Enorme ralentissement PC
Résolu/Fermé
A voir également:
- Enorme ralentissement PC
- Ralentissement pc - Guide
- Test performance pc - Guide
- Reinitialiser pc - Guide
- Whatsapp pc - Télécharger - Messagerie
- Double ecran pc - Guide
94 réponses
Impossible de mettre un commentaire, bon je vais tester via cjoint :
http://www.cijoint.fr/cjlink.php?file=cj201103/cijxz5cBj4.txt
http://www.cijoint.fr/cjlink.php?file=cj201103/cijxz5cBj4.txt
Bon ça a fonctionné, je pense que le texte etait trop long, j'ai faillit desespéré, j'ai du m'y reprendre à 5 fois !
Merci à toi
Merci à toi
Utilisateur anonyme
27 mars 2011 à 22:50
27 mars 2011 à 22:50
DESACTIVE TON ANTIVIRUS ET TON PAREFEU SI PRESENTS !!!!! (car l'outil est detecté a tort comme infection contenant un module qui sert à arrêter des processus , et un autre servant à prendre des droits dans le registre pour effectuer des suppressions)
▶ Télécharge ici :List_Kill'em
et enregistre le sur ton bureau
lance l'outil , il va stopper les processus infectieux , puis une fois la voie degagée , il va telecharger son supplement que tu devras installer
enregistre le sur ton bureau et lance l'installation
(entre temps poste "rapport.txt" avant la fin du scan apparu sur ton bureau
Laisse coché :
♦ Executer List_Kill'em
une fois terminée , clic sur "terminer"
choisis l'option Search
▶ laisse travailler l'outil
Attention : il se peut que l'outil bloque anormalement longtemps arrivé à 95%, relance-le avec le raccourci sur le bureau sans l'arreter , puis clique sur le tout petit "X" en bas de la fenetre d'accueil du programme, ca le debloquera pour finir son scan
▶ Poste les rapports qui apparaitront sur ton bureau : List'em.txt et More.txt
▶▶▶ NE LES POSTE PAS SUR LE FORUM
Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/
▶ Clique sur Parcourir et selectionne , un par un , les fichiers concernés apparus sur ton bureau
▶ Clique sur Ouvrir.
▶ Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=265368/cijSKAP5fU.txt
est ajouté dans la page.
▶ Copie ces liens dans ta réponse.
▶ Télécharge ici :List_Kill'em
et enregistre le sur ton bureau
lance l'outil , il va stopper les processus infectieux , puis une fois la voie degagée , il va telecharger son supplement que tu devras installer
enregistre le sur ton bureau et lance l'installation
(entre temps poste "rapport.txt" avant la fin du scan apparu sur ton bureau
Laisse coché :
♦ Executer List_Kill'em
une fois terminée , clic sur "terminer"
choisis l'option Search
▶ laisse travailler l'outil
Attention : il se peut que l'outil bloque anormalement longtemps arrivé à 95%, relance-le avec le raccourci sur le bureau sans l'arreter , puis clique sur le tout petit "X" en bas de la fenetre d'accueil du programme, ca le debloquera pour finir son scan
▶ Poste les rapports qui apparaitront sur ton bureau : List'em.txt et More.txt
▶▶▶ NE LES POSTE PAS SUR LE FORUM
Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/
▶ Clique sur Parcourir et selectionne , un par un , les fichiers concernés apparus sur ton bureau
▶ Clique sur Ouvrir.
▶ Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=265368/cijSKAP5fU.txt
est ajouté dans la page.
▶ Copie ces liens dans ta réponse.
Voila rapport.txt dans un premier temps :
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process_Killer by g3n-h@ckm@n 1.0.0.0 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Mis à jour le 24/03/2011 | 13.05 par g3n-h@ckm@n
Utilisateur : Rida (Administrateurs)
Ordinateur : RIDAN
Système d'exploitation : Microsoft Windows XP (32 bits)
Internet Explorer : 8.0.6001.18702
Mozilla Firefox : 3.6.13 (fr)
Scan : 21:55:08 | 11/04/2011
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKLM\..\..\Winlogon] | Shell -> Aucune modification : Explorer.exe -> Explorer.exe
[HKLM\..\..\Winlogon] | AutoRestartShell -> Modification apportée : 0 -> 1
[HKLM\..\..\Winlogon] | userinit -> Aucune modification : C:\WINDOWS\system32\userinit.exe, -> C:\WINDOWS\system32\userinit.exe,
[HKLM\..\..\Winlogon] | PowerDownAfterShutdown -> Modification apportée : 0 -> 1
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Associations ¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKCR\exefile\..\..\command] : "%1" %*
[HKCR\comfile\..\..\command] : "%1" %*
[HKCR\scrfile\..\..\command] : "%1" /S
[HKCR\batfile\..\..\command] : "%1" %*
[HKCR\piffile\..\..\command] : "%1" %*
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processus ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
explorer.exe -> Processus stoppé
explorer.exe -> Processus redémarré
¤¤¤¤¤¤¤¤¤¤ Clés supprimées et Fichier mis en quarantaine ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤
[HKLM\..\..\Services\Ndisuio] | Start -> Aucune modification : 3 -> 3
[HKLM\..\..\Services\EapHost] | Start -> Modification apportée : 3 -> 2
[HKLM\..\..\Services\Wlansvc] | Start -> Modification apportée : -> 2
[HKLM\..\..\Services\SharedAccess] | Start -> Aucune modification : 2 -> 2
[HKLM\..\..\Services\windefend] | Start -> Modification apportée : -> 2
[HKLM\..\..\Services\wuauserv] | Start -> Aucune modification : 2 -> 2
[HKLM\..\..\Services\wscsvc] | Start -> Aucune modification : 2 -> 2
¤¤¤¤¤¤¤¤¤¤ IFEO ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process_Killer by g3n-h@ckm@n 1.0.0.0 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Mis à jour le 24/03/2011 | 13.05 par g3n-h@ckm@n
Utilisateur : Rida (Administrateurs)
Ordinateur : RIDAN
Système d'exploitation : Microsoft Windows XP (32 bits)
Internet Explorer : 8.0.6001.18702
Mozilla Firefox : 3.6.13 (fr)
Scan : 21:55:08 | 11/04/2011
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKLM\..\..\Winlogon] | Shell -> Aucune modification : Explorer.exe -> Explorer.exe
[HKLM\..\..\Winlogon] | AutoRestartShell -> Modification apportée : 0 -> 1
[HKLM\..\..\Winlogon] | userinit -> Aucune modification : C:\WINDOWS\system32\userinit.exe, -> C:\WINDOWS\system32\userinit.exe,
[HKLM\..\..\Winlogon] | PowerDownAfterShutdown -> Modification apportée : 0 -> 1
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Associations ¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKCR\exefile\..\..\command] : "%1" %*
[HKCR\comfile\..\..\command] : "%1" %*
[HKCR\scrfile\..\..\command] : "%1" /S
[HKCR\batfile\..\..\command] : "%1" %*
[HKCR\piffile\..\..\command] : "%1" %*
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processus ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
explorer.exe -> Processus stoppé
explorer.exe -> Processus redémarré
¤¤¤¤¤¤¤¤¤¤ Clés supprimées et Fichier mis en quarantaine ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤
[HKLM\..\..\Services\Ndisuio] | Start -> Aucune modification : 3 -> 3
[HKLM\..\..\Services\EapHost] | Start -> Modification apportée : 3 -> 2
[HKLM\..\..\Services\Wlansvc] | Start -> Modification apportée : -> 2
[HKLM\..\..\Services\SharedAccess] | Start -> Aucune modification : 2 -> 2
[HKLM\..\..\Services\windefend] | Start -> Modification apportée : -> 2
[HKLM\..\..\Services\wuauserv] | Start -> Aucune modification : 2 -> 2
[HKLM\..\..\Services\wscsvc] | Start -> Aucune modification : 2 -> 2
¤¤¤¤¤¤¤¤¤¤ IFEO ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Utilisateur anonyme
27 mars 2011 à 23:48
27 mars 2011 à 23:48
ATTENTION !! ce script est réservé uniquement à cette machine , ne pas reproduire !!!!!
▶ Relance List&Kill'em,avec le raccourci sur ton bureau.
mais cette fois-ci :
▶ choisis l'option Tools puis Script
une fenêtre noire va s'ouvrir brievement , et List_Kill'em va se fermer
un nouveau document texte s'ouvre , copie/colle ce en gras si dessous :
FILE:C:\WINDOWS\system32\unins000.exe
FILE:C:\Temps
REM:"HKEY_CURRENT_USER\software\Grand Virtual"
REM:HKEY_CURRENT_USER\software\Hotspot_Shield
REM:HKEY_CURRENT_USER\software\MediaFeed.me
REM:HKEY_CURRENT_USER\software\MHToolbar
REM:HKEY_CURRENT_USER\software\Radio_Bar_2
REM:"HKEY_CURRENT_USER\software\?? ?? ???? ????? ??? ?? ????"
REM:HKEY_LOCAL_MACHINE\software\Radio_Bar_2
REM:HKEY_LOCAL_MACHINE\software\WinPcap
▶ enregistre le document texte avec l'onglet fichier (enregistrer) de ce dernier , puis ferme-le
laisse travailler l'outil
▶ poste le resultat
▶ Ferme List_Kill'em
Note : le rapport est sur ton bureau : Script_(4 chiffres).txt
▶ Relance List&Kill'em,avec le raccourci sur ton bureau.
mais cette fois-ci :
▶ choisis l'option Tools puis Script
une fenêtre noire va s'ouvrir brievement , et List_Kill'em va se fermer
un nouveau document texte s'ouvre , copie/colle ce en gras si dessous :
FILE:C:\WINDOWS\system32\unins000.exe
FILE:C:\Temps
REM:"HKEY_CURRENT_USER\software\Grand Virtual"
REM:HKEY_CURRENT_USER\software\Hotspot_Shield
REM:HKEY_CURRENT_USER\software\MediaFeed.me
REM:HKEY_CURRENT_USER\software\MHToolbar
REM:HKEY_CURRENT_USER\software\Radio_Bar_2
REM:"HKEY_CURRENT_USER\software\?? ?? ???? ????? ??? ?? ????"
REM:HKEY_LOCAL_MACHINE\software\Radio_Bar_2
REM:HKEY_LOCAL_MACHINE\software\WinPcap
▶ enregistre le document texte avec l'onglet fichier (enregistrer) de ce dernier , puis ferme-le
laisse travailler l'outil
▶ poste le resultat
▶ Ferme List_Kill'em
Note : le rapport est sur ton bureau : Script_(4 chiffres).txt
Done :) ci dessous le fichier script :
¤¤¤¤¤¤¤¤¤¤ Script of List_Kill'em by gen-hackman ¤¤¤¤¤¤¤¤¤¤
User : Rida (Administrateurs)
Update on 20/03/2011 by g3n-h@ckm@n ::::: 19.40
Start at: 22:55:00 | 11/04/2011
Intel(R) Pentium(R) M processor 1.73GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
WebSite : Soon
Thx to MPuissanceIV for the icon
Windows Firewall Status : Enabled
AV : avast! Antivirus 5.0.100664296 [ Enabled | (!) Outdated ]
C:\ -> Disque fixe local | 48,83 Go (17,45 Go free) | NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque fixe local | 44,32 Go (29,94 Go free) | NTFS
F:\ -> Disque CD-ROM
G:\ -> Disque amovible | 967,72 Mo (965,27 Mo free) | FAT
H:\ -> Disque CD-ROM
Running Process Killed : PID 292 'explorer.exe'
Running Process Killed : PID 292 'explorer.exe'
¤¤¤¤¤¤¤¤¤¤ Processus :
¤¤¤¤¤¤¤¤¤¤ Added Keys :
¤¤¤¤¤¤¤¤¤¤ Removed Keys :
Suppression : HKEY_CURRENT_USER\software\Grand Virtual
¤¤¤¤¤¤¤¤¤¤ Ports closed :
¤¤¤¤¤¤¤¤¤¤ File|Folder deleted :
¤¤¤¤¤¤¤¤¤¤ Drivers deleted :
¤¤¤¤¤¤¤¤¤¤ Object Restored :
¤¤¤¤¤¤¤¤¤¤ Folder List :
¤¤¤¤¤¤¤¤¤¤ Read File :
¤¤¤¤¤¤¤¤¤¤ Sign control :
¤¤¤¤¤¤¤¤¤¤ Key Look :
End at 22:57:56
¤¤¤¤¤¤¤¤¤¤ ( EOF ) ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ Script of List_Kill'em by gen-hackman ¤¤¤¤¤¤¤¤¤¤
User : Rida (Administrateurs)
Update on 20/03/2011 by g3n-h@ckm@n ::::: 19.40
Start at: 22:55:00 | 11/04/2011
Intel(R) Pentium(R) M processor 1.73GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
WebSite : Soon
Thx to MPuissanceIV for the icon
Windows Firewall Status : Enabled
AV : avast! Antivirus 5.0.100664296 [ Enabled | (!) Outdated ]
C:\ -> Disque fixe local | 48,83 Go (17,45 Go free) | NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque fixe local | 44,32 Go (29,94 Go free) | NTFS
F:\ -> Disque CD-ROM
G:\ -> Disque amovible | 967,72 Mo (965,27 Mo free) | FAT
H:\ -> Disque CD-ROM
Running Process Killed : PID 292 'explorer.exe'
Running Process Killed : PID 292 'explorer.exe'
¤¤¤¤¤¤¤¤¤¤ Processus :
¤¤¤¤¤¤¤¤¤¤ Added Keys :
¤¤¤¤¤¤¤¤¤¤ Removed Keys :
Suppression : HKEY_CURRENT_USER\software\Grand Virtual
¤¤¤¤¤¤¤¤¤¤ Ports closed :
¤¤¤¤¤¤¤¤¤¤ File|Folder deleted :
¤¤¤¤¤¤¤¤¤¤ Drivers deleted :
¤¤¤¤¤¤¤¤¤¤ Object Restored :
¤¤¤¤¤¤¤¤¤¤ Folder List :
¤¤¤¤¤¤¤¤¤¤ Read File :
¤¤¤¤¤¤¤¤¤¤ Sign control :
¤¤¤¤¤¤¤¤¤¤ Key Look :
End at 22:57:56
¤¤¤¤¤¤¤¤¤¤ ( EOF ) ¤¤¤¤¤¤¤¤¤¤
J'ai rien désactivé, hmmm, alors pour le scan au début, j'ai désactivé avast.
Ensuite pour la correction, exact, j'ai pas désactivé de nouveau (Pour ma défense, c'était pas marqué et je comprends rien à ce que je fais !!!)
Je fais quoi du coup, je dois recommencé depuis le début ?
Si je recommence la dernière étape en désactivant tout, enfin il me semble, ça donne ça :
¤¤¤¤¤¤¤¤¤¤ Script of List_Kill'em by gen-hackman ¤¤¤¤¤¤¤¤¤¤
User : Rida (Administrateurs)
Update on 20/03/2011 by g3n-h@ckm@n ::::: 19.40
Start at: 23:33:24 | 11/04/2011
Intel(R) Pentium(R) M processor 1.73GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
WebSite : Soon
Thx to MPuissanceIV for the icon
Windows Firewall Status : Disabled
AV : avast! Antivirus 5.0.100664296 [ (!) Disabled | (!) Outdated ]
C:\ -> Disque fixe local | 48,83 Go (17,45 Go free) | NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque fixe local | 44,32 Go (29,94 Go free) | NTFS
F:\ -> Disque CD-ROM
G:\ -> Disque amovible | 967,72 Mo (965,27 Mo free) | FAT
H:\ -> Disque CD-ROM
Running Process Killed : PID 1716 'explorer.exe'
¤¤¤¤¤¤¤¤¤¤ Processus :
¤¤¤¤¤¤¤¤¤¤ Added Keys :
¤¤¤¤¤¤¤¤¤¤ Removed Keys :
Suppression : HKEY_LOCAL_MACHINE\software\WinPcap
¤¤¤¤¤¤¤¤¤¤ Ports closed :
¤¤¤¤¤¤¤¤¤¤ File|Folder deleted :
¤¤¤¤¤¤¤¤¤¤ Drivers deleted :
¤¤¤¤¤¤¤¤¤¤ Object Restored :
¤¤¤¤¤¤¤¤¤¤ Folder List :
¤¤¤¤¤¤¤¤¤¤ Read File :
¤¤¤¤¤¤¤¤¤¤ Sign control :
¤¤¤¤¤¤¤¤¤¤ Key Look :
End at 23:33:48
¤¤¤¤¤¤¤¤¤¤ ( EOF ) ¤¤¤¤¤¤¤¤¤¤
Ensuite pour la correction, exact, j'ai pas désactivé de nouveau (Pour ma défense, c'était pas marqué et je comprends rien à ce que je fais !!!)
Je fais quoi du coup, je dois recommencé depuis le début ?
Si je recommence la dernière étape en désactivant tout, enfin il me semble, ça donne ça :
¤¤¤¤¤¤¤¤¤¤ Script of List_Kill'em by gen-hackman ¤¤¤¤¤¤¤¤¤¤
User : Rida (Administrateurs)
Update on 20/03/2011 by g3n-h@ckm@n ::::: 19.40
Start at: 23:33:24 | 11/04/2011
Intel(R) Pentium(R) M processor 1.73GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
WebSite : Soon
Thx to MPuissanceIV for the icon
Windows Firewall Status : Disabled
AV : avast! Antivirus 5.0.100664296 [ (!) Disabled | (!) Outdated ]
C:\ -> Disque fixe local | 48,83 Go (17,45 Go free) | NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque fixe local | 44,32 Go (29,94 Go free) | NTFS
F:\ -> Disque CD-ROM
G:\ -> Disque amovible | 967,72 Mo (965,27 Mo free) | FAT
H:\ -> Disque CD-ROM
Running Process Killed : PID 1716 'explorer.exe'
¤¤¤¤¤¤¤¤¤¤ Processus :
¤¤¤¤¤¤¤¤¤¤ Added Keys :
¤¤¤¤¤¤¤¤¤¤ Removed Keys :
Suppression : HKEY_LOCAL_MACHINE\software\WinPcap
¤¤¤¤¤¤¤¤¤¤ Ports closed :
¤¤¤¤¤¤¤¤¤¤ File|Folder deleted :
¤¤¤¤¤¤¤¤¤¤ Drivers deleted :
¤¤¤¤¤¤¤¤¤¤ Object Restored :
¤¤¤¤¤¤¤¤¤¤ Folder List :
¤¤¤¤¤¤¤¤¤¤ Read File :
¤¤¤¤¤¤¤¤¤¤ Sign control :
¤¤¤¤¤¤¤¤¤¤ Key Look :
End at 23:33:48
¤¤¤¤¤¤¤¤¤¤ ( EOF ) ¤¤¤¤¤¤¤¤¤¤
Utilisateur anonyme
28 mars 2011 à 00:42
28 mars 2011 à 00:42
ok ca fait deux lol ^^
▶ Relance List_Kill'em,avec le raccourci sur ton bureau.
mais cette fois-ci :
▶ choisis l'Option Suppression
▶▶▶ Ne clique qu'une seule fois sur le bouton !!
laisse travailler l'outil.
en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,
▶ colle le contenu dans ta reponse
▶ envoie le zip Upload_ta-session_List_Kill'em.zip via cijoint.fr
▶ Relance List_Kill'em,avec le raccourci sur ton bureau.
mais cette fois-ci :
▶ choisis l'Option Suppression
▶▶▶ Ne clique qu'une seule fois sur le bouton !!
laisse travailler l'outil.
en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,
▶ colle le contenu dans ta reponse
▶ envoie le zip Upload_ta-session_List_Kill'em.zip via cijoint.fr
Alors alors, voila la suite ! Merci à toi de nouveau :)
Voila le lien Cjoint pour l'upload... :
http://cjoint.com/?1dCaTzDvb5
Voici Kill'em.txt :
¤¤¤¤¤¤¤¤¤¤ Kill'em by g3n-h@ckm@n 2.1.3.6 ¤¤¤¤¤¤¤¤¤¤
User : Rida (Administrateurs)
Update on 20/03/2011 by g3n-h@ckm@n ::::: 19.40
Start at: 23:51:21 | 11/04/2011
Intel(R) Pentium(R) M processor 1.73GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
WebSite : Soon
Thx to MPuissanceIV for the icon
Windows Firewall Status : Disabled
AV : avast! Antivirus 5.0.100664296 [ (!) Disabled | (!) Outdated ]
C:\ -> Disque fixe local | 48,83 Go (17,45 Go free) | NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque fixe local | 44,32 Go (29,94 Go free) | NTFS
F:\ -> Disque CD-ROM
G:\ -> Disque amovible | 967,72 Mo (965,27 Mo free) | FAT
H:\ -> Disque CD-ROM
Killed : PID 1960 'explorer.exe'
Killed : PID 1960 'explorer.exe'
¤¤¤¤¤¤¤¤¤¤ Fichiers | Dossiers
Mis en quarantaine : C:\Documents and Settings\Rida\.tmp
Mis en quarantaine : \msg.dat
Mis en quarantaine : \hb32.exe
Mis en quarantaine : C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
Mis en quarantaine : C:\WINDOWS\System32\ealregsnapshot1.reg
¤¤¤¤¤¤¤¤¤¤ Hosts ¤¤¤¤¤¤¤¤¤¤
C:\WINDOWS\System32\Drivers\etc\hosts
127.0.0.1 localhost
¤¤¤¤¤¤¤¤¤¤ Registre ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ Internet Explorer ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
Local Page = C:\WINDOWS\system32\blank.htm
Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page = http://www.google.com/
Local Page = C:\WINDOWS\system32\blank.htm
Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
¤¤¤¤¤¤¤¤¤¤ Centre de securite ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
FirstRunDisabled = 1 (0x1)
AntiVirusDisableNotify = 0 (0x0)
FirewallDisableNotify = 0 (0x0)
UpdatesDisableNotify = 0 (0x0)
AntiVirusOverride = 0 (0x0)
FirewallOverride = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤
Ndisuio -> Start = 3
EapHost -> Start = 2
Wlansvc -> Start = 2
Ip6Fw -> Start = 2
SharedAccess -> Start = 2
windefend -> Start = 2
wuauserv -> Start = 2
wscsvc -> Start = 2
¤¤¤¤¤¤¤¤¤¤ Winlogon
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
AutoRestartShell = 1 (0x1)
Shell = explorer.exe
Userinit = C:\WINDOWS\System32\userinit.exe,
VMapplet = rundll32 shell32,Control_RunDLL sysdm.cpl
System =
PowerdownAfterShutdown = 1
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Disk Cleaned
Prefetch cleaned
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
TDSS | svchost | Internet Explorer:
====================================
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: TOSHIBA_MK1031GAS rev.AA204A -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spfl.sys >>UNKNOWN [0x8678C938]<<
spfl.sys
1 ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Harddisk0\DR0[0x86743AB8]
3 CLASSPNP[0xF7670FD7] -> ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\00000080[0x867CD9E8]
5 ACPI[0xF73CE620] -> ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Ide\IdeDeviceP0T0L0-4[0x8671E940]
kernel: MBR read successfully
user & kernel MBR OK
Fin du Nettoyage : 23:54:18
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ( EOF ) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Voila le lien Cjoint pour l'upload... :
http://cjoint.com/?1dCaTzDvb5
Voici Kill'em.txt :
¤¤¤¤¤¤¤¤¤¤ Kill'em by g3n-h@ckm@n 2.1.3.6 ¤¤¤¤¤¤¤¤¤¤
User : Rida (Administrateurs)
Update on 20/03/2011 by g3n-h@ckm@n ::::: 19.40
Start at: 23:51:21 | 11/04/2011
Intel(R) Pentium(R) M processor 1.73GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
WebSite : Soon
Thx to MPuissanceIV for the icon
Windows Firewall Status : Disabled
AV : avast! Antivirus 5.0.100664296 [ (!) Disabled | (!) Outdated ]
C:\ -> Disque fixe local | 48,83 Go (17,45 Go free) | NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque fixe local | 44,32 Go (29,94 Go free) | NTFS
F:\ -> Disque CD-ROM
G:\ -> Disque amovible | 967,72 Mo (965,27 Mo free) | FAT
H:\ -> Disque CD-ROM
Killed : PID 1960 'explorer.exe'
Killed : PID 1960 'explorer.exe'
¤¤¤¤¤¤¤¤¤¤ Fichiers | Dossiers
Mis en quarantaine : C:\Documents and Settings\Rida\.tmp
Mis en quarantaine : \msg.dat
Mis en quarantaine : \hb32.exe
Mis en quarantaine : C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
Mis en quarantaine : C:\WINDOWS\System32\ealregsnapshot1.reg
¤¤¤¤¤¤¤¤¤¤ Hosts ¤¤¤¤¤¤¤¤¤¤
C:\WINDOWS\System32\Drivers\etc\hosts
127.0.0.1 localhost
¤¤¤¤¤¤¤¤¤¤ Registre ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ Internet Explorer ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
Local Page = C:\WINDOWS\system32\blank.htm
Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page = http://www.google.com/
Local Page = C:\WINDOWS\system32\blank.htm
Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
¤¤¤¤¤¤¤¤¤¤ Centre de securite ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
FirstRunDisabled = 1 (0x1)
AntiVirusDisableNotify = 0 (0x0)
FirewallDisableNotify = 0 (0x0)
UpdatesDisableNotify = 0 (0x0)
AntiVirusOverride = 0 (0x0)
FirewallOverride = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤
Ndisuio -> Start = 3
EapHost -> Start = 2
Wlansvc -> Start = 2
Ip6Fw -> Start = 2
SharedAccess -> Start = 2
windefend -> Start = 2
wuauserv -> Start = 2
wscsvc -> Start = 2
¤¤¤¤¤¤¤¤¤¤ Winlogon
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
AutoRestartShell = 1 (0x1)
Shell = explorer.exe
Userinit = C:\WINDOWS\System32\userinit.exe,
VMapplet = rundll32 shell32,Control_RunDLL sysdm.cpl
System =
PowerdownAfterShutdown = 1
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Disk Cleaned
Prefetch cleaned
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
TDSS | svchost | Internet Explorer:
====================================
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: TOSHIBA_MK1031GAS rev.AA204A -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spfl.sys >>UNKNOWN [0x8678C938]<<
spfl.sys
1 ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Harddisk0\DR0[0x86743AB8]
3 CLASSPNP[0xF7670FD7] -> ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\00000080[0x867CD9E8]
5 ACPI[0xF73CE620] -> ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Ide\IdeDeviceP0T0L0-4[0x8671E940]
kernel: MBR read successfully
user & kernel MBR OK
Fin du Nettoyage : 23:54:18
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ( EOF ) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Done ! Voila le fichier OTL.txt :
http://cjoint.com/?1dCbresaEll
Et le fichier extras :
http://cjoint.com/?1dCbrXizoyS
Merci :)
http://cjoint.com/?1dCbresaEll
Et le fichier extras :
http://cjoint.com/?1dCbrXizoyS
Merci :)
Utilisateur anonyme
28 mars 2011 à 01:38
28 mars 2011 à 01:38
desinstalle avast 5 et installe avast 6
sersq toi de cet outil en mode sans echec :
http://files.avast.com/files/eng/aswclear.exe
sersq toi de cet outil en mode sans echec :
http://files.avast.com/files/eng/aswclear.exe
Utilisateur anonyme
28 mars 2011 à 14:48
28 mars 2011 à 14:48
fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.
▶ Télécharge ici :
Malwarebytes
▶ Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .
(NB : Si tu as un message d'erreur t'indiquant qu'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : COMCTL32.OCX
▶ Potasses le Tuto pour te familiariser avec le prg :
( cela dit, il est très simple d'utilisation ).
relance malwarebytes en suivant scrupuleusement ces consignes :
! Déconnecte toi et ferme toutes applications en cours !
▶ Lance Malwarebyte's .
Fais un examen dit "Complet" .
▶ Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
▶ à la fin tu cliques sur "résultat" .
▶ Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .
▶ Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !
▶ Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)
▶ Télécharge ici :
Malwarebytes
▶ Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .
(NB : Si tu as un message d'erreur t'indiquant qu'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : COMCTL32.OCX
▶ Potasses le Tuto pour te familiariser avec le prg :
( cela dit, il est très simple d'utilisation ).
relance malwarebytes en suivant scrupuleusement ces consignes :
! Déconnecte toi et ferme toutes applications en cours !
▶ Lance Malwarebyte's .
Fais un examen dit "Complet" .
▶ Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
▶ à la fin tu cliques sur "résultat" .
▶ Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .
▶ Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !
▶ Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)
C'est ça que j'aurai du lancer la nuit !
Voila le résultat (C'est normal qu'il me vire everest poker ?!) :
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Version de la base de données: 6192
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
12/04/2011 17:58:17
mbam-log-2011-04-12 (17-58-17).txt
Type d'examen: Examen complet (C:\|E:\|)
Elément(s) analysé(s): 220458
Temps écoulé: 3 heure(s), 52 minute(s), 50 seconde(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 28
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\AppID\{11C27351-716B-4052-9361-E3B0A3F8221C} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1602F07D-8BF3-4c08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5} (Adware.ClickPotato) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
c:\documents and settings\Rida\Bureau\wirelesskeyview\wirelesskeyview.exe (PUP.WirelessKeyView) -> Quarantined and deleted successfully.
c:\documents and settings\Rida\mes documents\downloads\vlc-setup-3.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\everest poker\cstart.exe.vir (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\mozilla firefox\extensions\{b922d405-6d13-4a2b-ae89-08a030da4402}\components\pdfforgetoolbarff.dll.vir (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
c:\program files\everest poker.fr\cstart-tmp.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\everest poker.fr\CStart.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\everest poker.fr\everest pokerfr.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{cab80282-7027-4f69-b9e0-3ac71b2d78c7}\RP530\A0359015.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{cab80282-7027-4f69-b9e0-3ac71b2d78c7}\RP530\A0359085.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{cab80282-7027-4f69-b9e0-3ac71b2d78c7}\RP530\A0359119.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{cab80282-7027-4f69-b9e0-3ac71b2d78c7}\RP530\A0360146.exe (Trojan.VBKrypt) -> Quarantined and deleted successfully.
c:\system volume information\_restore{cab80282-7027-4f69-b9e0-3ac71b2d78c7}\RP530\A0360199.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{cab80282-7027-4f69-b9e0-3ac71b2d78c7}\RP531\A0361698.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{cab80282-7027-4f69-b9e0-3ac71b2d78c7}\RP533\A0361976.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{cab80282-7027-4f69-b9e0-3ac71b2d78c7}\RP533\A0361987.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
c:\system volume information\_restore{cab80282-7027-4f69-b9e0-3ac71b2d78c7}\RP533\A0362001.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{cab80282-7027-4f69-b9e0-3ac71b2d78c7}\RP533\A0362060.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{cab80282-7027-4f69-b9e0-3ac71b2d78c7}\RP533\A0362077.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{cab80282-7027-4f69-b9e0-3ac71b2d78c7}\RP534\A0363184.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{cab80282-7027-4f69-b9e0-3ac71b2d78c7}\RP534\A0363258.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{cab80282-7027-4f69-b9e0-3ac71b2d78c7}\RP535\A0363266.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{cab80282-7027-4f69-b9e0-3ac71b2d78c7}\RP535\A0363401.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{cab80282-7027-4f69-b9e0-3ac71b2d78c7}\RP535\A0363471.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{cab80282-7027-4f69-b9e0-3ac71b2d78c7}\RP536\A0363520.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{cab80282-7027-4f69-b9e0-3ac71b2d78c7}\RP536\A0363624.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{cab80282-7027-4f69-b9e0-3ac71b2d78c7}\RP536\A0363668.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{cab80282-7027-4f69-b9e0-3ac71b2d78c7}\RP536\A0363696.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{cab80282-7027-4f69-b9e0-3ac71b2d78c7}\RP537\A0363912.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
Voila le résultat (C'est normal qu'il me vire everest poker ?!) :
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Version de la base de données: 6192
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
12/04/2011 17:58:17
mbam-log-2011-04-12 (17-58-17).txt
Type d'examen: Examen complet (C:\|E:\|)
Elément(s) analysé(s): 220458
Temps écoulé: 3 heure(s), 52 minute(s), 50 seconde(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 28
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\AppID\{11C27351-716B-4052-9361-E3B0A3F8221C} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1602F07D-8BF3-4c08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5} (Adware.ClickPotato) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
c:\documents and settings\Rida\Bureau\wirelesskeyview\wirelesskeyview.exe (PUP.WirelessKeyView) -> Quarantined and deleted successfully.
c:\documents and settings\Rida\mes documents\downloads\vlc-setup-3.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\everest poker\cstart.exe.vir (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\mozilla firefox\extensions\{b922d405-6d13-4a2b-ae89-08a030da4402}\components\pdfforgetoolbarff.dll.vir (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
c:\program files\everest poker.fr\cstart-tmp.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\everest poker.fr\CStart.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\everest poker.fr\everest pokerfr.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{cab80282-7027-4f69-b9e0-3ac71b2d78c7}\RP530\A0359015.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{cab80282-7027-4f69-b9e0-3ac71b2d78c7}\RP530\A0359085.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{cab80282-7027-4f69-b9e0-3ac71b2d78c7}\RP530\A0359119.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{cab80282-7027-4f69-b9e0-3ac71b2d78c7}\RP530\A0360146.exe (Trojan.VBKrypt) -> Quarantined and deleted successfully.
c:\system volume information\_restore{cab80282-7027-4f69-b9e0-3ac71b2d78c7}\RP530\A0360199.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{cab80282-7027-4f69-b9e0-3ac71b2d78c7}\RP531\A0361698.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{cab80282-7027-4f69-b9e0-3ac71b2d78c7}\RP533\A0361976.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{cab80282-7027-4f69-b9e0-3ac71b2d78c7}\RP533\A0361987.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
c:\system volume information\_restore{cab80282-7027-4f69-b9e0-3ac71b2d78c7}\RP533\A0362001.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{cab80282-7027-4f69-b9e0-3ac71b2d78c7}\RP533\A0362060.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{cab80282-7027-4f69-b9e0-3ac71b2d78c7}\RP533\A0362077.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{cab80282-7027-4f69-b9e0-3ac71b2d78c7}\RP534\A0363184.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{cab80282-7027-4f69-b9e0-3ac71b2d78c7}\RP534\A0363258.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{cab80282-7027-4f69-b9e0-3ac71b2d78c7}\RP535\A0363266.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{cab80282-7027-4f69-b9e0-3ac71b2d78c7}\RP535\A0363401.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{cab80282-7027-4f69-b9e0-3ac71b2d78c7}\RP535\A0363471.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{cab80282-7027-4f69-b9e0-3ac71b2d78c7}\RP536\A0363520.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{cab80282-7027-4f69-b9e0-3ac71b2d78c7}\RP536\A0363624.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{cab80282-7027-4f69-b9e0-3ac71b2d78c7}\RP536\A0363668.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{cab80282-7027-4f69-b9e0-3ac71b2d78c7}\RP536\A0363696.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{cab80282-7027-4f69-b9e0-3ac71b2d78c7}\RP537\A0363912.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
lol, alors voila le fichier OTL.txt :
http://cjoint.com/?1dCuE9PgHM8
Et voila le fichier extras :
http://cjoint.com/?1dCuFDbIi67
http://cjoint.com/?1dCuE9PgHM8
Et voila le fichier extras :
http://cjoint.com/?1dCuFDbIi67
Utilisateur anonyme
28 mars 2011 à 21:48
28 mars 2011 à 21:48
telecharge cet outil :
http://www.teamxscript.org/too/Xplode/RstAssociations.exe
lance-le , puis coche ".scr" , ".url" , ".reg" , ".txt"
ATTENTION !!! : Script personnalisé pour cette machine uniquement , ne pas reproduire !!
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
sur OTL.exe pour le lancer.
▶Copie la liste qui se trouve en gras ci-dessous,
▶ colle-la dans la zone sous "Personnalisation" :
:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe
:OTL
FF - prefs.js..extensions.enabledItems: ""
FF - prefs.js..extensions.enabledItems: ""
FF - prefs.js..extensions.enabledItems: ""
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
[2009/03/17 20:50:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/08/10 20:48:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2010/11/28 17:28:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/03 22:49:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
O4 - HKLM\..\Run: [KernelFaultCheck] File not found
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\msdaipp - No CLSID value found
[2011/04/11 21:55:09 | 000,000,000 | ---D | C] -- C:\1st_Quarantine_L_K
[2011/04/11 22:31:00 | 000,004,926 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\bltofzsb.qlf
:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start"=3
:commands
[emptytemp]
[start explorer]
[reboot]
▶ Clique sur "Correction" pour lancer la suppression.
▶ Poste le rapport qui logiquement s'ouvrira tout seul en fin de travail appres le redemarrage.
http://www.teamxscript.org/too/Xplode/RstAssociations.exe
lance-le , puis coche ".scr" , ".url" , ".reg" , ".txt"
ATTENTION !!! : Script personnalisé pour cette machine uniquement , ne pas reproduire !!
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
sur OTL.exe pour le lancer.
▶Copie la liste qui se trouve en gras ci-dessous,
▶ colle-la dans la zone sous "Personnalisation" :
:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe
:OTL
FF - prefs.js..extensions.enabledItems: ""
FF - prefs.js..extensions.enabledItems: ""
FF - prefs.js..extensions.enabledItems: ""
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
[2009/03/17 20:50:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/08/10 20:48:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2010/11/28 17:28:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/03 22:49:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
O4 - HKLM\..\Run: [KernelFaultCheck] File not found
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\msdaipp - No CLSID value found
[2011/04/11 21:55:09 | 000,000,000 | ---D | C] -- C:\1st_Quarantine_L_K
[2011/04/11 22:31:00 | 000,004,926 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\bltofzsb.qlf
:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start"=3
:commands
[emptytemp]
[start explorer]
[reboot]
▶ Clique sur "Correction" pour lancer la suppression.
▶ Poste le rapport qui logiquement s'ouvrira tout seul en fin de travail appres le redemarrage.
Et voila ! Thanks in advance !
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
No active process named iexplore.exe was found!
No active process named firefox.exe was found!
No active process named msnmsgr.exe was found!
No active process named Teatimer.exe was found!
========== OTL ==========
Prefs.js: "" removed from extensions.enabledItems
Prefs.js: "" removed from extensions.enabledItems
Prefs.js: "" removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ipp\ deleted successfully.
File Protocol\Handler\ipp - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
File Protocol\Handler\msdaipp - No CLSID value found not found.
C:\1st_Quarantine_L_K folder moved successfully.
C:\Documents and Settings\All Users\Application Data\bltofzsb.qlf moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr\\"Start"|3 /E : value set successfully!
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
User: Rida
->Temp folder emptied: 2287367 bytes
->Temporary Internet Files folder emptied: 6024460 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 59248802 bytes
->Flash cache emptied: 1411 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 65,00 mb
OTL by OldTimer - Version 3.2.22.3 log created on 04122011_205942
Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\_avast_\Webshlock.txt not found!
Registry entries deleted on Reboot...
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
No active process named iexplore.exe was found!
No active process named firefox.exe was found!
No active process named msnmsgr.exe was found!
No active process named Teatimer.exe was found!
========== OTL ==========
Prefs.js: "" removed from extensions.enabledItems
Prefs.js: "" removed from extensions.enabledItems
Prefs.js: "" removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ipp\ deleted successfully.
File Protocol\Handler\ipp - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
File Protocol\Handler\msdaipp - No CLSID value found not found.
C:\1st_Quarantine_L_K folder moved successfully.
C:\Documents and Settings\All Users\Application Data\bltofzsb.qlf moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr\\"Start"|3 /E : value set successfully!
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
User: Rida
->Temp folder emptied: 2287367 bytes
->Temporary Internet Files folder emptied: 6024460 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 59248802 bytes
->Flash cache emptied: 1411 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 65,00 mb
OTL by OldTimer - Version 3.2.22.3 log created on 04122011_205942
Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\_avast_\Webshlock.txt not found!
Registry entries deleted on Reboot...
