Windows XP qui se transforme en 95
Résolu
Deepvertigo
Messages postés
105
Statut
Membre
-
Deepvertigo Messages postés 105 Statut Membre -
Deepvertigo Messages postés 105 Statut Membre -
Bonjour, voila alors comme dis dans le titre j'ai un problème avec mon windows XP pack2 qui passe a l'affichage de windows 95 après quelque temps du démarrage, avec coupure de connexion et de son, au début je croyais que c'était un problème avec le "Generic Host Process for Win 32 services" j'ai donc télécharger tout les mise a jour et désactivé ce processeur (comme indiqué dans un site), le problème persiste toujours,
après j'ai trouvé ça (Wuauclt.exe) dans la gestion des tache de Windows, et quand j'essaye de terminer le processus il revient a la marche
donc maintenons ma question c'est le problème vient-il de (Wuauclt.exe) ou de (svchost.exe)
ou c'est toute autre chose, et aussi comment s'en débarrassé
merci de votre aide
après j'ai trouvé ça (Wuauclt.exe) dans la gestion des tache de Windows, et quand j'essaye de terminer le processus il revient a la marche
donc maintenons ma question c'est le problème vient-il de (Wuauclt.exe) ou de (svchost.exe)
ou c'est toute autre chose, et aussi comment s'en débarrassé
merci de votre aide
A voir également:
- Windows XP qui se transforme en 95
- Cle windows xp - Guide
- Windows ne se lance pas - Guide
- Telecharger windows xp - Télécharger - Systèmes d'exploitation
- Montage video windows - Guide
- Windows movie maker - Télécharger - Montage & Édition
50 réponses
Bonjour,
Doublon :
http://www.infos-du-net.com/forum/288419-11-windows-transforme
Doublon :
http://www.infos-du-net.com/forum/288419-11-windows-transforme
Deepvertigo
Messages postés
105
Statut
Membre
oui je sais mais ça fonctionne pas vraiment
j'lai pris en premier ^^
tu l'as plus avancé que moi j'ai pas lu tout ton topic ?
deepvertigo , la prochaine fois previens quand tu postes sur plusieurs forums que ce soit ici où la-bas
Destrio je te laisse finir sur IDN
à plus
tu l'as plus avancé que moi j'ai pas lu tout ton topic ?
deepvertigo , la prochaine fois previens quand tu postes sur plusieurs forums que ce soit ici où la-bas
Destrio je te laisse finir sur IDN
à plus
et voila pour le dernier
Fichier sowdp88.dat reçu le 2009.07.31 15:43:40 (UTC)
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.24 2009.07.31 -
AhnLab-V3 5.0.0.2 2009.07.31 -
AntiVir 7.9.0.236 2009.07.31 -
Antiy-AVL 2.0.3.7 2009.07.31 -
Authentium 5.1.2.4 2009.07.31 -
Avast 4.8.1335.0 2009.07.30 -
AVG 8.5.0.406 2009.07.31 -
BitDefender 7.2 2009.07.31 -
CAT-QuickHeal 10.00 2009.07.30 -
ClamAV 0.94.1 2009.07.31 -
Comodo 1824 2009.07.31 -
DrWeb 5.0.0.12182 2009.07.31 -
eSafe 7.0.17.0 2009.07.30 -
eTrust-Vet 31.6.6649 2009.07.31 -
F-Prot 4.4.4.56 2009.07.30 -
F-Secure 8.0.14470.0 2009.07.31 -
Fortinet 3.120.0.0 2009.07.31 -
GData 19 2009.07.31 -
Ikarus T3.1.1.64.0 2009.07.31 -
Jiangmin 11.0.800 2009.07.31 -
K7AntiVirus 7.10.807 2009.07.31 -
Kaspersky 7.0.0.125 2009.07.31 -
McAfee 5693 2009.07.30 -
McAfee+Artemis 5693 2009.07.30 -
McAfee-GW-Edition 6.8.5 2009.07.31 -
Microsoft 1.4903 2009.07.31 -
NOD32 4294 2009.07.31 -
Norman 6.01.09 2009.07.31 -
nProtect 2009.1.8.0 2009.07.31 -
Panda 10.0.0.14 2009.07.31 -
PCTools 4.4.2.0 2009.07.31 -
Prevx 3.0 2009.07.31 -
Rising 21.40.44.00 2009.07.31 -
Sophos 4.44.0 2009.07.31 -
Sunbelt 3.2.1858.2 2009.07.31 -
Symantec 1.4.4.12 2009.07.31 -
TheHacker 6.3.4.3.374 2009.07.30 -
TrendMicro 8.950.0.1094 2009.07.31 -
VBA32 3.12.10.9 2009.07.31 -
ViRobot 2009.7.31.1863 2009.07.31 -
VirusBuster 4.6.5.0 2009.07.31 -
Information additionnelle
File size: 1024 bytes
MD5...: 5063920bcc01d88199f819332345b698
SHA1..: 4b43c7695f1a762179a77cc2a8d49c55216e0629
SHA256: 6b24286ba168e49db9f33920b02444e51ff87f374b3223aea645d473004a01e2
ssdeep: 6:nFcZS88EjkslwMFgc3w745+UQ3MVRBVa8gf8jTQjq8AvcgcdCDAwkFKL0hngv3<br>sr:nFoSzEjvTwlc8<br>
PEiD..: -
TrID..: File type identification<br>Unknown!
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set<br>-
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.24 2009.07.31 -
AhnLab-V3 5.0.0.2 2009.07.31 -
AntiVir 7.9.0.236 2009.07.31 -
Antiy-AVL 2.0.3.7 2009.07.31 -
Authentium 5.1.2.4 2009.07.31 -
Avast 4.8.1335.0 2009.07.30 -
AVG 8.5.0.406 2009.07.31 -
BitDefender 7.2 2009.07.31 -
CAT-QuickHeal 10.00 2009.07.30 -
ClamAV 0.94.1 2009.07.31 -
Comodo 1824 2009.07.31 -
DrWeb 5.0.0.12182 2009.07.31 -
eSafe 7.0.17.0 2009.07.30 -
eTrust-Vet 31.6.6649 2009.07.31 -
F-Prot 4.4.4.56 2009.07.30 -
F-Secure 8.0.14470.0 2009.07.31 -
Fortinet 3.120.0.0 2009.07.31 -
GData 19 2009.07.31 -
Ikarus T3.1.1.64.0 2009.07.31 -
Jiangmin 11.0.800 2009.07.31 -
K7AntiVirus 7.10.807 2009.07.31 -
Kaspersky 7.0.0.125 2009.07.31 -
McAfee 5693 2009.07.30 -
McAfee+Artemis 5693 2009.07.30 -
McAfee-GW-Edition 6.8.5 2009.07.31 -
Microsoft 1.4903 2009.07.31 -
NOD32 4294 2009.07.31 -
Norman 6.01.09 2009.07.31 -
nProtect 2009.1.8.0 2009.07.31 -
Panda 10.0.0.14 2009.07.31 -
PCTools 4.4.2.0 2009.07.31 -
Prevx 3.0 2009.07.31 -
Rising 21.40.44.00 2009.07.31 -
Sophos 4.44.0 2009.07.31 -
Sunbelt 3.2.1858.2 2009.07.31 -
Symantec 1.4.4.12 2009.07.31 -
TheHacker 6.3.4.3.374 2009.07.30 -
TrendMicro 8.950.0.1094 2009.07.31 -
VBA32 3.12.10.9 2009.07.31 -
ViRobot 2009.7.31.1863 2009.07.31 -
VirusBuster 4.6.5.0 2009.07.31 -
Information additionnelle
File size: 1024 bytes
MD5...: 5063920bcc01d88199f819332345b698
SHA1..: 4b43c7695f1a762179a77cc2a8d49c55216e0629
SHA256: 6b24286ba168e49db9f33920b02444e51ff87f374b3223aea645d473004a01e2
ssdeep: 6:nFcZS88EjkslwMFgc3w745+UQ3MVRBVa8gf8jTQjq8AvcgcdCDAwkFKL0hngv3<br>sr:nFoSzEjvTwlc8<br>
PEiD..: -
TrID..: File type identification<br>Unknown!
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set<br>-
Fichier sowdp88.dat reçu le 2009.07.31 15:43:40 (UTC)
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.24 2009.07.31 -
AhnLab-V3 5.0.0.2 2009.07.31 -
AntiVir 7.9.0.236 2009.07.31 -
Antiy-AVL 2.0.3.7 2009.07.31 -
Authentium 5.1.2.4 2009.07.31 -
Avast 4.8.1335.0 2009.07.30 -
AVG 8.5.0.406 2009.07.31 -
BitDefender 7.2 2009.07.31 -
CAT-QuickHeal 10.00 2009.07.30 -
ClamAV 0.94.1 2009.07.31 -
Comodo 1824 2009.07.31 -
DrWeb 5.0.0.12182 2009.07.31 -
eSafe 7.0.17.0 2009.07.30 -
eTrust-Vet 31.6.6649 2009.07.31 -
F-Prot 4.4.4.56 2009.07.30 -
F-Secure 8.0.14470.0 2009.07.31 -
Fortinet 3.120.0.0 2009.07.31 -
GData 19 2009.07.31 -
Ikarus T3.1.1.64.0 2009.07.31 -
Jiangmin 11.0.800 2009.07.31 -
K7AntiVirus 7.10.807 2009.07.31 -
Kaspersky 7.0.0.125 2009.07.31 -
McAfee 5693 2009.07.30 -
McAfee+Artemis 5693 2009.07.30 -
McAfee-GW-Edition 6.8.5 2009.07.31 -
Microsoft 1.4903 2009.07.31 -
NOD32 4294 2009.07.31 -
Norman 6.01.09 2009.07.31 -
nProtect 2009.1.8.0 2009.07.31 -
Panda 10.0.0.14 2009.07.31 -
PCTools 4.4.2.0 2009.07.31 -
Prevx 3.0 2009.07.31 -
Rising 21.40.44.00 2009.07.31 -
Sophos 4.44.0 2009.07.31 -
Sunbelt 3.2.1858.2 2009.07.31 -
Symantec 1.4.4.12 2009.07.31 -
TheHacker 6.3.4.3.374 2009.07.30 -
TrendMicro 8.950.0.1094 2009.07.31 -
VBA32 3.12.10.9 2009.07.31 -
ViRobot 2009.7.31.1863 2009.07.31 -
VirusBuster 4.6.5.0 2009.07.31 -
Information additionnelle
File size: 1024 bytes
MD5...: 5063920bcc01d88199f819332345b698
SHA1..: 4b43c7695f1a762179a77cc2a8d49c55216e0629
SHA256: 6b24286ba168e49db9f33920b02444e51ff87f374b3223aea645d473004a01e2
ssdeep: 6:nFcZS88EjkslwMFgc3w745+UQ3MVRBVa8gf8jTQjq8AvcgcdCDAwkFKL0hngv3<br>sr:nFoSzEjvTwlc8<br>
PEiD..: -
TrID..: File type identification<br>Unknown!
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set<br>-
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.24 2009.07.31 -
AhnLab-V3 5.0.0.2 2009.07.31 -
AntiVir 7.9.0.236 2009.07.31 -
Antiy-AVL 2.0.3.7 2009.07.31 -
Authentium 5.1.2.4 2009.07.31 -
Avast 4.8.1335.0 2009.07.30 -
AVG 8.5.0.406 2009.07.31 -
BitDefender 7.2 2009.07.31 -
CAT-QuickHeal 10.00 2009.07.30 -
ClamAV 0.94.1 2009.07.31 -
Comodo 1824 2009.07.31 -
DrWeb 5.0.0.12182 2009.07.31 -
eSafe 7.0.17.0 2009.07.30 -
eTrust-Vet 31.6.6649 2009.07.31 -
F-Prot 4.4.4.56 2009.07.30 -
F-Secure 8.0.14470.0 2009.07.31 -
Fortinet 3.120.0.0 2009.07.31 -
GData 19 2009.07.31 -
Ikarus T3.1.1.64.0 2009.07.31 -
Jiangmin 11.0.800 2009.07.31 -
K7AntiVirus 7.10.807 2009.07.31 -
Kaspersky 7.0.0.125 2009.07.31 -
McAfee 5693 2009.07.30 -
McAfee+Artemis 5693 2009.07.30 -
McAfee-GW-Edition 6.8.5 2009.07.31 -
Microsoft 1.4903 2009.07.31 -
NOD32 4294 2009.07.31 -
Norman 6.01.09 2009.07.31 -
nProtect 2009.1.8.0 2009.07.31 -
Panda 10.0.0.14 2009.07.31 -
PCTools 4.4.2.0 2009.07.31 -
Prevx 3.0 2009.07.31 -
Rising 21.40.44.00 2009.07.31 -
Sophos 4.44.0 2009.07.31 -
Sunbelt 3.2.1858.2 2009.07.31 -
Symantec 1.4.4.12 2009.07.31 -
TheHacker 6.3.4.3.374 2009.07.30 -
TrendMicro 8.950.0.1094 2009.07.31 -
VBA32 3.12.10.9 2009.07.31 -
ViRobot 2009.7.31.1863 2009.07.31 -
VirusBuster 4.6.5.0 2009.07.31 -
Information additionnelle
File size: 1024 bytes
MD5...: 5063920bcc01d88199f819332345b698
SHA1..: 4b43c7695f1a762179a77cc2a8d49c55216e0629
SHA256: 6b24286ba168e49db9f33920b02444e51ff87f374b3223aea645d473004a01e2
ssdeep: 6:nFcZS88EjkslwMFgc3w745+UQ3MVRBVa8gf8jTQjq8AvcgcdCDAwkFKL0hngv3<br>sr:nFoSzEjvTwlc8<br>
PEiD..: -
TrID..: File type identification<br>Unknown!
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set<br>-
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
"Ah mes nn c'est pas cool ce que tu fais la"
--> Tu crois que c'est cool ce que tu nous as fait là ?
--> Tu crois que c'est cool ce que tu nous as fait là ?
ecouter je suis vraiment dsl
mais il me faut vraiment régler ce problème
c'est pas mon ordi, j'ai rien contre vous les mecs
je veux juste la solution
mais il me faut vraiment régler ce problème
c'est pas mon ordi, j'ai rien contre vous les mecs
je veux juste la solution
voila le rapport et je tenais a dire que je suis vraiment vraiment Désolé pour ce qui sais passé
ComboFix 09-07-29.04 - mai 31/07/2009 16:52.1.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1256.213.1036.18.1023.533 [GMT 1:00]
Running from: c:\documents and settings\mai.DECOMAI-42D9BB0\Mes documents\Downloads\Programs\ComboFix.exe
AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\recycler\S-1-5-21-1343024091-1580436667-682003330-1003
.
((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-31 )))))))))))))))))))))))))))))))
.
2009-07-31 14:34 . 2009-07-31 14:34 -------- d-----w- C:\VundoFix Backups
2009-07-31 13:52 . 2009-07-31 13:52 -------- d-----w- c:\documents and settings\mai.DECOMAI-42D9BB0\Application Data\Malwarebytes
2009-07-31 13:52 . 2009-07-31 13:52 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-07-31 13:13 . 2009-07-31 14:13 -------- d-----w- c:\program files\Ad-remover
2009-07-31 10:26 . 2009-07-31 10:26 -------- d-----w- c:\program files\trend micro
2009-07-31 10:26 . 2009-07-31 10:42 -------- d-----w- C:\rsit
2009-07-29 12:53 . 2008-10-16 13:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-07-29 12:53 . 2008-10-16 13:06 208744 ----a-w- c:\windows\system32\muweb.dll
2009-07-29 12:03 . 2009-07-29 12:03 0 ----a-w- c:\windows\nsreg.dat
2009-07-29 12:03 . 2009-07-29 12:03 -------- d-----w- c:\documents and settings\hiche\Local Settings\Application Data\Mozilla
2009-07-29 12:02 . 2009-07-29 12:02 -------- d-----w- c:\documents and settings\hiche\Application Data\Search Settings
2009-07-29 11:57 . 2009-07-29 11:57 -------- d-----w- c:\documents and settings\Invité
2009-07-22 19:07 . 2009-07-22 19:10 -------- d-----w- C:\DOSSIER WINDOWS
2009-07-22 10:53 . 2009-07-27 17:31 -------- d-----w- c:\documents and settings\mai.DECOMAI-42D9BB0\Application Data\Audacity
2009-07-22 10:53 . 2009-07-22 10:53 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2009-07-21 21:35 . 2009-07-21 21:35 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-21 21:35 . 2009-07-21 21:35 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-07-21 21:31 . 2009-07-21 21:32 -------- d-----w- c:\program files\SystemRequirementsLab
2009-07-21 21:31 . 2009-07-21 21:31 -------- d-----w- c:\documents and settings\mai.DECOMAI-42D9BB0\Application Data\SystemRequirementsLab
2009-07-21 21:31 . 2009-07-21 21:31 207872 ----a-w- c:\documents and settings\mai.DECOMAI-42D9BB0\Application Data\SystemRequirementsLab\SRLProxy_srl_4.dll
2009-07-21 21:31 . 2009-07-21 21:31 207872 ----a-w- c:\documents and settings\mai.DECOMAI-42D9BB0\Application Data\SystemRequirementsLab\SRLProxy_srl_3.dll
2009-07-21 21:31 . 2009-07-21 21:31 207872 ----a-w- c:\documents and settings\mai.DECOMAI-42D9BB0\Application Data\SystemRequirementsLab\SRLProxy_srl_2.dll
2009-07-21 21:31 . 2009-07-21 21:31 207872 ----a-w- c:\documents and settings\mai.DECOMAI-42D9BB0\Application Data\SystemRequirementsLab\SRLProxy_srl_1.dll
2009-07-12 17:13 . 2009-07-19 21:22 53452 ----a-w- c:\windows\desctemp.dat
2009-07-11 15:43 . 2009-07-27 21:55 -------- d-----w- c:\program files\Neuro-Programmer 2 Professional
2009-07-09 23:26 . 2009-07-09 23:26 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Ashampoo
2009-07-09 23:26 . 2009-07-09 23:26 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\page
2009-07-09 23:15 . 2009-07-09 23:15 -------- d-----w- c:\documents and settings\mai.DECOMAI-42D9BB0\Application Data\URSoft
2009-07-09 22:06 . 2009-07-09 22:06 23 --sha-w- c:\windows\system32\edacded0.dat
2009-07-09 15:05 . 1995-10-07 10:33 773120 ------w- c:\windows\system32\ir41_32.dll
2009-07-09 15:04 . 2009-07-09 15:04 -------- d-----w- c:\program files\Microsoft Games
2009-07-09 13:41 . 2009-07-09 14:12 -------- d-----w- c:\program files\Teleport Pro
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-31 15:58 . 2008-08-23 13:07 -------- d-----w- c:\documents and settings\mai.DECOMAI-42D9BB0\Application Data\DMCache
2009-07-31 15:58 . 2008-11-29 16:50 -------- d-----w- c:\program files\DNA
2009-07-31 15:58 . 2008-11-29 16:50 -------- d-----w- c:\documents and settings\mai.DECOMAI-42D9BB0\Application Data\DNA
2009-07-31 14:25 . 2008-10-21 15:05 169936 ----a-w- c:\documents and settings\mai.DECOMAI-42D9BB0\Application Data\Mozilla\Firefox\Profiles\hruxt8ww.default\FlashGot.exe
2009-07-31 13:06 . 2008-09-18 21:18 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2009-07-30 09:25 . 2002-09-07 00:00 76112 ----a-w- c:\windows\system32\perfc00C.dat
2009-07-30 09:25 . 2002-09-07 00:00 470758 ----a-w- c:\windows\system32\perfh00C.dat
2009-07-29 19:54 . 2008-08-16 13:07 -------- d-----w- c:\program files\eMule
2009-07-23 22:37 . 2008-11-29 16:51 -------- d-----w- c:\documents and settings\mai.DECOMAI-42D9BB0\Application Data\BitTorrent
2009-07-20 16:48 . 2009-02-28 20:38 -------- d-----w- c:\program files\Free FLV Converter
2009-07-17 12:09 . 2008-06-21 13:04 -------- d-----w- c:\program files\Google
2009-07-09 23:27 . 2008-08-06 12:35 101840 ----a-w- c:\documents and settings\mai.DECOMAI-42D9BB0\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-09 13:22 . 2008-11-27 17:30 -------- d-----w- c:\documents and settings\mai.DECOMAI-42D9BB0\Application Data\Shareaza
2009-07-06 12:14 . 2009-06-08 20:53 -------- d-----w- c:\documents and settings\mai.DECOMAI-42D9BB0\Application Data\GetRightToGo
2009-07-01 10:41 . 2009-07-01 10:41 -------- d-----w- c:\program files\Subliminal Blaster 2.0
2009-06-27 14:37 . 2008-11-29 17:04 -------- d-----w- c:\program files\uTorrent
2009-06-26 20:35 . 2009-06-26 17:01 -------- d-----w- c:\program files\Game Accelerator
2009-06-24 23:00 . 2009-06-24 22:57 1024 ----a-w- c:\windows\system32\sowdp88.dat
2009-06-24 13:44 . 2008-11-29 17:04 -------- d-----w- c:\documents and settings\mai.DECOMAI-42D9BB0\Application Data\uTorrent
2009-06-24 12:14 . 2008-09-26 23:32 -------- d-----w- c:\program files\Windows Live
2009-06-24 12:13 . 2009-06-24 12:13 -------- d-----w- c:\program files\Microsoft
2009-06-24 12:12 . 2009-06-24 12:12 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-06-15 22:52 . 2009-04-05 21:25 -------- d-----w- c:\documents and settings\mai.DECOMAI-42D9BB0\Application Data\IDM
2009-06-10 11:30 . 2009-06-10 11:30 154 ----a-w- C:\Delapp.bat
2009-06-08 11:15 . 2008-08-17 17:10 -------- d-----w- c:\program files\CA VMN Anti-Spyware
2009-03-08 16:54 . 2009-03-08 16:57 10024504 ----a-w- c:\program files\picasa3-setup.exe
2009-07-23 10:07 . 2008-10-23 17:05 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-11-29 342336]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2008-09-27 932272]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-08-07 949376]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"ISUSPM"="c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-05-02 198160]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeAnimation"= 1 (0x1)
"NoStrCmpLogical"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoStrCmpLogical"= 1 (0x1)
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Adobe Reader Synchronizer.lnk]
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CameraFixer
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uyyuguy
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"EPSON Stylus DX4400 Series"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "c:\windows\TEMP\E_SC3.tmp" /EF "HKCU"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Ulead AutoDetector v2"=c:\program files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe"
"SearchSettings"=c:\program files\Search Settings\SearchSettings.exe
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\SYSTRAN\\6\\SystranToolbar.exe"=
"c:\\Program Files\\SYSTRAN\\6\\Dicts\\SystranTranslationEngine.exe"=
"c:\\Program Files\\SYSTRAN\\6\\Dicts\\SystranCodingEngine.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [07/08/2008 20:25 15424]
S2 E2ECAP;e2eCap - WDM Video Capture;c:\windows\system32\drivers\e2eCap.sys [08/09/2008 22:22 126208]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
2009-07-24 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 14:17]
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{A057A204-BACC-4D26-8287-79A187E26987} - (no file)
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = 127.0.0.1:9666
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporter vers Microsoft Excel
IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Télécharger le contenu de video FLV avec IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Télécharger tous les liens avec IDM - c:\program files\Internet Download Manager\IEGetAll.htm
LSP: c:\windows\system32\imon.dll
TCP: {8F8C659C-15DC-44FB-BB28-65AE33DADE47} = 4.2.2.3 4.2.2.4
FF - ProfilePath - c:\documents and settings\mai.DECOMAI-42D9BB0\Application Data\Mozilla\Firefox\Profiles\hruxt8ww.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - component: c:\documents and settings\mai.DECOMAI-42D9BB0\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
---- FIREFOX POLICIES ----
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-31 16:58
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{50d67670-9221-4367-8142-2d24108dc23a}]
@Denied: (Full) (Everyone)
"Model"=dword:000000d3
"Therad"=dword:0000000a
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):c5,6b,b7,80,b3,c9,ab,6a,c1,fe,4e,08,5a,f7,88,29,2d,50,63,1f,c6,
ac,8e,3c,83,90,39,2a,14,7b,70,1b,2e,81,4c,9a,1b,50,ef,cc,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{75e51129-f80d-4bbc-b3e8-4251630c3a2d}]
@Denied: (Full) (Everyone)
"Model"=dword:00000120
"Therad"=dword:0000002a
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):cb,82,db,9f,07,6b,27,6a,f1,71,f2,bc,43,f8,18,52,1c,91,8d,97,52,
ee,26,d0,42,a7,03,2b,86,2e,cb,a5,84,91,13,0e,fc,89,1c,97,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{d83064bb-3529-4539-8aba-17bfbb2f9fd0}]
@Denied: (Full) (Everyone)
"Model"=dword:0000006c
"Therad"=dword:0000000f
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(784)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\ESET\nod32krn.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-07-31 17:03 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-31 16:03
Pre-Run: 4 464 467 968 octets libres
Post-Run: 4 384 174 080 octets libres
218
ComboFix 09-07-29.04 - mai 31/07/2009 16:52.1.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1256.213.1036.18.1023.533 [GMT 1:00]
Running from: c:\documents and settings\mai.DECOMAI-42D9BB0\Mes documents\Downloads\Programs\ComboFix.exe
AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\recycler\S-1-5-21-1343024091-1580436667-682003330-1003
.
((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-31 )))))))))))))))))))))))))))))))
.
2009-07-31 14:34 . 2009-07-31 14:34 -------- d-----w- C:\VundoFix Backups
2009-07-31 13:52 . 2009-07-31 13:52 -------- d-----w- c:\documents and settings\mai.DECOMAI-42D9BB0\Application Data\Malwarebytes
2009-07-31 13:52 . 2009-07-31 13:52 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-07-31 13:13 . 2009-07-31 14:13 -------- d-----w- c:\program files\Ad-remover
2009-07-31 10:26 . 2009-07-31 10:26 -------- d-----w- c:\program files\trend micro
2009-07-31 10:26 . 2009-07-31 10:42 -------- d-----w- C:\rsit
2009-07-29 12:53 . 2008-10-16 13:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-07-29 12:53 . 2008-10-16 13:06 208744 ----a-w- c:\windows\system32\muweb.dll
2009-07-29 12:03 . 2009-07-29 12:03 0 ----a-w- c:\windows\nsreg.dat
2009-07-29 12:03 . 2009-07-29 12:03 -------- d-----w- c:\documents and settings\hiche\Local Settings\Application Data\Mozilla
2009-07-29 12:02 . 2009-07-29 12:02 -------- d-----w- c:\documents and settings\hiche\Application Data\Search Settings
2009-07-29 11:57 . 2009-07-29 11:57 -------- d-----w- c:\documents and settings\Invité
2009-07-22 19:07 . 2009-07-22 19:10 -------- d-----w- C:\DOSSIER WINDOWS
2009-07-22 10:53 . 2009-07-27 17:31 -------- d-----w- c:\documents and settings\mai.DECOMAI-42D9BB0\Application Data\Audacity
2009-07-22 10:53 . 2009-07-22 10:53 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2009-07-21 21:35 . 2009-07-21 21:35 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-21 21:35 . 2009-07-21 21:35 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-07-21 21:31 . 2009-07-21 21:32 -------- d-----w- c:\program files\SystemRequirementsLab
2009-07-21 21:31 . 2009-07-21 21:31 -------- d-----w- c:\documents and settings\mai.DECOMAI-42D9BB0\Application Data\SystemRequirementsLab
2009-07-21 21:31 . 2009-07-21 21:31 207872 ----a-w- c:\documents and settings\mai.DECOMAI-42D9BB0\Application Data\SystemRequirementsLab\SRLProxy_srl_4.dll
2009-07-21 21:31 . 2009-07-21 21:31 207872 ----a-w- c:\documents and settings\mai.DECOMAI-42D9BB0\Application Data\SystemRequirementsLab\SRLProxy_srl_3.dll
2009-07-21 21:31 . 2009-07-21 21:31 207872 ----a-w- c:\documents and settings\mai.DECOMAI-42D9BB0\Application Data\SystemRequirementsLab\SRLProxy_srl_2.dll
2009-07-21 21:31 . 2009-07-21 21:31 207872 ----a-w- c:\documents and settings\mai.DECOMAI-42D9BB0\Application Data\SystemRequirementsLab\SRLProxy_srl_1.dll
2009-07-12 17:13 . 2009-07-19 21:22 53452 ----a-w- c:\windows\desctemp.dat
2009-07-11 15:43 . 2009-07-27 21:55 -------- d-----w- c:\program files\Neuro-Programmer 2 Professional
2009-07-09 23:26 . 2009-07-09 23:26 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Ashampoo
2009-07-09 23:26 . 2009-07-09 23:26 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\page
2009-07-09 23:15 . 2009-07-09 23:15 -------- d-----w- c:\documents and settings\mai.DECOMAI-42D9BB0\Application Data\URSoft
2009-07-09 22:06 . 2009-07-09 22:06 23 --sha-w- c:\windows\system32\edacded0.dat
2009-07-09 15:05 . 1995-10-07 10:33 773120 ------w- c:\windows\system32\ir41_32.dll
2009-07-09 15:04 . 2009-07-09 15:04 -------- d-----w- c:\program files\Microsoft Games
2009-07-09 13:41 . 2009-07-09 14:12 -------- d-----w- c:\program files\Teleport Pro
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-31 15:58 . 2008-08-23 13:07 -------- d-----w- c:\documents and settings\mai.DECOMAI-42D9BB0\Application Data\DMCache
2009-07-31 15:58 . 2008-11-29 16:50 -------- d-----w- c:\program files\DNA
2009-07-31 15:58 . 2008-11-29 16:50 -------- d-----w- c:\documents and settings\mai.DECOMAI-42D9BB0\Application Data\DNA
2009-07-31 14:25 . 2008-10-21 15:05 169936 ----a-w- c:\documents and settings\mai.DECOMAI-42D9BB0\Application Data\Mozilla\Firefox\Profiles\hruxt8ww.default\FlashGot.exe
2009-07-31 13:06 . 2008-09-18 21:18 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2009-07-30 09:25 . 2002-09-07 00:00 76112 ----a-w- c:\windows\system32\perfc00C.dat
2009-07-30 09:25 . 2002-09-07 00:00 470758 ----a-w- c:\windows\system32\perfh00C.dat
2009-07-29 19:54 . 2008-08-16 13:07 -------- d-----w- c:\program files\eMule
2009-07-23 22:37 . 2008-11-29 16:51 -------- d-----w- c:\documents and settings\mai.DECOMAI-42D9BB0\Application Data\BitTorrent
2009-07-20 16:48 . 2009-02-28 20:38 -------- d-----w- c:\program files\Free FLV Converter
2009-07-17 12:09 . 2008-06-21 13:04 -------- d-----w- c:\program files\Google
2009-07-09 23:27 . 2008-08-06 12:35 101840 ----a-w- c:\documents and settings\mai.DECOMAI-42D9BB0\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-09 13:22 . 2008-11-27 17:30 -------- d-----w- c:\documents and settings\mai.DECOMAI-42D9BB0\Application Data\Shareaza
2009-07-06 12:14 . 2009-06-08 20:53 -------- d-----w- c:\documents and settings\mai.DECOMAI-42D9BB0\Application Data\GetRightToGo
2009-07-01 10:41 . 2009-07-01 10:41 -------- d-----w- c:\program files\Subliminal Blaster 2.0
2009-06-27 14:37 . 2008-11-29 17:04 -------- d-----w- c:\program files\uTorrent
2009-06-26 20:35 . 2009-06-26 17:01 -------- d-----w- c:\program files\Game Accelerator
2009-06-24 23:00 . 2009-06-24 22:57 1024 ----a-w- c:\windows\system32\sowdp88.dat
2009-06-24 13:44 . 2008-11-29 17:04 -------- d-----w- c:\documents and settings\mai.DECOMAI-42D9BB0\Application Data\uTorrent
2009-06-24 12:14 . 2008-09-26 23:32 -------- d-----w- c:\program files\Windows Live
2009-06-24 12:13 . 2009-06-24 12:13 -------- d-----w- c:\program files\Microsoft
2009-06-24 12:12 . 2009-06-24 12:12 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-06-15 22:52 . 2009-04-05 21:25 -------- d-----w- c:\documents and settings\mai.DECOMAI-42D9BB0\Application Data\IDM
2009-06-10 11:30 . 2009-06-10 11:30 154 ----a-w- C:\Delapp.bat
2009-06-08 11:15 . 2008-08-17 17:10 -------- d-----w- c:\program files\CA VMN Anti-Spyware
2009-03-08 16:54 . 2009-03-08 16:57 10024504 ----a-w- c:\program files\picasa3-setup.exe
2009-07-23 10:07 . 2008-10-23 17:05 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-11-29 342336]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2008-09-27 932272]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-08-07 949376]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"ISUSPM"="c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-05-02 198160]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeAnimation"= 1 (0x1)
"NoStrCmpLogical"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoStrCmpLogical"= 1 (0x1)
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Adobe Reader Synchronizer.lnk]
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CameraFixer
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uyyuguy
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"EPSON Stylus DX4400 Series"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "c:\windows\TEMP\E_SC3.tmp" /EF "HKCU"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Ulead AutoDetector v2"=c:\program files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe"
"SearchSettings"=c:\program files\Search Settings\SearchSettings.exe
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\SYSTRAN\\6\\SystranToolbar.exe"=
"c:\\Program Files\\SYSTRAN\\6\\Dicts\\SystranTranslationEngine.exe"=
"c:\\Program Files\\SYSTRAN\\6\\Dicts\\SystranCodingEngine.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [07/08/2008 20:25 15424]
S2 E2ECAP;e2eCap - WDM Video Capture;c:\windows\system32\drivers\e2eCap.sys [08/09/2008 22:22 126208]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
2009-07-24 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 14:17]
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{A057A204-BACC-4D26-8287-79A187E26987} - (no file)
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = 127.0.0.1:9666
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporter vers Microsoft Excel
IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Télécharger le contenu de video FLV avec IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Télécharger tous les liens avec IDM - c:\program files\Internet Download Manager\IEGetAll.htm
LSP: c:\windows\system32\imon.dll
TCP: {8F8C659C-15DC-44FB-BB28-65AE33DADE47} = 4.2.2.3 4.2.2.4
FF - ProfilePath - c:\documents and settings\mai.DECOMAI-42D9BB0\Application Data\Mozilla\Firefox\Profiles\hruxt8ww.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - component: c:\documents and settings\mai.DECOMAI-42D9BB0\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
---- FIREFOX POLICIES ----
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-31 16:58
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{50d67670-9221-4367-8142-2d24108dc23a}]
@Denied: (Full) (Everyone)
"Model"=dword:000000d3
"Therad"=dword:0000000a
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):c5,6b,b7,80,b3,c9,ab,6a,c1,fe,4e,08,5a,f7,88,29,2d,50,63,1f,c6,
ac,8e,3c,83,90,39,2a,14,7b,70,1b,2e,81,4c,9a,1b,50,ef,cc,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{75e51129-f80d-4bbc-b3e8-4251630c3a2d}]
@Denied: (Full) (Everyone)
"Model"=dword:00000120
"Therad"=dword:0000002a
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):cb,82,db,9f,07,6b,27,6a,f1,71,f2,bc,43,f8,18,52,1c,91,8d,97,52,
ee,26,d0,42,a7,03,2b,86,2e,cb,a5,84,91,13,0e,fc,89,1c,97,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{d83064bb-3529-4539-8aba-17bfbb2f9fd0}]
@Denied: (Full) (Everyone)
"Model"=dword:0000006c
"Therad"=dword:0000000f
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(784)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\ESET\nod32krn.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-07-31 17:03 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-31 16:03
Pre-Run: 4 464 467 968 octets libres
Post-Run: 4 384 174 080 octets libres
218
oui c'est nettement mieux
le problème n'ai pas encore survenu,(mais bon faut dire d'habitude ça prend environ 1 heure avant que ça se passe)
le problème n'ai pas encore survenu,(mais bon faut dire d'habitude ça prend environ 1 heure avant que ça se passe)
ah oui heureusement que tu est la gen-hackman,
j'avais complément oublier
ce truc ça va me rendre complètement fou
j'avais complément oublier
ce truc ça va me rendre complètement fou
forcement seulement la moitié de ceci a ete fait apparement :
https://forums.commentcamarche.net/forum/affich-13626817-windows-xp-qui-se-transforme-en-95?entiere#16
https://forums.commentcamarche.net/forum/affich-13626817-windows-xp-qui-se-transforme-en-95?entiere#16
ok alors j'ai fais ce qui est demandé et voila le rapport
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
No active process named iexplore.exe was found!
No active process named firefox.exe was found!
No active process named msnmsgr.exe was found!
No active process named TeaTimer.exe was found!
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ not found.
Registry value HKEY_USERS\S-1-5-21-746137067-412668190-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-8287-79A187E26987} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-8287-79A187E26987}\ not found.
Registry value HKEY_USERS\S-1-5-21-746137067-412668190-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Add to Google Photos Screensa&ver\ deleted successfully.
C:\WINDOWS\System32\GPhotos.scr moved successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Télécharger avec IDM\ deleted successfully.
C:\Program Files\Internet Download Manager\IEExt.htm moved successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Télécharger le contenu de video FLV avec IDM\ deleted successfully.
C:\Program Files\Internet Download Manager\IEGetVL.htm moved successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Télécharger tous les liens avec IDM\ deleted successfully.
C:\Program Files\Internet Download Manager\IEGetAll.htm moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1911-F110-11d2-BB9E-00C04F795683}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1911-F110-11d2-BB9E-00C04F795683}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1911-F110-11d2-BB9E-00C04F795683}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1911-F110-11d2-BB9E-00C04F795683}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
File Protocol\Handler\msdaipp - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ipp\ deleted successfully.
File Protocol\Handler\ipp - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\byxYpOEu\ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages:C:\WINDOWS\system32\tuvSKcDw scheduled to be deleted on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b77297fb-f8dc-11dd-9545-00147f2d15d9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b77297fb-f8dc-11dd-9545-00147f2d15d9}\ not found.
File F:\RECYCLER\S-1-6-21-2434476501-1644491937-600003331-1213\SCtri.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b77297fb-f8dc-11dd-9545-00147f2d15d9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b77297fb-f8dc-11dd-9545-00147f2d15d9}\ not found.
File F:\RECYCLER\S-1-6-21-2434476501-1644491937-600003331-1213\SCtri.exe not found.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0F8F5844 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:DFC5A2B2 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:5FC93B4C deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:B3D74A13 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:5BB923A2 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:F87C192A deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\TkBellExe deleted successfully.
========== FILES ==========
File\Folder C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} not found.
File\Folder C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} not found.
C:\Documents and Settings\All Users\Application Data\SweetIM\Toolbars\Internet Explorer\cache moved successfully.
C:\Documents and Settings\All Users\Application Data\SweetIM\Toolbars\Internet Explorer moved successfully.
C:\Documents and Settings\All Users\Application Data\SweetIM\Toolbars moved successfully.
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb moved successfully.
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data moved successfully.
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\conf\users\maihichem@hotmail.fr moved successfully.
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\conf\users moved successfully.
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\conf moved successfully.
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger moved successfully.
C:\Documents and Settings\All Users\Application Data\SweetIM moved successfully.
C:\Documents and Settings\hiche\Application Data\Search Settings\kb127\temp moved successfully.
C:\Documents and Settings\hiche\Application Data\Search Settings\kb127\res moved successfully.
C:\Documents and Settings\hiche\Application Data\Search Settings\kb127 moved successfully.
C:\Documents and Settings\hiche\Application Data\Search Settings moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: All Users.WINDOWS
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Default User.WINDOWS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: hiche
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 9033051 bytes
User: Invité
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 38394 bytes
User: LocalService.AUTORITE NT
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: mai
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 78991 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 41329103 bytes
User: mai.DECOMAI-42D9BB0
->Temp folder emptied: 1423 bytes
->Temporary Internet Files folder emptied: 542746 bytes
->Java cache emptied: 130697 bytes
->FireFox cache emptied: 47565246 bytes
->Google Chrome cache emptied: 6344829 bytes
User: MAI~1~DEC
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService.AUTORITE NT
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\NetworkService.AUTORITE NT\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 32835 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 100,26 mb
OTL by OldTimer - Version 3.0.10.3 log created on 07312009_173210
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages:C:\WINDOWS\system32\tuvSKcDw scheduled to be deleted on reboot.
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
No active process named iexplore.exe was found!
No active process named firefox.exe was found!
No active process named msnmsgr.exe was found!
No active process named TeaTimer.exe was found!
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ not found.
Registry value HKEY_USERS\S-1-5-21-746137067-412668190-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-8287-79A187E26987} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-8287-79A187E26987}\ not found.
Registry value HKEY_USERS\S-1-5-21-746137067-412668190-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Add to Google Photos Screensa&ver\ deleted successfully.
C:\WINDOWS\System32\GPhotos.scr moved successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Télécharger avec IDM\ deleted successfully.
C:\Program Files\Internet Download Manager\IEExt.htm moved successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Télécharger le contenu de video FLV avec IDM\ deleted successfully.
C:\Program Files\Internet Download Manager\IEGetVL.htm moved successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Télécharger tous les liens avec IDM\ deleted successfully.
C:\Program Files\Internet Download Manager\IEGetAll.htm moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1911-F110-11d2-BB9E-00C04F795683}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1911-F110-11d2-BB9E-00C04F795683}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1911-F110-11d2-BB9E-00C04F795683}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1911-F110-11d2-BB9E-00C04F795683}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
File Protocol\Handler\msdaipp - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ipp\ deleted successfully.
File Protocol\Handler\ipp - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\byxYpOEu\ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages:C:\WINDOWS\system32\tuvSKcDw scheduled to be deleted on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b77297fb-f8dc-11dd-9545-00147f2d15d9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b77297fb-f8dc-11dd-9545-00147f2d15d9}\ not found.
File F:\RECYCLER\S-1-6-21-2434476501-1644491937-600003331-1213\SCtri.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b77297fb-f8dc-11dd-9545-00147f2d15d9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b77297fb-f8dc-11dd-9545-00147f2d15d9}\ not found.
File F:\RECYCLER\S-1-6-21-2434476501-1644491937-600003331-1213\SCtri.exe not found.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0F8F5844 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:DFC5A2B2 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:5FC93B4C deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:B3D74A13 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:5BB923A2 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:F87C192A deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\TkBellExe deleted successfully.
========== FILES ==========
File\Folder C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} not found.
File\Folder C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} not found.
C:\Documents and Settings\All Users\Application Data\SweetIM\Toolbars\Internet Explorer\cache moved successfully.
C:\Documents and Settings\All Users\Application Data\SweetIM\Toolbars\Internet Explorer moved successfully.
C:\Documents and Settings\All Users\Application Data\SweetIM\Toolbars moved successfully.
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb moved successfully.
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data moved successfully.
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\conf\users\maihichem@hotmail.fr moved successfully.
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\conf\users moved successfully.
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\conf moved successfully.
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger moved successfully.
C:\Documents and Settings\All Users\Application Data\SweetIM moved successfully.
C:\Documents and Settings\hiche\Application Data\Search Settings\kb127\temp moved successfully.
C:\Documents and Settings\hiche\Application Data\Search Settings\kb127\res moved successfully.
C:\Documents and Settings\hiche\Application Data\Search Settings\kb127 moved successfully.
C:\Documents and Settings\hiche\Application Data\Search Settings moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: All Users.WINDOWS
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Default User.WINDOWS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: hiche
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 9033051 bytes
User: Invité
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 38394 bytes
User: LocalService.AUTORITE NT
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: mai
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 78991 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 41329103 bytes
User: mai.DECOMAI-42D9BB0
->Temp folder emptied: 1423 bytes
->Temporary Internet Files folder emptied: 542746 bytes
->Java cache emptied: 130697 bytes
->FireFox cache emptied: 47565246 bytes
->Google Chrome cache emptied: 6344829 bytes
User: MAI~1~DEC
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService.AUTORITE NT
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\NetworkService.AUTORITE NT\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 32835 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 100,26 mb
OTL by OldTimer - Version 3.0.10.3 log created on 07312009_173210
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages:C:\WINDOWS\system32\tuvSKcDw scheduled to be deleted on reboot.
