Infection supprimée ?
Résolu
sorcierinfernal
Messages postés
763
Date d'inscription
Statut
Membre
Dernière intervention
-
Utilisateur anonyme -
Utilisateur anonyme -
A voir également:
- Infection supprimée ?
- Recuperer une conversation whatsapp supprimée - Guide
- Annonce supprimée le bon coin - Forum Services en ligne
- Récupérer une conversation messenger supprimée - Guide
- Invitation facebook supprimée par erreur - Forum Webmastering
- Comment récupérer une imprimante supprimée par erreur - Forum Imprimante
48 réponses
sorcierinfernal
Messages postés
763
Date d'inscription
Statut
Membre
Dernière intervention
76
Tout de suite :D
ATTENTION !! ce script est réservé uniquement à cette machine , ne pas reproduire !!!!!
▶ Relance List&Kill'em,avec le raccourci sur ton bureau.
mais cette fois-ci :
▶ choisis l'option Tools puis Script
une fenêtre noire va s'ouvrir brievement , et List_Kill'em va se fermer
un nouveau document texte s'ouvre , copie/colle ce en gras si dessous :
REM:"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "TkBellExe"
ADD:"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "PowerdownAfterShutdown" /t REG_SZ /d 1
KLOOK:"HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}"
KLOOK:"HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2E485DEF-0DB3-2C4B-60F2-D02006D0B1F2}"
KLOOK:"HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8F875D1F-AF0E-196E-8D08-10CE08DFB5E9}"
KLOOK:"HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A41E52E5-51C7-F5A7-2B83-811105937945}"
REM:HKEY_CURRENT_USER\software\ImInstaller
REM:HKEY_LOCAL_MACHINE\software\ImInstaller
REM:HKEY_LOCAL_MACHINE\software\McAfeeInstaller
REM:HKEY_LOCAL_MACHINE\software\Norton
REM:HKEY_LOCAL_MACHINE\software\Symantec
REM:HKEY_CURRENT_USER\software\Norton
KLOOK:HKEY_LOCAL_MACHINE\software\Zabersoft
REM:"HKEY_LOCAL_MACHINE\software\Safer Networking Limited"
REM:"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules" /v "TCP Query User{39F09022-DCA2-45E2-8884-A490ECC429C3}C:\program files\dap\dap.exe"
REM:"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules" /v "UDP Query User{6D9443BB-C40F-4B2B-8F33-2217BE7E8189}C:\program files\dap\dap.exe"
REM:"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules" /v "{3BC3C460-E228-40FB-BC30-09E6A667FD44}"
REM:"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules" /v "{C738FB2C-D319-4BD2-9C40-2963A8DBF0B0}"
SIGN:C:\Windows\System32\actskn43.ocx
SIGN:C:\Windows\System32\MSLUR71.dll
FILE:C:\Windows\System32\temp.000
FILE:C:\Windows\System32\temp.001
FILE:C:\Windows\System32\temp.002
FILE:C:\Windows\System32\temp.003
FILE:C:\Windows\System32\temp.004
FILE:C:\Windows\System32\temp.005
FILE:C:\Windows\System32\temp.006
FILE:C:\Windows\System32\temp.007
FILE:C:\Windows\System32\temp.008
FILE:C:\Windows\System32\temp.009
FILE:C:\Windows\System32\temp.00A
FILE:C:\Windows\System32\temp.00B
FILE:C:\Windows\System32\temp.00C
FILE:C:\Windows\System32\temp.00D
FILE:C:\Windows\System32\temp.00E
▶ enregistre le document texte avec l'onglet fichier (enregistrer) de ce dernier , puis ferme-le
laisse travailler l'outil
▶ poste le resultat
▶ Ferme List_Kill'em
Note : le rapport est sur ton bureau : Script_(4 chiffres).txt
▶ Relance List&Kill'em,avec le raccourci sur ton bureau.
mais cette fois-ci :
▶ choisis l'option Tools puis Script
une fenêtre noire va s'ouvrir brievement , et List_Kill'em va se fermer
un nouveau document texte s'ouvre , copie/colle ce en gras si dessous :
REM:"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "TkBellExe"
ADD:"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "PowerdownAfterShutdown" /t REG_SZ /d 1
KLOOK:"HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}"
KLOOK:"HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2E485DEF-0DB3-2C4B-60F2-D02006D0B1F2}"
KLOOK:"HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8F875D1F-AF0E-196E-8D08-10CE08DFB5E9}"
KLOOK:"HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A41E52E5-51C7-F5A7-2B83-811105937945}"
REM:HKEY_CURRENT_USER\software\ImInstaller
REM:HKEY_LOCAL_MACHINE\software\ImInstaller
REM:HKEY_LOCAL_MACHINE\software\McAfeeInstaller
REM:HKEY_LOCAL_MACHINE\software\Norton
REM:HKEY_LOCAL_MACHINE\software\Symantec
REM:HKEY_CURRENT_USER\software\Norton
KLOOK:HKEY_LOCAL_MACHINE\software\Zabersoft
REM:"HKEY_LOCAL_MACHINE\software\Safer Networking Limited"
REM:"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules" /v "TCP Query User{39F09022-DCA2-45E2-8884-A490ECC429C3}C:\program files\dap\dap.exe"
REM:"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules" /v "UDP Query User{6D9443BB-C40F-4B2B-8F33-2217BE7E8189}C:\program files\dap\dap.exe"
REM:"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules" /v "{3BC3C460-E228-40FB-BC30-09E6A667FD44}"
REM:"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules" /v "{C738FB2C-D319-4BD2-9C40-2963A8DBF0B0}"
SIGN:C:\Windows\System32\actskn43.ocx
SIGN:C:\Windows\System32\MSLUR71.dll
FILE:C:\Windows\System32\temp.000
FILE:C:\Windows\System32\temp.001
FILE:C:\Windows\System32\temp.002
FILE:C:\Windows\System32\temp.003
FILE:C:\Windows\System32\temp.004
FILE:C:\Windows\System32\temp.005
FILE:C:\Windows\System32\temp.006
FILE:C:\Windows\System32\temp.007
FILE:C:\Windows\System32\temp.008
FILE:C:\Windows\System32\temp.009
FILE:C:\Windows\System32\temp.00A
FILE:C:\Windows\System32\temp.00B
FILE:C:\Windows\System32\temp.00C
FILE:C:\Windows\System32\temp.00D
FILE:C:\Windows\System32\temp.00E
▶ enregistre le document texte avec l'onglet fichier (enregistrer) de ce dernier , puis ferme-le
laisse travailler l'outil
▶ poste le resultat
▶ Ferme List_Kill'em
Note : le rapport est sur ton bureau : Script_(4 chiffres).txt
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Re bonjour !
List_Kill'em ne fonctionne plus... J'étais obligé de le supprimer à la rache (supprimer le dossier de fichiers) et quand j'essaie de le réinstaller : même erreur : "Windows ne parvien pas à accéder au périphérique, au chemin d'accès ou au fichier spécifié... bla bla.."
Voila, je suis bien embêté maintenant !
List_Kill'em ne fonctionne plus... J'étais obligé de le supprimer à la rache (supprimer le dossier de fichiers) et quand j'essaie de le réinstaller : même erreur : "Windows ne parvien pas à accéder au périphérique, au chemin d'accès ou au fichier spécifié... bla bla.."
Voila, je suis bien embêté maintenant !
Voici donc le rapport :
¤¤¤¤¤¤¤¤¤¤ Script of List_Kill'em by gen-hackman ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ Processes :
¤¤¤¤¤¤¤¤¤¤ Added Keys :
Added : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" : "PowerdownAfterShutdown" /t REG_SZ /d 1
¤¤¤¤¤¤¤¤¤¤ Removed Keys :
Deleted : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" : "TkBellExe"
Deleted : HKEY_LOCAL_MACHINE\software\Safer Networking Limited
Deleted : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules" : "TCP Query User{39F09022-DCA2-45E2-8884-A490ECC429C3}C:\program files\dap\dap.exe"
Deleted : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules" : "UDP Query User{6D9443BB-C40F-4B2B-8F33-2217BE7E8189}C:\program files\dap\dap.exe"
Deleted : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules" : "{3BC3C460-E228-40FB-BC30-09E6A667FD44}"
Deleted : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules" : "{C738FB2C-D319-4BD2-9C40-2963A8DBF0B0}"
¤¤¤¤¤¤¤¤¤¤ Ports closed :
¤¤¤¤¤¤¤¤¤¤ File|Folder deleted :
Deleted !! : C:\Windows\System32\temp.000
Deleted !! : C:\Windows\System32\temp.001
Deleted !! : C:\Windows\System32\temp.002
Deleted !! : C:\Windows\System32\temp.003
Deleted !! : C:\Windows\System32\temp.004
Deleted !! : C:\Windows\System32\temp.005
Deleted !! : C:\Windows\System32\temp.006
Deleted !! : C:\Windows\System32\temp.007
Deleted !! : C:\Windows\System32\temp.008
Deleted !! : C:\Windows\System32\temp.009
Deleted !! : C:\Windows\System32\temp.00A
Deleted !! : C:\Windows\System32\temp.00B
Deleted !! : C:\Windows\System32\temp.00C
Deleted !! : C:\Windows\System32\temp.00D
Deleted !! : C:\Windows\System32\temp.00E
¤¤¤¤¤¤¤¤¤¤ Drivers deleted :
¤¤¤¤¤¤¤¤¤¤ Object Restored :
¤¤¤¤¤¤¤¤¤¤ Folder List :
¤¤¤¤¤¤¤¤¤¤ Read File :
¤¤¤¤¤¤¤¤¤¤ Sign control :
c:\windows\system32\actskn43.ocx:
Verified: Unsigned
File date: 02:07 15/05/2003
Publisher:
Description: ActiveSkin Module
Product: ActiveSkin Module
Version: 4, 3, 0, 0
File version: 4, 3, 0, 0
Strong Name: Unsigned
Original Name: actskn43.ocx
Internal Name: ActiveSkin
Copyright: Copyright (C) 2001-2002 SoftShape Development
Comments:
MD5: 958dd02d69dc43406810d62a607dfd1d
SHA1: 8928b0bcd4ef25fed0e9809ea9c5fb14850fc34d
SHA256: 5e6fbb1afff99f4b61f6ec281adafd46c8bc86bcd0550d5b59c873b8ecf48106
c:\windows\system32\MSLUR71.dll:
Verified: Unsigned
File date: 17:00 29/01/2011
Publisher: Sample Corporation
Description: User-Generated Microsoft (R) C/C++ Runtime Library
Product: Sample Application DLL
Version: 7.10.0000
File version: 7.10.0000
Strong Name: Unsigned
Original Name: _SAMPLE_.DLL
Internal Name: _SAMPLE_.DLL
Copyright: Copyright (C) Microsoft Corporation.
Comments: n/a
MD5: 958dd02d69dc43406810d62a607dfd1d
SHA1: 8928b0bcd4ef25fed0e9809ea9c5fb14850fc34d
SHA256: 5e6fbb1afff99f4b61f6ec281adafd46c8bc86bcd0550d5b59c873b8ecf48106
c:\windows\system32\MSLUR71.dll:
Verified: Unsigned
File date: 17:00 29/01/2011
Publisher: Sample Corporation
Description: User-Generated Microsoft (R) C/C++ Runtime Library
Product: Sample Application DLL
Version: 7.10.0000
File version: 7.10.0000
MD5: 42fe78b9671fa5a7337883d15263c249
SHA1: bd02e73f8684247a535c3bed296731c56f4795df
SHA256: 5577dbe8498713637541c9de21b021710dd5de68f9a13c589ec99a92409913fc
¤¤¤¤¤¤¤¤¤¤ Key Look :
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2d46b6dc-2207-486b-b523-a557e6d54b47}
<NO NAME> REG_SZ Internet Explorer
ComponentID REG_SZ ClearIconCache
IsInstalled REG_DWORD 1 (0x1)
Locale REG_SZ *
StubPath REG_SZ C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
Version REG_SZ 9,0,7930,16406
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2e485def-0db3-2c4b-60f2-d02006d0b1f2}
<NO NAME> REG_SZ Java (Sun)
ComponentID REG_SZ JAVAVM
IsInstalled REG_DWORD 1 (0x1)
Local REG_SZ EN
Version REG_SZ 5,0,5000,0
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8f875d1f-af0e-196e-8d08-10ce08dfb5e9}
<NO NAME> REG_SZ Microsoft Windows Media Player 12.0
ComponentID REG_SZ
IsInstalled REG_DWORD 1 (0x1)
Local REG_SZ EN
Version REG_SZ 12,0,7600,16415
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{a41e52e5-51c7-f5a7-2b83-811105937945}
<NO NAME> REG_SZ Internet Explorer
ComponentID REG_SZ IEACCESS
IsInstalled REG_DWORD 1 (0x1)
Local REG_SZ EN
Version REG_SZ 8,0,7600,17136
Error: Key: software\zabersoft does not exist!
End at 21:38:37
¤¤¤¤¤¤¤¤¤¤ ( EOF ) ¤¤¤¤¤¤¤¤¤¤
Il m'a demandé d'accepter un truc, je l'ai fait...
¤¤¤¤¤¤¤¤¤¤ Script of List_Kill'em by gen-hackman ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ Processes :
¤¤¤¤¤¤¤¤¤¤ Added Keys :
Added : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" : "PowerdownAfterShutdown" /t REG_SZ /d 1
¤¤¤¤¤¤¤¤¤¤ Removed Keys :
Deleted : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" : "TkBellExe"
Deleted : HKEY_LOCAL_MACHINE\software\Safer Networking Limited
Deleted : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules" : "TCP Query User{39F09022-DCA2-45E2-8884-A490ECC429C3}C:\program files\dap\dap.exe"
Deleted : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules" : "UDP Query User{6D9443BB-C40F-4B2B-8F33-2217BE7E8189}C:\program files\dap\dap.exe"
Deleted : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules" : "{3BC3C460-E228-40FB-BC30-09E6A667FD44}"
Deleted : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules" : "{C738FB2C-D319-4BD2-9C40-2963A8DBF0B0}"
¤¤¤¤¤¤¤¤¤¤ Ports closed :
¤¤¤¤¤¤¤¤¤¤ File|Folder deleted :
Deleted !! : C:\Windows\System32\temp.000
Deleted !! : C:\Windows\System32\temp.001
Deleted !! : C:\Windows\System32\temp.002
Deleted !! : C:\Windows\System32\temp.003
Deleted !! : C:\Windows\System32\temp.004
Deleted !! : C:\Windows\System32\temp.005
Deleted !! : C:\Windows\System32\temp.006
Deleted !! : C:\Windows\System32\temp.007
Deleted !! : C:\Windows\System32\temp.008
Deleted !! : C:\Windows\System32\temp.009
Deleted !! : C:\Windows\System32\temp.00A
Deleted !! : C:\Windows\System32\temp.00B
Deleted !! : C:\Windows\System32\temp.00C
Deleted !! : C:\Windows\System32\temp.00D
Deleted !! : C:\Windows\System32\temp.00E
¤¤¤¤¤¤¤¤¤¤ Drivers deleted :
¤¤¤¤¤¤¤¤¤¤ Object Restored :
¤¤¤¤¤¤¤¤¤¤ Folder List :
¤¤¤¤¤¤¤¤¤¤ Read File :
¤¤¤¤¤¤¤¤¤¤ Sign control :
c:\windows\system32\actskn43.ocx:
Verified: Unsigned
File date: 02:07 15/05/2003
Publisher:
Description: ActiveSkin Module
Product: ActiveSkin Module
Version: 4, 3, 0, 0
File version: 4, 3, 0, 0
Strong Name: Unsigned
Original Name: actskn43.ocx
Internal Name: ActiveSkin
Copyright: Copyright (C) 2001-2002 SoftShape Development
Comments:
MD5: 958dd02d69dc43406810d62a607dfd1d
SHA1: 8928b0bcd4ef25fed0e9809ea9c5fb14850fc34d
SHA256: 5e6fbb1afff99f4b61f6ec281adafd46c8bc86bcd0550d5b59c873b8ecf48106
c:\windows\system32\MSLUR71.dll:
Verified: Unsigned
File date: 17:00 29/01/2011
Publisher: Sample Corporation
Description: User-Generated Microsoft (R) C/C++ Runtime Library
Product: Sample Application DLL
Version: 7.10.0000
File version: 7.10.0000
Strong Name: Unsigned
Original Name: _SAMPLE_.DLL
Internal Name: _SAMPLE_.DLL
Copyright: Copyright (C) Microsoft Corporation.
Comments: n/a
MD5: 958dd02d69dc43406810d62a607dfd1d
SHA1: 8928b0bcd4ef25fed0e9809ea9c5fb14850fc34d
SHA256: 5e6fbb1afff99f4b61f6ec281adafd46c8bc86bcd0550d5b59c873b8ecf48106
c:\windows\system32\MSLUR71.dll:
Verified: Unsigned
File date: 17:00 29/01/2011
Publisher: Sample Corporation
Description: User-Generated Microsoft (R) C/C++ Runtime Library
Product: Sample Application DLL
Version: 7.10.0000
File version: 7.10.0000
MD5: 42fe78b9671fa5a7337883d15263c249
SHA1: bd02e73f8684247a535c3bed296731c56f4795df
SHA256: 5577dbe8498713637541c9de21b021710dd5de68f9a13c589ec99a92409913fc
¤¤¤¤¤¤¤¤¤¤ Key Look :
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2d46b6dc-2207-486b-b523-a557e6d54b47}
<NO NAME> REG_SZ Internet Explorer
ComponentID REG_SZ ClearIconCache
IsInstalled REG_DWORD 1 (0x1)
Locale REG_SZ *
StubPath REG_SZ C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
Version REG_SZ 9,0,7930,16406
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2e485def-0db3-2c4b-60f2-d02006d0b1f2}
<NO NAME> REG_SZ Java (Sun)
ComponentID REG_SZ JAVAVM
IsInstalled REG_DWORD 1 (0x1)
Local REG_SZ EN
Version REG_SZ 5,0,5000,0
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8f875d1f-af0e-196e-8d08-10ce08dfb5e9}
<NO NAME> REG_SZ Microsoft Windows Media Player 12.0
ComponentID REG_SZ
IsInstalled REG_DWORD 1 (0x1)
Local REG_SZ EN
Version REG_SZ 12,0,7600,16415
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{a41e52e5-51c7-f5a7-2b83-811105937945}
<NO NAME> REG_SZ Internet Explorer
ComponentID REG_SZ IEACCESS
IsInstalled REG_DWORD 1 (0x1)
Local REG_SZ EN
Version REG_SZ 8,0,7600,17136
Error: Key: software\zabersoft does not exist!
End at 21:38:37
¤¤¤¤¤¤¤¤¤¤ ( EOF ) ¤¤¤¤¤¤¤¤¤¤
Il m'a demandé d'accepter un truc, je l'ai fait...
tu as bien fait :)
▶ Relance List_Kill'em,avec le raccourci sur ton bureau.
mais cette fois-ci :
▶ choisis l'Option Clean
▶▶▶ Ne clique qu'une seule fois sur le bouton !!
laisse travailler l'outil.
en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,
▶ colle le contenu dans ta reponse
▶ envoie le zip Upload_ta-session_List_Kill'em.zip via cijoint.fr
▶ Relance List_Kill'em,avec le raccourci sur ton bureau.
mais cette fois-ci :
▶ choisis l'Option Clean
▶▶▶ Ne clique qu'une seule fois sur le bouton !!
laisse travailler l'outil.
en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,
▶ colle le contenu dans ta reponse
▶ envoie le zip Upload_ta-session_List_Kill'em.zip via cijoint.fr
Voili voilou !
¤¤¤¤¤¤¤¤¤¤ Kill'em by g3n-h@ckm@n 2.1.3.5 ¤¤¤¤¤¤¤¤¤¤
Killed : PID 2732 'Msnmsgr.exe'
Killed : PID 2732 'Msnmsgr.exe'
Killed : PID 2044 'explorer.exe'
¤¤¤¤¤¤¤¤¤¤ Files/folders :
¤¤¤¤¤¤¤¤¤¤ Hosts ¤¤¤¤¤¤¤¤¤¤
127.0.0.1 localhost
¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ Internet Explorer ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
Local Page = C:\WINDOWS\system32\blank.htm
Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page = http://www.google.com/
Local Page = C:\WINDOWS\system32\blank.htm
Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
¤¤¤¤¤¤¤¤¤¤ Security Center ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
cval = 0 (0x0)
AntiVirusDisableNotify = 0 (0x0)
FirewallDisableNotify = 0 (0x0)
UpdatesDisableNotify = 0 (0x0)
FirstRunDisabled = 1 (0x1)
AntiVirusOverride = 0 (0x0)
FirewallOverride = 0 (0x0)
InternetSettingsDisableNotify = 0 (0x0)
AutoUpdateDisableNotify = 0 (0x0)
UacDisableNotify = 0 (0x0)
AntispywareOverride = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤
Ndisuio -> Start = 3
EapHost -> Start = 2
Wlansvc -> Start = 2
SharedAccess -> Start = 2
windefend -> Start = 3
wuauserv -> Start = 2
wscsvc -> Start = 2
¤¤¤¤¤¤¤¤¤¤ Winlogon
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
AutoRestartShell = 1 (0x1)
Shell = explorer.exe
Userinit = C:\Windows\System32\userinit.exe,
System =
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Disk Cleaned
Prefetch cleaned
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
FEATURE_BROWSER_EMULATION | svchost :
====================================
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: FUJITSU_ rev.0040 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
C:\Windows\system32\DRIVERS\iaStor.sys Intel Corporation Intel Rapid Storage Technology driver
1 ntkrnlpa!IofCallDriver[0x8388F448] -> \Device\Harddisk0\DR0[0x86521AC8]
3 CLASSPNP[0x845AD59E] -> ntkrnlpa!IofCallDriver[0x8388F448] -> \Device\Ide\IAAStorageDevice-1[0x86E3D028]
kernel: MBR read successfully
user & kernel MBR OK
End of Scan : 14:56:35
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ( EOF ) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
et le fichier .zip
¤¤¤¤¤¤¤¤¤¤ Kill'em by g3n-h@ckm@n 2.1.3.5 ¤¤¤¤¤¤¤¤¤¤
Killed : PID 2732 'Msnmsgr.exe'
Killed : PID 2732 'Msnmsgr.exe'
Killed : PID 2044 'explorer.exe'
¤¤¤¤¤¤¤¤¤¤ Files/folders :
¤¤¤¤¤¤¤¤¤¤ Hosts ¤¤¤¤¤¤¤¤¤¤
127.0.0.1 localhost
¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ Internet Explorer ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
Local Page = C:\WINDOWS\system32\blank.htm
Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page = http://www.google.com/
Local Page = C:\WINDOWS\system32\blank.htm
Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
¤¤¤¤¤¤¤¤¤¤ Security Center ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
cval = 0 (0x0)
AntiVirusDisableNotify = 0 (0x0)
FirewallDisableNotify = 0 (0x0)
UpdatesDisableNotify = 0 (0x0)
FirstRunDisabled = 1 (0x1)
AntiVirusOverride = 0 (0x0)
FirewallOverride = 0 (0x0)
InternetSettingsDisableNotify = 0 (0x0)
AutoUpdateDisableNotify = 0 (0x0)
UacDisableNotify = 0 (0x0)
AntispywareOverride = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤
Ndisuio -> Start = 3
EapHost -> Start = 2
Wlansvc -> Start = 2
SharedAccess -> Start = 2
windefend -> Start = 3
wuauserv -> Start = 2
wscsvc -> Start = 2
¤¤¤¤¤¤¤¤¤¤ Winlogon
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
AutoRestartShell = 1 (0x1)
Shell = explorer.exe
Userinit = C:\Windows\System32\userinit.exe,
System =
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Disk Cleaned
Prefetch cleaned
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
FEATURE_BROWSER_EMULATION | svchost :
====================================
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: FUJITSU_ rev.0040 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
C:\Windows\system32\DRIVERS\iaStor.sys Intel Corporation Intel Rapid Storage Technology driver
1 ntkrnlpa!IofCallDriver[0x8388F448] -> \Device\Harddisk0\DR0[0x86521AC8]
3 CLASSPNP[0x845AD59E] -> ntkrnlpa!IofCallDriver[0x8388F448] -> \Device\Ide\IAAStorageDevice-1[0x86E3D028]
kernel: MBR read successfully
user & kernel MBR OK
End of Scan : 14:56:35
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ( EOF ) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
et le fichier .zip
Fais analyser le(s) fichier(s) suivants sur Virustotal :
Virus Total
* * Colle directement le chemin des fichiers , un par un , dans l'espace "Parcourir" apres chaque analyse :
C:\Users\gabriel\AppData\Local\Google\Chrome\Application\chrome.exe
* Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
* Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
* Lorsque l'analyse est terminée colle le lien de(s)( la) page(s) dans ta prochaine réponse.
Edit::
c'est toi qui as installé ca ? :
c:\program files\Keyboard Logger
G3?-?@¢??@?......Concepteur de List_Kill'em...
Virus Total
* * Colle directement le chemin des fichiers , un par un , dans l'espace "Parcourir" apres chaque analyse :
C:\Users\gabriel\AppData\Local\Google\Chrome\Application\chrome.exe
* Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
* Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
* Lorsque l'analyse est terminée colle le lien de(s)( la) page(s) dans ta prochaine réponse.
Edit::
c'est toi qui as installé ca ? :
c:\program files\Keyboard Logger
G3?-?@¢??@?......Concepteur de List_Kill'em...
0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name: chrome.exe
Submission date: 2011-02-18 16:29:29 (UTC)
Current status: finished
Result: 0/ 43 (0.0%)
VT Community
not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2011.02.14.02 2011.02.14 -
AntiVir 7.11.3.140 2011.02.18 -
Antiy-AVL 2.0.3.7 2011.02.18 -
Avast 4.8.1351.0 2011.02.18 -
Avast5 5.0.677.0 2011.02.18 -
AVG 10.0.0.1190 2011.02.18 -
BitDefender 7.2 2011.02.18 -
CAT-QuickHeal 11.00 2011.02.18 -
ClamAV 0.96.4.0 2011.02.18 -
Commtouch 5.2.11.5 2011.02.18 -
Comodo 7732 2011.02.18 -
DrWeb 5.0.2.03300 2011.02.18 -
Emsisoft 5.1.0.2 2011.02.18 -
eSafe 7.0.17.0 2011.02.17 -
eTrust-Vet 36.1.8168 2011.02.18 -
F-Prot 4.6.2.117 2011.02.18 -
F-Secure 9.0.16160.0 2011.02.18 -
Fortinet 4.2.254.0 2011.02.18 -
GData 21 2011.02.18 -
Ikarus T3.1.1.97.0 2011.02.18 -
Jiangmin 13.0.900 2011.02.18 -
K7AntiVirus 9.87.3898 2011.02.18 -
Kaspersky 7.0.0.125 2011.02.18 -
McAfee 5.400.0.1158 2011.02.18 -
McAfee-GW-Edition 2010.1C 2011.02.18 -
Microsoft 1.6502 2011.02.18 -
NOD32 5886 2011.02.18 -
Norman 6.07.03 2011.02.18 -
nProtect 2011-02-10.01 2011.02.15 -
Panda 10.0.3.5 2011.02.18 -
PCTools 7.0.3.5 2011.02.18 -
Prevx 3.0 2011.02.18 -
Rising 23.45.04.06 2011.02.18 -
Sophos 4.61.0 2011.02.18 -
SUPERAntiSpyware 4.40.0.1006 2011.02.18 -
Symantec 20101.3.0.103 2011.02.18 -
TheHacker 6.7.0.1.132 2011.02.17 -
TrendMicro 9.200.0.1012 2011.02.18 -
TrendMicro-HouseCall 9.200.0.1012 2011.02.15 -
VBA32 3.12.14.3 2011.02.18 -
VIPRE 8462 2011.02.18 -
ViRobot 2011.2.18.4317 2011.02.18 -
VirusBuster 13.6.207.0 2011.02.18 -
Additional informationShow all
MD5 : de86d371b2517562e91905d104c186fc
SHA1 : abd41d4555916815c379e47cd2e3df6ab4afa22a
SHA256: 38b34bbccbfff55acb69231a88232f57cf6e73dd3b8f7cd550a63607fee61bc4
VT Community
File name: chrome.exe
Submission date: 2011-02-18 16:29:29 (UTC)
Current status: finished
Result: 0/ 43 (0.0%)
VT Community
not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2011.02.14.02 2011.02.14 -
AntiVir 7.11.3.140 2011.02.18 -
Antiy-AVL 2.0.3.7 2011.02.18 -
Avast 4.8.1351.0 2011.02.18 -
Avast5 5.0.677.0 2011.02.18 -
AVG 10.0.0.1190 2011.02.18 -
BitDefender 7.2 2011.02.18 -
CAT-QuickHeal 11.00 2011.02.18 -
ClamAV 0.96.4.0 2011.02.18 -
Commtouch 5.2.11.5 2011.02.18 -
Comodo 7732 2011.02.18 -
DrWeb 5.0.2.03300 2011.02.18 -
Emsisoft 5.1.0.2 2011.02.18 -
eSafe 7.0.17.0 2011.02.17 -
eTrust-Vet 36.1.8168 2011.02.18 -
F-Prot 4.6.2.117 2011.02.18 -
F-Secure 9.0.16160.0 2011.02.18 -
Fortinet 4.2.254.0 2011.02.18 -
GData 21 2011.02.18 -
Ikarus T3.1.1.97.0 2011.02.18 -
Jiangmin 13.0.900 2011.02.18 -
K7AntiVirus 9.87.3898 2011.02.18 -
Kaspersky 7.0.0.125 2011.02.18 -
McAfee 5.400.0.1158 2011.02.18 -
McAfee-GW-Edition 2010.1C 2011.02.18 -
Microsoft 1.6502 2011.02.18 -
NOD32 5886 2011.02.18 -
Norman 6.07.03 2011.02.18 -
nProtect 2011-02-10.01 2011.02.15 -
Panda 10.0.3.5 2011.02.18 -
PCTools 7.0.3.5 2011.02.18 -
Prevx 3.0 2011.02.18 -
Rising 23.45.04.06 2011.02.18 -
Sophos 4.61.0 2011.02.18 -
SUPERAntiSpyware 4.40.0.1006 2011.02.18 -
Symantec 20101.3.0.103 2011.02.18 -
TheHacker 6.7.0.1.132 2011.02.17 -
TrendMicro 9.200.0.1012 2011.02.18 -
TrendMicro-HouseCall 9.200.0.1012 2011.02.15 -
VBA32 3.12.14.3 2011.02.18 -
VIPRE 8462 2011.02.18 -
ViRobot 2011.2.18.4317 2011.02.18 -
VirusBuster 13.6.207.0 2011.02.18 -
Additional informationShow all
MD5 : de86d371b2517562e91905d104c186fc
SHA1 : abd41d4555916815c379e47cd2e3df6ab4afa22a
SHA256: 38b34bbccbfff55acb69231a88232f57cf6e73dd3b8f7cd550a63607fee61bc4
VT Community
refais OTL stp
désolé pour le temps mais je suis sur 3 os differents dans le meme pc donc pas dispo 24/24
désolé pour le temps mais je suis sur 3 os differents dans le meme pc donc pas dispo 24/24
telecharge ca :
http://www.teamxscript.org/too/Xplode/RstAssociations.exe
coche tout puis "OK"
=======================================
ATTENTION !!! : Script personnalisé pour cette machine uniquement , ne pas reproduire !!
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
sur OTL.exe pour le lancer.
▶Copie la liste qui se trouve en gras ci-dessous,
▶ colle-la dans la zone sous "Personnalisation" :
:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe
:Services
Bonjour Service
:OTL
IE - HKU\S-1-5-21-3369345975-770697619-2869376061-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://localhost:9000/proxy.pac
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
:Reg
:Files
@Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:5C321E34
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:05EE1EEF
:commands
[emptytemp]
[start explorer]
[reboot]
▶ Clique sur "Correction" pour lancer la suppression.
▶ Poste le rapport qui logiquement s'ouvrira tout seul en fin de travail appres le redemarrage.
http://www.teamxscript.org/too/Xplode/RstAssociations.exe
coche tout puis "OK"
=======================================
ATTENTION !!! : Script personnalisé pour cette machine uniquement , ne pas reproduire !!
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
sur OTL.exe pour le lancer.
▶Copie la liste qui se trouve en gras ci-dessous,
▶ colle-la dans la zone sous "Personnalisation" :
:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe
:Services
Bonjour Service
:OTL
IE - HKU\S-1-5-21-3369345975-770697619-2869376061-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://localhost:9000/proxy.pac
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
:Reg
:Files
@Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:5C321E34
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:05EE1EEF
:commands
[emptytemp]
[start explorer]
[reboot]
▶ Clique sur "Correction" pour lancer la suppression.
▶ Poste le rapport qui logiquement s'ouvrira tout seul en fin de travail appres le redemarrage.
Scan d'OTL
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
No active process named iexplore.exe was found!
No active process named firefox.exe was found!
No active process named msnmsgr.exe was found!
No active process named Teatimer.exe was found!
========== SERVICES/DRIVERS ==========
Service Bonjour Service stopped successfully!
Service Bonjour Service deleted successfully!
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-3369345975-770697619-2869376061-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ not found.
========== REGISTRY ==========
========== FILES ==========
ADS C:\ProgramData\Temp:5C321E34 deleted successfully.
ADS C:\ProgramData\Temp:05EE1EEF deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56502 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: gabriel
->Temp folder emptied: 3382792 bytes
->Temporary Internet Files folder emptied: 5276295 bytes
->Java cache emptied: 102600 bytes
->FireFox cache emptied: 37345861 bytes
->Google Chrome cache emptied: 63688559 bytes
->Opera cache emptied: 272 bytes
->Flash cache emptied: 56973 bytes
User: Public
->Temp folder emptied: 0 bytes
User: Sandra
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 328057 bytes
->FireFox cache emptied: 97057306 bytes
->Flash cache emptied: 1506 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3234 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 198,00 mb
OTL by OldTimer - Version 3.2.20.6 log created on 02182011_212706
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Merci ! Tu as fait remarché mon Opera...
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
No active process named iexplore.exe was found!
No active process named firefox.exe was found!
No active process named msnmsgr.exe was found!
No active process named Teatimer.exe was found!
========== SERVICES/DRIVERS ==========
Service Bonjour Service stopped successfully!
Service Bonjour Service deleted successfully!
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-3369345975-770697619-2869376061-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ not found.
========== REGISTRY ==========
========== FILES ==========
ADS C:\ProgramData\Temp:5C321E34 deleted successfully.
ADS C:\ProgramData\Temp:05EE1EEF deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56502 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: gabriel
->Temp folder emptied: 3382792 bytes
->Temporary Internet Files folder emptied: 5276295 bytes
->Java cache emptied: 102600 bytes
->FireFox cache emptied: 37345861 bytes
->Google Chrome cache emptied: 63688559 bytes
->Opera cache emptied: 272 bytes
->Flash cache emptied: 56973 bytes
User: Public
->Temp folder emptied: 0 bytes
User: Sandra
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 328057 bytes
->FireFox cache emptied: 97057306 bytes
->Flash cache emptied: 1506 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3234 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 198,00 mb
OTL by OldTimer - Version 3.2.20.6 log created on 02182011_212706
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Merci ! Tu as fait remarché mon Opera...