004\dir0001.chk\KB938127-v2-IE7 moved successfully.
C:\found.004\dir0001.chk\KB923561\update moved successfully.
C:\found.004\dir0001.chk\KB923561\SP3QFE moved successfully.
C:\found.004\dir0001.chk\KB923561 moved successfully.
C:\found.004\dir0001.chk\KB915865 moved successfully.
C:\found.004\dir0001.chk moved successfully.
Folder move failed. C:\found.004\dir0000.chk scheduled to be moved on reboot.
C:\found.004 moved successfully.
C:\found.005 moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrateur
->Temporary Internet Files folder emptied: 0 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Jeff
->Temp folder emptied: 587436 bytes
->Temporary Internet Files folder emptied: 12319338 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Sabine
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 3954 bytes
Windows Temp folder emptied: 18915 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 12,36 mb
OTL by OldTimer - Version 3.0.7.1 log created on 07162009_010753
Files\Folders moved on Reboot...
File\Folder C:\found.003\dir0000.chk not found!
File\Folder C:\found.004\dir0000.chk not found!
Registry entries deleted on Reboot...
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
Process iexplore.exe killed successfully!
No active process named firefox.exe was found!
No active process named msnmsgr.exe was found!
No active process named TeaTimer.exe was found!
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
File Protocol\Handler\msdaipp - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ipp\ deleted successfully.
File Protocol\Handler\ipp - No CLSID value found not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ImgTask deleted successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run not found.
========== FILES ==========
C:\Documents and Settings\Sabine\Application Data\Search Settings\kb128\temp moved successfully.
C:\Documents and Settings\Sabine\Application Data\Search Settings\kb128 moved successfully.
C:\Documents and Settings\Sabine\Application Data\Search Settings moved successfully.
C:\Documents and Settings\Sabine\Application Data\pdfforge\temp moved successfully.
C:\Documents and Settings\Sabine\Application Data\pdfforge\res moved successfully.
C:\Documents and Settings\Sabine\Application Data\pdfforge moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\TWAIN32d.dll
C:\WINDOWS\System32\TWAIN32d.dll NOT unregistered.
C:\WINDOWS\System32\TWAIN32d.dll moved successfully.
C:\found.000 moved successfully.
C:\found.001\dir0000.chk\Temporary Internet Files\Content.IE5\QEE7U4IS moved successfully.
C:\found.001\dir0000.chk\Temporary Internet Files\Content.IE5\PN6PT60D moved successfully.
C:\found.001\dir0000.chk\Temporary Internet Files\Content.IE5\FLFT2TBD moved successfully.
C:\found.001\dir0000.chk\Temporary Internet Files\Content.IE5\FIL94N6T moved successfully.
C:\found.001\dir0000.chk\Temporary Internet Files\Content.IE5\5HZK4EJV moved successfully.
C:\found.001\dir0000.chk\Temporary Internet Files\Content.IE5 moved successfully.
C:\found.001\dir0000.chk\Temporary Internet Files moved successfully.
C:\found.001\dir0000.chk\Temp moved successfully.
C:\found.001\dir0000.chk\Historique\History.IE5 moved successfully.
C:\found.001\dir0000.chk\Historique moved successfully.
C:\found.001\dir0000.chk\Application Data\Microsoft\Windows moved successfully.
C:\found.001\dir0000.chk\Application Data\Microsoft\Credentials\S-1-5-20 moved successfully.
C:\found.001\dir0000.chk\Application Data\Microsoft\Credentials moved successfully.
C:\found.001\dir0000.chk\Application Data\Microsoft moved successfully.
C:\found.001\dir0000.chk\Application Data\Matrox moved successfully.
C:\found.001\dir0000.chk\Application Data\Google\Update\Manifest\Initial moved successfully.
C:\found.001\dir0000.chk\Application Data\Google\Update\Manifest moved successfully.
C:\found.001\dir0000.chk\Application Data\Google\Update moved successfully.
C:\found.001\dir0000.chk\Application Data\Google moved successfully.
C:\found.001\dir0000.chk\Application Data\Apple\Apple Software Update moved successfully.
C:\found.001\dir0000.chk\Application Data\Apple moved successfully.
C:\found.001\dir0000.chk\Application Data moved successfully.
C:\found.001\dir0000.chk moved successfully.
C:\found.001 moved successfully.
Folder move failed. C:\found.003\dir0000.chk scheduled to be moved on reboot.
C:\found.003 moved successfully.
C:\found.004\dir0002.chk\update moved successfully.
C:\found.004\dir0002.chk moved successfully.
C:\found.004\dir0001.chk\KB970238\update moved successfully.
C:\found.004\dir0001.chk\KB970238\SP3QFE moved successfully.
C:\found.004\dir0001.chk\KB970238 moved successfully.
C:\found.004\dir0001.chk\KB969898\update moved successfully.
C:\found.004\dir0001.chk\KB969898 moved successfully.
C:\found.004\dir0001.chk\KB969897-IE7\update moved successfully.
C:\found.004\dir0001.chk\KB969897-IE7\SP3QFE moved successfully.
C:\found.004\dir0001.chk\KB969897-IE7 moved successfully.
C:\found.004\dir0001.chk\KB968537\update moved successfully.
C:\found.004\dir0001.chk\KB968537\SP3QFE moved successfully.
C:\found.004\dir0001.chk\KB968537 moved successfully.
C:\found.004\dir0001.chk\KB967715\update moved successfully.
C:\found.004\dir0001.chk\KB967715\SP3QFE moved successfully.
C:\found.004\dir0001.chk\KB967715 moved successfully.
C:\found.004\dir0001.chk\KB963027-IE7\update moved successfully.
C:\found.004\dir0001.chk\KB963027-IE7\SP3QFE moved successfully.
C:\found.004\dir0001.chk\KB963027-IE7 moved successfully.
C:\found.004\dir0001.chk\KB961501\update moved successfully.
C:\found.004\dir0001.chk\KB961501\SP3QFE moved successfully.
C:\found.004\dir0001.chk\KB961501 moved successfully.
C:\found.004\dir0001.chk\KB961373\update moved successfully.
C:\found.004\dir0001.chk\KB961373\SP3QFE moved successfully.
C:\found.004\dir0001.chk\KB961373 moved successfully.
C:\found.004\dir0001.chk\KB961260-IE7\update moved successfully.
C:\found.004\dir0001.chk\KB961260-IE7\SP2QFE moved successfully.
C:\found.004\dir0001.chk\KB961260-IE7 moved successfully.
C:\found.004\dir0001.chk\KB960803\update moved successfully.
C:\found.004\dir0001.chk\KB960803\SP3QFE moved successfully.
C:\found.004\dir0001.chk\KB960803 moved successfully.
C:\found.004\dir0001.chk\KB960715\update moved successfully.
C:\found.004\dir0001.chk\KB960715 moved successfully.
C:\found.004\dir0001.chk\KB960714-IE7\update moved successfully.
C:\found.004\dir0001.chk\KB960714-IE7\SP2QFE moved successfully.
C:\found.004\dir0001.chk\KB960714-IE7 moved successfully.
C:\found.004\dir0001.chk\KB960225\update moved successfully.
C:\found.004\dir0001.chk\KB960225\SP3QFE moved successfully.
C:\found.004\dir0001.chk\KB960225 moved successfully.
C:\found.004\dir0001.chk\KB959426\update moved successfully.
C:\found.004\dir0001.chk\KB959426\SP3QFE moved successfully.
C:\found.004\dir0001.chk\KB959426 moved successfully.
C:\found.004\dir0001.chk\KB958690\update moved successfully.
C:\found.004\dir0001.chk\KB958690\SP3QFE moved successfully.
C:\found.004\dir0001.chk\KB958690 moved successfully.
C:\found.004\dir0001.chk\KB958687\update moved successfully.
C:\found.004\dir0001.chk\KB958687\SP3QFE moved successfully.
C:\found.004\dir0001.chk\KB958687 moved successfully.
C:\found.004\dir0001.chk\KB958644\update moved successfully.
C:\found.004\dir0001.chk\KB958644\SP3QFE moved successfully.
C:\found.004\dir0001.chk\KB958644 moved successfully.
C:\found.004\dir0001.chk\KB958215-IE7\update moved successfully.
C:\found.004\dir0001.chk\KB958215-IE7\SP2QFE moved successfully.
C:\found.004\dir0001.chk\KB958215-IE7 moved successfully.
C:\found.004\dir0001.chk\KB957097\update moved successfully.
C:\found.004\dir0001.chk\KB957097\SP3QFE moved successfully.
C:\found.004\dir0001.chk\KB957097 moved successfully.
C:\found.004\dir0001.chk\KB957095\update moved successfully.
C:\found.004\dir0001.chk\KB957095\SP3QFE moved successfully.
C:\found.004\dir0001.chk\KB957095 moved successfully.
C:\found.004\dir0001.chk\KB956841\update moved successfully.
C:\found.004\dir0001.chk\KB956841\SP3QFE moved successfully.
C:\found.004\dir0001.chk\KB956841 moved successfully.
C:\found.004\dir0001.chk\KB956803\update moved successfully.
C:\found.004\dir0001.chk\KB956803\SP3QFE moved successfully.
C:\found.004\dir0001.chk\KB956803 moved successfully.
C:\found.004\dir0001.chk\KB956802\update moved successfully.
C:\found.004\dir0001.chk\KB956802\SP3QFE moved successfully.
C:\found.004\dir0001.chk\KB956802 moved successfully.
C:\found.004\dir0001.chk\KB956572\update moved successfully.
C:\found.004\dir0001.chk\KB956572\SP3QFE moved successfully.
C:\found.004\dir0001.chk\KB956572 moved successfully.
C:\found.004\dir0001.chk\KB956391\update moved successfully.
C:\found.004\dir0001.chk\KB956391 moved successfully.
C:\found.004\dir0001.chk\KB956390-IE7\update moved successfully.
C:\found.004\dir0001.chk\KB956390-IE7\SP2QFE moved successfully.
C:\found.004\dir0001.chk\KB956390-IE7 moved successfully.
C:\found.004\dir0001.chk\KB956390\update moved successfully.
C:\found.004\dir0001.chk\KB956390\SP3QFE moved successfully.
C:\found.004\dir0001.chk\KB956390 moved successfully.
C:\found.004\dir0001.chk\KB955839\update moved successfully.
C:\found.004\dir0001.chk\KB955839\SP3QFE moved successfully.
C:\found.004\dir0001.chk\KB955839 moved successfully.
C:\found.004\dir0001.chk\KB955069\update moved successfully.
C:\found.004\dir0001.chk\KB955069\SP3QFE moved successfully.
C:\found.004\dir0001.chk\KB955069 moved successfully.
C:\found.004\dir0001.chk\KB954600\update moved successfully.
C:\found.004\dir0001.chk\KB954600\SP3QFE moved successfully.
C:\found.004\dir0001.chk\KB954600 moved successfully.
C:\found.004\dir0001.chk\KB954459\update moved successfully.
C:\found.004\dir0001.chk\KB954459\SP3QFE moved successfully.
C:\found.004\dir0001.chk\KB954459 moved successfully.
C:\found.004\dir0001.chk\KB954211\update moved successfully.
C:\found.004\dir0001.chk\KB954211\SP3QFE moved successfully.
C:\found.004\dir0001.chk\KB954211 moved successfully.
C:\found.004\dir0001.chk\KB952954\update moved successfully.
C:\found.004\dir0001.chk\KB952954\SP3QFE moved successfully.
C:\found.004\dir0001.chk\KB952954 moved successfully.
C:\found.004\dir0001.chk\KB952287\update moved successfully.
C:\found.004\dir0001.chk\KB952287\SP3QFE moved successfully.
C:\found.004\dir0001.chk\KB952287 moved successfully.
C:\found.004\dir0001.chk\KB952004\update moved successfully.
C:\found.004\dir0001.chk\KB952004\SP3QFE moved successfully.
C:\found.004\dir0001.chk\KB952004 moved successfully.
C:\found.004\dir0001.chk\KB951978\update moved successfully.
C:\found.004\dir0001.chk\KB951978\SP3QFE moved successfully.
C:\found.004\dir0001.chk\KB951978 moved successfully.
C:\found.004\dir0001.chk\KB951748\update moved successfully.
C:\found.004\dir0001.chk\KB951748\SP3QFE moved successfully.
C:\found.004\dir0001.chk\KB951748 moved successfully.
C:\found.004\dir0001.chk\KB951698\update moved successfully.
C:\found.004\dir0001.chk\KB951698\SP3QFE moved successfully.
C:\found.004\dir0001.chk\KB951698 moved successfully.
C:\found.004\dir0001.chk\KB951376-v2\update moved successfully.
C:\found.004\dir0001.chk\KB951376-v2\SP3QFE moved successfully.
C:\found.004\dir0001.chk\KB951376-v2 moved successfully.
C:\found.004\dir0001.chk\KB951072-v2\update moved successfully.
C:\found.004\dir0001.chk\KB951072-v2\SP3QFE moved successfully.
C:\found.004\dir0001.chk\KB951072-v2 moved successfully.
C:\found.004\dir0001.chk\KB951066\update moved successfully.
C:\found.004\dir0001.chk\KB951066\SP3QFE moved successfully.
C:\found.004\dir0001.chk\KB951066 moved successfully.
C:\found.004\dir0001.chk\KB950974\update moved successfully.
C:\found.004\dir0001.chk\KB950974\SP3QFE moved successfully.
C:\found.004\dir0001.chk\KB950974 moved successfully.
C:\found.004\dir0001.chk\KB950762\update moved successfully.
C:\found.004\dir0001.chk\KB950762\SP3QFE moved successfully.
C:\found.004\dir0001.chk\KB950762 moved successfully.
C:\found.004\dir0001.chk\KB946648\update moved successfully.
C:\found.004\dir0001.chk\KB946648\SP3QFE moved successfully.
C:\found.004\dir0001.chk\KB946648 moved successfully.
C:\found.004\dir0001.chk\KB944338-v2 moved successfully.
C:\found.004\dir0001.chk\KB938127-v2-IE7\update moved successfully.
C:\found.004\dir0001.chk\KB938127-v2-IE7\SP2QFE moved successfully.
C:\found.004\dir0001.chk\KB938127-v2-IE7 moved successfully.
C:\found.004\dir0001.chk\KB923561\update moved successfully.
C:\found.004\dir0001.chk\KB923561\SP3QFE moved successfully.
C:\found.004\dir0001.chk\KB923561 moved successfully.
C:\found.004\dir0001.chk\KB915865 moved successfully.
C:\found.004\dir0001.chk moved successfully.
Folder move failed. C:\found.004\dir0000.chk scheduled to be moved on reboot.
C:\found.004 moved successfully.
C:\found.005 moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrateur
->Temporary Internet Files folder emptied: 0 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Jeff
->Temp folder emptied: 587436 bytes
->Temporary Internet Files folder emptied: 12319338 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Sabine
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 3954 bytes
Windows Temp folder emptied: 18915 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 12,36 mb
OTL by OldTimer - Version 3.0.7.1 log created on 07162009_010753
Files\Folders moved on Reboot...
File\Folder C:\found.003\dir0000.chk not found!
File\Folder C:\found.004\dir0000.chk not found!
Registry entries deleted on Reboot...