Analyse pc avec Navilog1
giblotte
Messages postés
61
Statut
Membre
-
giblotte -
giblotte -
Bonjour,
Je ne peux naviguer sur internet sans qu'il y est des pop-up qui envahissent mon pc.
J'ai fait une analyse avec NAVILOG1. Je vous poste le rapport. Pourriez vous me dire ce que je dois faire ensuite ?
Merci de votre aide.
Le rapport :
Search Navipromo version 3.4.3 commencé le 07/02/2008 à 17:53:20,04
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 06.02.2008 à 18h00 par IL-MAFIOSO
Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11
Système de fichiers : NTFS
Executé en mode normal
*** Recherche Programmes installés ***
MessengerSkinner
*** Recherche dossiers dans C:\WINDOWS ***
*** Recherche dossiers dans C:\Program Files ***
C:\Program Files\MessengerSkinner trouvé !
*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***
*** Recherche dossiers dans "C:\Documents and Settings\Laurence Glaser\application data" ***
...\MessengerSkinner trouvé !
*** Recherche dossiers dans "C:\Documents and Settings\Laurence Glaser\local settings\application data" ***
*** Recherche dossiers dans "C:\Documents and Settings\Laurence Glaser\MENUDM~1\PROGRA~1" ***
...\MessengerSkinner trouvé !
*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUD?~1\PROGRA~1 ***
*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net
Fichier(s) caché(s) :
C:\WINDOWS\system32\nzixciexl.dat
C:\WINDOWS\system32\nzixciexl.exe
C:\WINDOWS\system32\nzixciexl_nav.dat
C:\WINDOWS\system32\nzixciexl_navps.dat
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans C:\WINDOWS\system32 *
Fichiers trouvés :
crqibm.exe trouvé !
efffmenxh.exe trouvé !
qeqztnb.exe trouvé !
qompltnnv.exe trouvé !
ulflyflsm.exe trouvé !
yxxdvsx.exe trouvé !
ajeojs.exe trouvé !
bwnukbxsf.exe trouvé !
ctigrtl.exe trouvé !
dgqdyh.exe trouvé !
eihzdnyp.exe trouvé !
evfysdt.exe trouvé !
fbdotl.exe trouvé !
fpioziylzp.exe trouvé !
ikvxsdrwz.exe trouvé !
jnuervrt.exe trouvé !
ksmkul.exe trouvé !
macesj.exe trouvé !
mhsseybkb.exe trouvé !
qunmpz.exe trouvé !
skaawwn.exe trouvé !
tagddzd.exe trouvé !
yfffzpoq.exe trouvé !
Fichiers suspects :
C:\WINDOWS\system32\jwygqnb.exe trouvé !
* Recherche dans "C:\Documents and Settings\Laurence Glaser\local settings\application data" *
*** Recherche fichiers ***
C:\WINDOWS\pack.epk trouvé !
C:\WINDOWS\system32\nvs2.inf trouvé !
*** Recherche clés spécifiques dans le Registre ***
HKEY_CURRENT_USER\Software\Lanconfig trouvé !
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche nouveaux fichiers Instant Access :
2)Recherche Heuristique :
* Dans C:\WINDOWS\system32 :
ckvrjiyvt.dat trouvé !
lsstoqfx.dat trouvé !
nzixciexl.dat trouvé !
whixijybkt.dat trouvé !
ckvrjiyvt_nav.dat trouvé !
lsstoqfx_nav.dat trouvé !
nzixciexl_nav.dat trouvé !
whixijybkt_nav.dat trouvé !
* Dans "C:\Documents and Settings\Laurence Glaser\local settings\application data" :
3)Recherche Certificats :
Certificat Egroup trouvé !
4)Recherche fichiers connus :
*** Analyse terminée le 07/02/2008 à 17:57:15,32 ***
Je ne peux naviguer sur internet sans qu'il y est des pop-up qui envahissent mon pc.
J'ai fait une analyse avec NAVILOG1. Je vous poste le rapport. Pourriez vous me dire ce que je dois faire ensuite ?
Merci de votre aide.
Le rapport :
Search Navipromo version 3.4.3 commencé le 07/02/2008 à 17:53:20,04
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 06.02.2008 à 18h00 par IL-MAFIOSO
Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11
Système de fichiers : NTFS
Executé en mode normal
*** Recherche Programmes installés ***
MessengerSkinner
*** Recherche dossiers dans C:\WINDOWS ***
*** Recherche dossiers dans C:\Program Files ***
C:\Program Files\MessengerSkinner trouvé !
*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***
*** Recherche dossiers dans "C:\Documents and Settings\Laurence Glaser\application data" ***
...\MessengerSkinner trouvé !
*** Recherche dossiers dans "C:\Documents and Settings\Laurence Glaser\local settings\application data" ***
*** Recherche dossiers dans "C:\Documents and Settings\Laurence Glaser\MENUDM~1\PROGRA~1" ***
...\MessengerSkinner trouvé !
*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUD?~1\PROGRA~1 ***
*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net
Fichier(s) caché(s) :
C:\WINDOWS\system32\nzixciexl.dat
C:\WINDOWS\system32\nzixciexl.exe
C:\WINDOWS\system32\nzixciexl_nav.dat
C:\WINDOWS\system32\nzixciexl_navps.dat
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans C:\WINDOWS\system32 *
Fichiers trouvés :
crqibm.exe trouvé !
efffmenxh.exe trouvé !
qeqztnb.exe trouvé !
qompltnnv.exe trouvé !
ulflyflsm.exe trouvé !
yxxdvsx.exe trouvé !
ajeojs.exe trouvé !
bwnukbxsf.exe trouvé !
ctigrtl.exe trouvé !
dgqdyh.exe trouvé !
eihzdnyp.exe trouvé !
evfysdt.exe trouvé !
fbdotl.exe trouvé !
fpioziylzp.exe trouvé !
ikvxsdrwz.exe trouvé !
jnuervrt.exe trouvé !
ksmkul.exe trouvé !
macesj.exe trouvé !
mhsseybkb.exe trouvé !
qunmpz.exe trouvé !
skaawwn.exe trouvé !
tagddzd.exe trouvé !
yfffzpoq.exe trouvé !
Fichiers suspects :
C:\WINDOWS\system32\jwygqnb.exe trouvé !
* Recherche dans "C:\Documents and Settings\Laurence Glaser\local settings\application data" *
*** Recherche fichiers ***
C:\WINDOWS\pack.epk trouvé !
C:\WINDOWS\system32\nvs2.inf trouvé !
*** Recherche clés spécifiques dans le Registre ***
HKEY_CURRENT_USER\Software\Lanconfig trouvé !
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche nouveaux fichiers Instant Access :
2)Recherche Heuristique :
* Dans C:\WINDOWS\system32 :
ckvrjiyvt.dat trouvé !
lsstoqfx.dat trouvé !
nzixciexl.dat trouvé !
whixijybkt.dat trouvé !
ckvrjiyvt_nav.dat trouvé !
lsstoqfx_nav.dat trouvé !
nzixciexl_nav.dat trouvé !
whixijybkt_nav.dat trouvé !
* Dans "C:\Documents and Settings\Laurence Glaser\local settings\application data" :
3)Recherche Certificats :
Certificat Egroup trouvé !
4)Recherche fichiers connus :
*** Analyse terminée le 07/02/2008 à 17:57:15,32 ***
A voir également:
- Analyse pc avec Navilog1
- Reinitialiser pc - Guide
- Pc lent - Guide
- Analyse composant pc - Guide
- Downloader for pc - Télécharger - Téléchargement & Transfert
- Analyse performance pc - Guide
147 réponses
Je n'en suis pas vraiment sur. Mais j'ai cherché et je ne l'ai pas trouvé !!!
Enfin, si je l'ai ça veut dire que j'avais 3 anti virus !!!!!!!!!!!! Pas suffisant contre les attaques !!!!!!!!!
Je te souhaite une bonne nuit et à demain pour la suite.....
Enfin, si je l'ai ça veut dire que j'avais 3 anti virus !!!!!!!!!!!! Pas suffisant contre les attaques !!!!!!!!!
Je te souhaite une bonne nuit et à demain pour la suite.....
Re ,
Selon moi , F-secure est toujours actif...
-------> Conflits !
Donc tu vas désinstaller Antivir via ' ajout et suppression de programmes ' cherche 'Avira Antivir' ou 'antivir' .
Redémarre
Après va dans 'poste de travail ' C:\programmes\Avira supprime le dossier en gras.
*******************************************************
Télécharge Cleanup
Lance-le et choisi l'option ' cleanup! '
Tuto: http://pageperso.aol.fr/balltrap34/democleanup.htm ( merci à balltrap34 )
********************************
Télécharge clean : http://www.malekal.com/download/clean.zip
Une fois téléchargé et dézippé ( clique droit , extraire tout) , lance clean.cmd ( ou clean ), Choisi l'option 1 et poste moi le rapport.(- Où est le rapport clean ? : « Poste de travail » / double clic sur disque « C / » double-clic sur « rapport_clean.txt » et « copier/coller le contenu » sur le forum. )
***************
Voila tiens moi au jus
Bonne chance
a+
Selon moi , F-secure est toujours actif...
Enfin, si je l'ai ça veut dire que j'avais 3 anti virus !!!!!!!!!!!! Pas suffisant contre les attaques !!!!!!!!!Ben non justement , plus t'en as , moins tu es protégé !
-------> Conflits !
Donc tu vas désinstaller Antivir via ' ajout et suppression de programmes ' cherche 'Avira Antivir' ou 'antivir' .
Redémarre
Après va dans 'poste de travail ' C:\programmes\Avira supprime le dossier en gras.
*******************************************************
Télécharge Cleanup
Lance-le et choisi l'option ' cleanup! '
Tuto: http://pageperso.aol.fr/balltrap34/democleanup.htm ( merci à balltrap34 )
********************************
Télécharge clean : http://www.malekal.com/download/clean.zip
Une fois téléchargé et dézippé ( clique droit , extraire tout) , lance clean.cmd ( ou clean ), Choisi l'option 1 et poste moi le rapport.(- Où est le rapport clean ? : « Poste de travail » / double clic sur disque « C / » double-clic sur « rapport_clean.txt » et « copier/coller le contenu » sur le forum. )
***************
Voila tiens moi au jus
Bonne chance
a+
OK je ferais ça demain..
Tout ça c'est pour désinstaller antivir et tout nettoyer ?
Mais si je ne retrouve pas F Secure ?
Tout ça c'est pour désinstaller antivir et tout nettoyer ?
Mais si je ne retrouve pas F Secure ?
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Bonjour Cyril
Alors non, je n'ai pas d'icone dans la barre de tache.
Si je désinstalle antivir et que je n'arrive pas à lancer F Secure, ça risque de poser problème ?
Est ce que je peux lancer cleanup dans désinstaller F Secure ?
A +
Alors non, je n'ai pas d'icone dans la barre de tache.
Si je désinstalle antivir et que je n'arrive pas à lancer F Secure, ça risque de poser problème ?
Est ce que je peux lancer cleanup dans désinstaller F Secure ?
A +
Autre chose, quand j'ai démarré mon ordi ce matin, j'avais un message : "Dellservice Monitor a rencontré un problème et doit fermer...."
Re ,
F-secure tu dois le trouver dans ' ajout et suppression de programmes ' il doit s'appeler ' pack sécurité ' ou F-secure !
Je ne veut pas te faire virer F-secure car il est mieux qu'Antivir ... mais je le répète selon ton rapport Hijackthis , F-secure est actif !
A+
Est ce que je peux lancer cleanup dans désinstaller F Secure ?Çà ne pose aucun problème.
F-secure tu dois le trouver dans ' ajout et suppression de programmes ' il doit s'appeler ' pack sécurité ' ou F-secure !
Je ne veut pas te faire virer F-secure car il est mieux qu'Antivir ... mais je le répète selon ton rapport Hijackthis , F-secure est actif !
A+
Rien du tout dans "ajout et suppression de programmes" !!!!!!!!!! Il doit être bien caché !!
Je lance clean up
Je lance clean up
RAPPORT CLEANUP :
CleanUp! started on 02/09/08 12:46:53.
...
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\no_photo_big_f[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\numberedlist[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\Num_05[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\Num_08[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\nz_download_icon_40x40[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\o5[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\ochranasouk[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\odr_global_e5491fr[1].js - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\onebox[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\onglet_avis_off[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\onglet_jvfr_off[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\onglet_menu_off_droit[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\onglet_noir_gauche[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\or[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\pageviewbidsdutchhighbidderbody_e5491fr[1].js - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\page[1] - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\participer_transp[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\paysbas_mini[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\pic02[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\pic05[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\pic06[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\pic11[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\pictos[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\picto_clientSpace[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\picto_idtgv[1].png - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\picto_suivi[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\pic_01[1].png - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\pic_07[1].png - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\pic_back[1].png - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\pic_mesinter[1].png - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\pic_msg[1].png - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\pic_rss[1].png - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\PID_476384_MSNFR_TASIA_234x60_apac[1].swf - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\pink_ball_home1[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\pixel[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\plus-de[1].jpg - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\podpora[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\post_cor_bl[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\preloader[1].swf - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\print-icon[1].png - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\print_shipping_label_e5491fr[1].js - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\productComparison[1].css - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\psv[1].js - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\pt_download_icon_40x40[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\ratatouille-avp-2[1].jpg - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\ratatouille-disneyfr[1].jpg - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\recherche_ok[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\redirect[1].js - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\repost[1] - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\resizeimg[1].htm - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\resize_vertical[1] - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\resultado[1].txt - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\resultado[2].txt - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\resultado[3].txt - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\resultado[4].txt - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\resultado[5].txt - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\resultado[6].txt - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\resultado[7].txt - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\resultado[8].txt - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\retrieve_items_e5491fr[1].js - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\rssico[1].png - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\rtCurve[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\rte_tb[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\rtm - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\rtm[10] - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\rtm[11] - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\rtm[1] - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\rtm[2] - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\rtm[3] - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\rtm[4] - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\rtm[5] - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\rtm[6] - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\rtm[7] - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\rtm[8] - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\rtm[9] - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\rtm_e5491fr[1].js - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\r[1].txt - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\r[2].txt - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\r[3].txt - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\r[4].txt - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\sauve_qui_poule_616[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\saving[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\sbhdr2_myEbayGuest_482x14[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\scripts[1].js - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\scripts[2].js - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\sc_rest[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\search[1].css - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\secrets_668[1].jpg - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\send_mail[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\sep_01_1[1].png - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\sep_02[1].png - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\service04[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\service08[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\shadow-background-780x120[1].jpg - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\shared[1].js - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\show_ads[1].js - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\sifr[1].css - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\sifr[1].js - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\signin_body_e5491fr[1].js - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\sipka[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\siteMap[1].css - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\sitewidemenu2[1].swf - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\sophos[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\soustitre_gauche[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\spacer[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\spacer[2].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\spacer[3].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\spacer[5].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\spacer[6].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\Spaces_profils[1].png - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\space[2].png - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\splash[1].swf - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\spodlista[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\spupdateids[1].js - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\squiggly[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\standardcontent____69645[1].htm - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\surveiller_enchere[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\swf_1-EBW8T_300X250_0711120930_121107_02jan[1].swf - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\t-register-big[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\t-results-big[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\T5XCA1ZI7N3CAQC0XHDCAWMU6UICAJDSYTCCA8VTXDDCA0R2KB1CAB1O8GZCA3M40WICAWN0OGJCANIKAHTCAVS5GXHCAZM2ERCCABHKZ3ECA5S0P0RCA2PQL2VCAZMYWIFCAAN6CR1CA7JVFEP.htm - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\tabledeletecolumns[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\tablesplitcell[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\tabswelcome[1] - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\tab_4_off[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\tab_8_off[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\textarea[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\textcolor[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\tgar[1].js - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\titre1_droit[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\titre1_fin[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\titre_decision_parrainage[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\TLQCAI738F9CAZCBVD7CA52FEPVCA1FV4LSCAP2NGF1CAN2GQ8HCAH6T50SCA3ONY37CAKEPXICCA5W88CUCAN45S4XCAORQV5KCAJV014WCADF1KU9CAKZZ14DCAJNZH6ZCAPTKK70CAK2I5AN.htm - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\toc[1].css - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\toc[1].js - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\toolbar.arrowright[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\toolbar.collapse[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\toolbar.end[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\top[1].png - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\top_head_02[1].png - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\top_priv_msgs[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\tr_1402742342[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\uk[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\underline[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\unlink[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\violet[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\voir_profil_mini[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\warning[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\wbk12.tmp - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\webtrendsbasecode2[1].js - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\wlcm1[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\wmp10service[1].png - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\wm_com_v_rgb_15x15[1].png - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\xajax[1].js - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\xiti[1].js - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\xiti[2].js - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\xiti[3].js - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\xiti[4].js - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\xiti[5].js - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\xiti[6].js - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\xiti[7].js - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\xphoto[2].jpg - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\zh-cn[1].png - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\zoomwidth[1] - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\[10] - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\[11] - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\[1] - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\[2] - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\[3] - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\[4] - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\[5] - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\[6] - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\[7] - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\[8] - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\[9] - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\_W0QQuprZ1QQsassZgiblotteQQsoprZ60149941QQsiteidZ71[1].htm - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\UU9AJZ9H\ADSAdClient31[1].htm - deleted
C:\Documents and Settings\Default User\Cookies\index.dat - deleted
C:\Documents and Settings\Default User\locals~1\tempor~1\Content.IE5\index.dat - deleted
C:\Documents and Settings\Default User\Cookies\index.dat - deleted
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\index.dat - deleted
C:\WINDOWS\Prefetch\9LAUNCH.EXE-32609CC0.pf - deleted
C:\WINDOWS\Prefetch\ACRORD32.EXE-01080F7C.pf - deleted
C:\WINDOWS\Prefetch\ALBUMDB2.EXE-1F918EF2.pf - deleted
C:\WINDOWS\Prefetch\ALG.EXE-275708CF.pf - deleted
C:\WINDOWS\Prefetch\ASHMAISV.EXE-072F6A23.pf - deleted
C:\WINDOWS\Prefetch\AVAST.SETUP-295443AF.pf - deleted
C:\WINDOWS\Prefetch\AVNOTIFY.EXE-1A41E508.pf - deleted
C:\WINDOWS\Prefetch\CLEANUP.EXE-0ACAE2A3.pf - deleted
C:\WINDOWS\Prefetch\CLEANUP452[1].EXE-1E4A2F8C.pf - deleted
C:\WINDOWS\Prefetch\CMD.EXE-034B0549.pf - deleted
C:\WINDOWS\Prefetch\DEFRAG.EXE-2858C7E2.pf - deleted
C:\WINDOWS\Prefetch\DFRGNTFS.EXE-38C3807C.pf - deleted
C:\WINDOWS\Prefetch\DLCCCOMS.EXE-2D331215.pf - deleted
C:\WINDOWS\Prefetch\DLCCJSWX.EXE-071BE6D2.pf - deleted
C:\WINDOWS\Prefetch\DLCCPSWX.EXE-2BA9239A.pf - deleted
C:\WINDOWS\Prefetch\DRWTSN32.EXE-01DDCF15.pf - deleted
C:\WINDOWS\Prefetch\DWWIN.EXE-2C373FB7.pf - deleted
C:\WINDOWS\Prefetch\EXPLORER.EXE-02121B1A.pf - deleted
C:\WINDOWS\Prefetch\FAMEH32.EXE-0EBF7DB8.pf - deleted
C:\WINDOWS\Prefetch\FSDIAG.EXE-0F2503E8.pf - deleted
C:\WINDOWS\Prefetch\FSHOTFIX.EXE-3A89324A.pf - deleted
C:\WINDOWS\Prefetch\FSPC.EXE-24CF053E.pf - deleted
C:\WINDOWS\Prefetch\FSUNINST.EXE-00938A62.pf - deleted
C:\WINDOWS\Prefetch\FXSSVC.EXE-140862E7.pf - deleted
C:\WINDOWS\Prefetch\GUARDGUI.EXE-2C1384C2.pf - deleted
C:\WINDOWS\Prefetch\HIJACKTHIS.EXE-241EE54E.pf - deleted
C:\WINDOWS\Prefetch\HJT.EXE-12E00538.pf - deleted
C:\WINDOWS\Prefetch\HJT.EXE-339D51DA.pf - deleted
C:\WINDOWS\Prefetch\HTTPD.EXE-0C8DF0FA.pf - deleted
C:\WINDOWS\Prefetch\IEXPLORE.EXE-2D97EBE6.pf - deleted
C:\WINDOWS\Prefetch\IGFXSRVC.EXE-1D88F978.pf - deleted
C:\WINDOWS\Prefetch\IMAPI.EXE-201490BB.pf - deleted
C:\WINDOWS\Prefetch\IPCONFIG.EXE-05D7908C.pf - deleted
C:\WINDOWS\Prefetch\KODNOTIF.EXE-00DBA4F5.pf - deleted
C:\WINDOWS\Prefetch\Layout.ini - deleted
C:\WINDOWS\Prefetch\LOGONUI.EXE-312BE1BF.pf - deleted
C:\WINDOWS\Prefetch\MSIMN.EXE-183B59AF.pf - deleted
C:\WINDOWS\Prefetch\MSMSGS.EXE-0620E8B3.pf - deleted
C:\WINDOWS\Prefetch\MSNTBUP.EXE-05EA1CAC.pf - deleted
C:\WINDOWS\Prefetch\MSN_SL.EXE-2BF0761D.pf - deleted
C:\WINDOWS\Prefetch\NET.EXE-151FD66D.pf - deleted
C:\WINDOWS\Prefetch\NET1.EXE-02C3403D.pf - deleted
C:\WINDOWS\Prefetch\NETSTAT.EXE-04F18BC0.pf - deleted
C:\WINDOWS\Prefetch\NOTEPAD.EXE-2F2D61E1.pf - deleted
C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf - deleted
C:\WINDOWS\Prefetch\POLUTIL.EXE-200B8B6C.pf - deleted
C:\WINDOWS\Prefetch\PREUPD.EXE-16574861.pf - deleted
C:\WINDOWS\Prefetch\REGEDIT.EXE-2AE3423E.pf - deleted
C:\WINDOWS\Prefetch\ROUTE.EXE-25A167B5.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-58FA916C.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-6DF739B2.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-6E8D4657.pf - deleted
C:\WINDOWS\Prefetch\UPDATE.EXE-380C6CAC.pf - deleted
C:\WINDOWS\Prefetch\USNSVC.EXE-05B86444.pf - deleted
C:\WINDOWS\Prefetch\VERCLSID.EXE-28F52AD2.pf - deleted
C:\WINDOWS\Prefetch\WGATRAY.EXE-350D4455.pf - deleted
C:\WINDOWS\Prefetch\WKUFIND.EXE-1FB14C34.pf - deleted
C:\WINDOWS\Prefetch\WLLOGINPROXY.EXE-090074F0.pf - deleted
C:\WINDOWS\Prefetch\WMIPRVSE.EXE-0D449B4F.pf - deleted
C:\WINDOWS\Prefetch\WMPNETWK.EXE-07A3BFF1.pf - deleted
C:\WINDOWS\Prefetch\WUAUCLT.EXE-1360D60A.pf - deleted
C:\WINDOWS\Prefetch\WUPDMGR.EXE-08F70643.pf - deleted
Emptied Recycle Bin on drive C:
'Run MRU' list - removed from the registry.
'Doc Find Spec MRU' list - removed from the registry.
'FindComputerMRU' list - removed from the registry.
'ComputerNameMRU' list - removed from the registry.
'ContainingTextMRU' list - removed from the registry.
'FilesNamedMRU' list - removed from the registry.
Search Assistant MRU list - removed from the registry.
Explorer Open/Save MRU list - removed from the registry.
Explorer Last Visited MRU list - removed from the registry.
Paint Recent File List - removed from the registry.
WordPad Recent File List - removed from the registry.
Telnet's MRU list - removed from the registry.
Windows Media Player Recent File List - removed from the registry.
WinZip Extract MRU list - removed from the registry.
WinZip File MRU list - removed from the registry.
CleanUp! 4.5.2 recovered 170.7 MB of disk space from 17224 files.
CleanUp! finished on 02/09/08 12:47:32.
RAPPORT CLEAN :
09/02/2008 a 12:56:07,03
*** Recherche des fichiers dans C:
C:\StubInstaller.exe FOUND
*** Recherche des fichiers dans C:\WINDOWS\
*** Recherche des fichiers dans C:\WINDOWS\system32
!!!!!!!!!!!!!!!!!!
CleanUp! started on 02/09/08 12:46:53.
...
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\no_photo_big_f[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\numberedlist[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\Num_05[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\Num_08[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\nz_download_icon_40x40[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\o5[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\ochranasouk[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\odr_global_e5491fr[1].js - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\onebox[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\onglet_avis_off[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\onglet_jvfr_off[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\onglet_menu_off_droit[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\onglet_noir_gauche[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\or[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\pageviewbidsdutchhighbidderbody_e5491fr[1].js - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\page[1] - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\participer_transp[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\paysbas_mini[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\pic02[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\pic05[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\pic06[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\pic11[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\pictos[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\picto_clientSpace[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\picto_idtgv[1].png - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\picto_suivi[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\pic_01[1].png - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\pic_07[1].png - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\pic_back[1].png - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\pic_mesinter[1].png - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\pic_msg[1].png - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\pic_rss[1].png - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\PID_476384_MSNFR_TASIA_234x60_apac[1].swf - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\pink_ball_home1[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\pixel[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\plus-de[1].jpg - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\podpora[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\post_cor_bl[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\preloader[1].swf - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\print-icon[1].png - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\print_shipping_label_e5491fr[1].js - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\productComparison[1].css - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\psv[1].js - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\pt_download_icon_40x40[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\ratatouille-avp-2[1].jpg - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\ratatouille-disneyfr[1].jpg - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\recherche_ok[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\redirect[1].js - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\repost[1] - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\resizeimg[1].htm - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\resize_vertical[1] - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\resultado[1].txt - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\resultado[2].txt - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\resultado[3].txt - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\resultado[4].txt - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\resultado[5].txt - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\resultado[6].txt - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\resultado[7].txt - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\resultado[8].txt - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\retrieve_items_e5491fr[1].js - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\rssico[1].png - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\rtCurve[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\rte_tb[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\rtm - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\rtm[10] - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\rtm[11] - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\rtm[1] - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\rtm[2] - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\rtm[3] - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\rtm[4] - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\rtm[5] - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\rtm[6] - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\rtm[7] - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\rtm[8] - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\rtm[9] - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\rtm_e5491fr[1].js - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\r[1].txt - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\r[2].txt - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\r[3].txt - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\r[4].txt - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\sauve_qui_poule_616[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\saving[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\sbhdr2_myEbayGuest_482x14[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\scripts[1].js - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\scripts[2].js - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\sc_rest[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\search[1].css - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\secrets_668[1].jpg - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\send_mail[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\sep_01_1[1].png - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\sep_02[1].png - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\service04[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\service08[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\shadow-background-780x120[1].jpg - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\shared[1].js - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\show_ads[1].js - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\sifr[1].css - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\sifr[1].js - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\signin_body_e5491fr[1].js - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\sipka[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\siteMap[1].css - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\sitewidemenu2[1].swf - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\sophos[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\soustitre_gauche[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\spacer[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\spacer[2].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\spacer[3].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\spacer[5].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\spacer[6].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\Spaces_profils[1].png - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\space[2].png - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\splash[1].swf - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\spodlista[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\spupdateids[1].js - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\squiggly[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\standardcontent____69645[1].htm - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\surveiller_enchere[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\swf_1-EBW8T_300X250_0711120930_121107_02jan[1].swf - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\t-register-big[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\t-results-big[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\T5XCA1ZI7N3CAQC0XHDCAWMU6UICAJDSYTCCA8VTXDDCA0R2KB1CAB1O8GZCA3M40WICAWN0OGJCANIKAHTCAVS5GXHCAZM2ERCCABHKZ3ECA5S0P0RCA2PQL2VCAZMYWIFCAAN6CR1CA7JVFEP.htm - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\tabledeletecolumns[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\tablesplitcell[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\tabswelcome[1] - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\tab_4_off[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\tab_8_off[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\textarea[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\textcolor[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\tgar[1].js - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\titre1_droit[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\titre1_fin[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\titre_decision_parrainage[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\TLQCAI738F9CAZCBVD7CA52FEPVCA1FV4LSCAP2NGF1CAN2GQ8HCAH6T50SCA3ONY37CAKEPXICCA5W88CUCAN45S4XCAORQV5KCAJV014WCADF1KU9CAKZZ14DCAJNZH6ZCAPTKK70CAK2I5AN.htm - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\toc[1].css - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\toc[1].js - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\toolbar.arrowright[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\toolbar.collapse[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\toolbar.end[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\top[1].png - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\top_head_02[1].png - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\top_priv_msgs[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\tr_1402742342[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\uk[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\underline[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\unlink[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\violet[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\voir_profil_mini[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\warning[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\wbk12.tmp - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\webtrendsbasecode2[1].js - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\wlcm1[1].gif - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\wmp10service[1].png - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\wm_com_v_rgb_15x15[1].png - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\xajax[1].js - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\xiti[1].js - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\xiti[2].js - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\xiti[3].js - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\xiti[4].js - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\xiti[5].js - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\xiti[6].js - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\xiti[7].js - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\xphoto[2].jpg - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\zh-cn[1].png - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\zoomwidth[1] - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\[10] - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\[11] - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\[1] - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\[2] - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\[3] - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\[4] - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\[5] - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\[6] - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\[7] - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\[8] - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\[9] - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\PUQCDJLV\_W0QQuprZ1QQsassZgiblotteQQsoprZ60149941QQsiteidZ71[1].htm - deleted
C:\Documents and Settings\Laurence Glaser\Local Settings\Temporary Internet Files\Content.IE5\UU9AJZ9H\ADSAdClient31[1].htm - deleted
C:\Documents and Settings\Default User\Cookies\index.dat - deleted
C:\Documents and Settings\Default User\locals~1\tempor~1\Content.IE5\index.dat - deleted
C:\Documents and Settings\Default User\Cookies\index.dat - deleted
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\index.dat - deleted
C:\WINDOWS\Prefetch\9LAUNCH.EXE-32609CC0.pf - deleted
C:\WINDOWS\Prefetch\ACRORD32.EXE-01080F7C.pf - deleted
C:\WINDOWS\Prefetch\ALBUMDB2.EXE-1F918EF2.pf - deleted
C:\WINDOWS\Prefetch\ALG.EXE-275708CF.pf - deleted
C:\WINDOWS\Prefetch\ASHMAISV.EXE-072F6A23.pf - deleted
C:\WINDOWS\Prefetch\AVAST.SETUP-295443AF.pf - deleted
C:\WINDOWS\Prefetch\AVNOTIFY.EXE-1A41E508.pf - deleted
C:\WINDOWS\Prefetch\CLEANUP.EXE-0ACAE2A3.pf - deleted
C:\WINDOWS\Prefetch\CLEANUP452[1].EXE-1E4A2F8C.pf - deleted
C:\WINDOWS\Prefetch\CMD.EXE-034B0549.pf - deleted
C:\WINDOWS\Prefetch\DEFRAG.EXE-2858C7E2.pf - deleted
C:\WINDOWS\Prefetch\DFRGNTFS.EXE-38C3807C.pf - deleted
C:\WINDOWS\Prefetch\DLCCCOMS.EXE-2D331215.pf - deleted
C:\WINDOWS\Prefetch\DLCCJSWX.EXE-071BE6D2.pf - deleted
C:\WINDOWS\Prefetch\DLCCPSWX.EXE-2BA9239A.pf - deleted
C:\WINDOWS\Prefetch\DRWTSN32.EXE-01DDCF15.pf - deleted
C:\WINDOWS\Prefetch\DWWIN.EXE-2C373FB7.pf - deleted
C:\WINDOWS\Prefetch\EXPLORER.EXE-02121B1A.pf - deleted
C:\WINDOWS\Prefetch\FAMEH32.EXE-0EBF7DB8.pf - deleted
C:\WINDOWS\Prefetch\FSDIAG.EXE-0F2503E8.pf - deleted
C:\WINDOWS\Prefetch\FSHOTFIX.EXE-3A89324A.pf - deleted
C:\WINDOWS\Prefetch\FSPC.EXE-24CF053E.pf - deleted
C:\WINDOWS\Prefetch\FSUNINST.EXE-00938A62.pf - deleted
C:\WINDOWS\Prefetch\FXSSVC.EXE-140862E7.pf - deleted
C:\WINDOWS\Prefetch\GUARDGUI.EXE-2C1384C2.pf - deleted
C:\WINDOWS\Prefetch\HIJACKTHIS.EXE-241EE54E.pf - deleted
C:\WINDOWS\Prefetch\HJT.EXE-12E00538.pf - deleted
C:\WINDOWS\Prefetch\HJT.EXE-339D51DA.pf - deleted
C:\WINDOWS\Prefetch\HTTPD.EXE-0C8DF0FA.pf - deleted
C:\WINDOWS\Prefetch\IEXPLORE.EXE-2D97EBE6.pf - deleted
C:\WINDOWS\Prefetch\IGFXSRVC.EXE-1D88F978.pf - deleted
C:\WINDOWS\Prefetch\IMAPI.EXE-201490BB.pf - deleted
C:\WINDOWS\Prefetch\IPCONFIG.EXE-05D7908C.pf - deleted
C:\WINDOWS\Prefetch\KODNOTIF.EXE-00DBA4F5.pf - deleted
C:\WINDOWS\Prefetch\Layout.ini - deleted
C:\WINDOWS\Prefetch\LOGONUI.EXE-312BE1BF.pf - deleted
C:\WINDOWS\Prefetch\MSIMN.EXE-183B59AF.pf - deleted
C:\WINDOWS\Prefetch\MSMSGS.EXE-0620E8B3.pf - deleted
C:\WINDOWS\Prefetch\MSNTBUP.EXE-05EA1CAC.pf - deleted
C:\WINDOWS\Prefetch\MSN_SL.EXE-2BF0761D.pf - deleted
C:\WINDOWS\Prefetch\NET.EXE-151FD66D.pf - deleted
C:\WINDOWS\Prefetch\NET1.EXE-02C3403D.pf - deleted
C:\WINDOWS\Prefetch\NETSTAT.EXE-04F18BC0.pf - deleted
C:\WINDOWS\Prefetch\NOTEPAD.EXE-2F2D61E1.pf - deleted
C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf - deleted
C:\WINDOWS\Prefetch\POLUTIL.EXE-200B8B6C.pf - deleted
C:\WINDOWS\Prefetch\PREUPD.EXE-16574861.pf - deleted
C:\WINDOWS\Prefetch\REGEDIT.EXE-2AE3423E.pf - deleted
C:\WINDOWS\Prefetch\ROUTE.EXE-25A167B5.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-58FA916C.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-6DF739B2.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-6E8D4657.pf - deleted
C:\WINDOWS\Prefetch\UPDATE.EXE-380C6CAC.pf - deleted
C:\WINDOWS\Prefetch\USNSVC.EXE-05B86444.pf - deleted
C:\WINDOWS\Prefetch\VERCLSID.EXE-28F52AD2.pf - deleted
C:\WINDOWS\Prefetch\WGATRAY.EXE-350D4455.pf - deleted
C:\WINDOWS\Prefetch\WKUFIND.EXE-1FB14C34.pf - deleted
C:\WINDOWS\Prefetch\WLLOGINPROXY.EXE-090074F0.pf - deleted
C:\WINDOWS\Prefetch\WMIPRVSE.EXE-0D449B4F.pf - deleted
C:\WINDOWS\Prefetch\WMPNETWK.EXE-07A3BFF1.pf - deleted
C:\WINDOWS\Prefetch\WUAUCLT.EXE-1360D60A.pf - deleted
C:\WINDOWS\Prefetch\WUPDMGR.EXE-08F70643.pf - deleted
Emptied Recycle Bin on drive C:
'Run MRU' list - removed from the registry.
'Doc Find Spec MRU' list - removed from the registry.
'FindComputerMRU' list - removed from the registry.
'ComputerNameMRU' list - removed from the registry.
'ContainingTextMRU' list - removed from the registry.
'FilesNamedMRU' list - removed from the registry.
Search Assistant MRU list - removed from the registry.
Explorer Open/Save MRU list - removed from the registry.
Explorer Last Visited MRU list - removed from the registry.
Paint Recent File List - removed from the registry.
WordPad Recent File List - removed from the registry.
Telnet's MRU list - removed from the registry.
Windows Media Player Recent File List - removed from the registry.
WinZip Extract MRU list - removed from the registry.
WinZip File MRU list - removed from the registry.
CleanUp! 4.5.2 recovered 170.7 MB of disk space from 17224 files.
CleanUp! finished on 02/09/08 12:47:32.
RAPPORT CLEAN :
09/02/2008 a 12:56:07,03
*** Recherche des fichiers dans C:
C:\StubInstaller.exe FOUND
*** Recherche des fichiers dans C:\WINDOWS\
*** Recherche des fichiers dans C:\WINDOWS\system32
!!!!!!!!!!!!!!!!!!
Re ,
Redémarre en MSE
Re-lance clean -> Choisis l'option 2
Clean va travailler.
Un rapport Va etre généré , poste le moi ;)
***************
Et envoies un nouveau rapport Hijackthis stp ;)
a+
Redémarre en MSE
Re-lance clean -> Choisis l'option 2
Clean va travailler.
Un rapport Va etre généré , poste le moi ;)
***************
Et envoies un nouveau rapport Hijackthis stp ;)
a+
2EME RAPPORT CLEAN :
Script execute en mode sans echec
Rapport clean par Malekal_morte - http://www.malekal.com
Script execute en mode sans echec 09/02/2008 a 13:19:10,81
Microsoft Windows XP [version 5.1.2600]
*** Suppression des fichiers dans C:
tentative de suppression de C:\StubInstaller.exe
*** Suppression des fichiers dans C:\WINDOWS\
*** Suppression des fichiers dans C:\WINDOWS\system32
RAPPORT HIJACKTHIS :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:22:48, on 09/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=3061113
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer optimisé pour MSN
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Pack Sécurité\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Pack Sécurité\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Pack Sécurité\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\WINSOS\WINSOS.EXE" MINI
O4 - HKCU\..\Run: [Orange Desktop Search] "C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe" /tray
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\Neuf\Media Center\MediaCenter.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Post-Net.lnk = C:\Program Files\POST-NET\Post-Net.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Sécurité\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Sécurité\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Sécurité\FSPC\fspcmsie.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://securite.neuf.fr/Ols/fscax.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Pack Sécurité\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
Script execute en mode sans echec
Rapport clean par Malekal_morte - http://www.malekal.com
Script execute en mode sans echec 09/02/2008 a 13:19:10,81
Microsoft Windows XP [version 5.1.2600]
*** Suppression des fichiers dans C:
tentative de suppression de C:\StubInstaller.exe
*** Suppression des fichiers dans C:\WINDOWS\
*** Suppression des fichiers dans C:\WINDOWS\system32
RAPPORT HIJACKTHIS :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:22:48, on 09/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=3061113
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer optimisé pour MSN
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Pack Sécurité\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Pack Sécurité\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Pack Sécurité\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\WINSOS\WINSOS.EXE" MINI
O4 - HKCU\..\Run: [Orange Desktop Search] "C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe" /tray
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\Neuf\Media Center\MediaCenter.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Post-Net.lnk = C:\Program Files\POST-NET\Post-Net.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Sécurité\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Sécurité\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Sécurité\FSPC\fspcmsie.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://securite.neuf.fr/Ols/fscax.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Pack Sécurité\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
Re ,
Le rapport Hijackthis en mode normal stp ;)
*******************
1)Va dans ' poste de travail ' > ' Outil ' > ' Options des dossiers ' > Onglet ' Affichage '
2)Active le bouton ' Afficher les fichiers et dossiers cachés '
3)Décoche ' Masquer les fichiers protégés du systeme d'exploitation ( recommandé ) '
4)Décoche ' Masquer les extensions dont le type est connu '
5)Va sur ce site --> https://www.virustotal.com/gui/
Clique sur ' parcourir '
Cherche ce fichier : (en gras)
C:\StubInstaller.exe
Clique sur ' send '
Un rapport va s'élaborer ligne à ligne.
Attends la fin. Il doit comprendre la taille du fichier envoyé.
Sauvegarde le rapport avec le bloc-note.
-> Poste le moi stp.
*************
Puis va sur ce site : http://virusscan.jotti.org/de/
Et fait analyser le même fichier -> poste le rapport.
********
+ Rapport HJT stp ! en mode normal !
a+
Le rapport Hijackthis en mode normal stp ;)
*******************
1)Va dans ' poste de travail ' > ' Outil ' > ' Options des dossiers ' > Onglet ' Affichage '
2)Active le bouton ' Afficher les fichiers et dossiers cachés '
3)Décoche ' Masquer les fichiers protégés du systeme d'exploitation ( recommandé ) '
4)Décoche ' Masquer les extensions dont le type est connu '
5)Va sur ce site --> https://www.virustotal.com/gui/
Clique sur ' parcourir '
Cherche ce fichier : (en gras)
C:\StubInstaller.exe
Clique sur ' send '
Un rapport va s'élaborer ligne à ligne.
Attends la fin. Il doit comprendre la taille du fichier envoyé.
Sauvegarde le rapport avec le bloc-note.
-> Poste le moi stp.
*************
Puis va sur ce site : http://virusscan.jotti.org/de/
Et fait analyser le même fichier -> poste le rapport.
********
+ Rapport HJT stp ! en mode normal !
a+
RAPPORT HIJACKTHIS EN MODE NORMAL :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:49:17, on 09/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Pack Sécurité\Common\FSM32.EXE
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe
C:\Program Files\Neuf\Media Center\MediaCenter.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Program Files\Pack Sécurité\Common\FSMA32.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\Pack Sécurité\Common\FSMB32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Pack Sécurité\Common\FCH32.EXE
C:\Program Files\Pack Sécurité\Common\FAMEH32.EXE
C:\WINDOWS\system32\dlcccoms.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=3061113
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer optimisé pour MSN
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Pack Sécurité\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Pack Sécurité\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Pack Sécurité\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\WINSOS\WINSOS.EXE" MINI
O4 - HKCU\..\Run: [Orange Desktop Search] "C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe" /tray
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\Neuf\Media Center\MediaCenter.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Post-Net.lnk = C:\Program Files\POST-NET\Post-Net.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Sécurité\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Sécurité\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Sécurité\FSPC\fspcmsie.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://securite.neuf.fr/Ols/fscax.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Pack Sécurité\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:49:17, on 09/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Pack Sécurité\Common\FSM32.EXE
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe
C:\Program Files\Neuf\Media Center\MediaCenter.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Program Files\Pack Sécurité\Common\FSMA32.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\Pack Sécurité\Common\FSMB32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Pack Sécurité\Common\FCH32.EXE
C:\Program Files\Pack Sécurité\Common\FAMEH32.EXE
C:\WINDOWS\system32\dlcccoms.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=3061113
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer optimisé pour MSN
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Pack Sécurité\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Pack Sécurité\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Pack Sécurité\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\WINSOS\WINSOS.EXE" MINI
O4 - HKCU\..\Run: [Orange Desktop Search] "C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe" /tray
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\Neuf\Media Center\MediaCenter.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Post-Net.lnk = C:\Program Files\POST-NET\Post-Net.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Sécurité\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Sécurité\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Sécurité\FSPC\fspcmsie.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://securite.neuf.fr/Ols/fscax.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Pack Sécurité\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
Re ,
Bon il n'y est plus alors :)
Bon , vire Avira Antivir stp , F-secure tourne bel et bien dans ton pc !
C:\Program Files\Pack Sécurité\Common\FSM32.EXE
C:\Program Files\Pack Sécurité\Common\FSMA32.EXE
C:\Program Files\Pack Sécurité\Common\FSMB32.EXE
C:\Program Files\Pack Sécurité\Common\FCH32.EXE
C:\Program Files\Pack Sécurité\Common\FAMEH32.EXE
Ceci est la liste des processus de F-secure qui tournent sur ton pc.
Donc Vire Avira Antivir stp ( ajout et suppression de programmes )
C:\Program Files\Fichiers communs\BOONTY Shared <- Supprime le dossier en gras.
Voila prévient moi quand tu auras terminé , on finira ;)
a+
Bon il n'y est plus alors :)
Bon , vire Avira Antivir stp , F-secure tourne bel et bien dans ton pc !
C:\Program Files\Pack Sécurité\Common\FSM32.EXE
C:\Program Files\Pack Sécurité\Common\FSMA32.EXE
C:\Program Files\Pack Sécurité\Common\FSMB32.EXE
C:\Program Files\Pack Sécurité\Common\FCH32.EXE
C:\Program Files\Pack Sécurité\Common\FAMEH32.EXE
Ceci est la liste des processus de F-secure qui tournent sur ton pc.
Donc Vire Avira Antivir stp ( ajout et suppression de programmes )
C:\Program Files\Fichiers communs\BOONTY Shared <- Supprime le dossier en gras.
Voila prévient moi quand tu auras terminé , on finira ;)
a+
J'AI BIEN TROUVE CES FICHIERS.EXE MAIS QUAND JE CLIQUE DESSUS, CA NE FAIT RIEN !!!!!!
OK JE VIRE AVIRA
A TOUT DE SUITE
OK JE VIRE AVIRA
A TOUT DE SUITE
