Pc infecté
jeremy
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour,voila avast ma detecté un virus un cheval de troie etc
Est ce que vous pouvez m'aidez ?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:28:14, on 25/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Application Data\rizcfgxo\langvkdy.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OLITEC\Moniteur WiFi OLITEC\Moniteur WiFi OLITEC.exe
C:\WINDOWS\system32\fqryzcjo.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66006
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66006
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: GNX Bingo - {72C7F75B-B10B-4477-A687-EF10300DE5DD} - C:\WINDOWS\kdftlboerfg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [dxljxgby] C:\WINDOWS\system32\fqryzcjo.exe
O4 - HKLM\..\Policies\Explorer\Run: [UE8lLxJxFX] C:\Documents and Settings\All Users\Application Data\rizcfgxo\langvkdy.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Global Startup: Moniteur WiFi OLITEC.exe.lnk = ?
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{24C06904-FE20-418A-AD9A-A62E0B0416C8}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O21 - SSODL: vbgtorfd - {64B2ACBD-F327-45BF-A21C-B43D66922933} - C:\WINDOWS\vbgtorfd.dll
O21 - SSODL: dwnrpofk - {F048C09F-C66A-4914-8D76-12636A70EA24} - C:\WINDOWS\dwnrpofk.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Est ce que vous pouvez m'aidez ?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:28:14, on 25/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Application Data\rizcfgxo\langvkdy.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OLITEC\Moniteur WiFi OLITEC\Moniteur WiFi OLITEC.exe
C:\WINDOWS\system32\fqryzcjo.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66006
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66006
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: GNX Bingo - {72C7F75B-B10B-4477-A687-EF10300DE5DD} - C:\WINDOWS\kdftlboerfg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [dxljxgby] C:\WINDOWS\system32\fqryzcjo.exe
O4 - HKLM\..\Policies\Explorer\Run: [UE8lLxJxFX] C:\Documents and Settings\All Users\Application Data\rizcfgxo\langvkdy.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Global Startup: Moniteur WiFi OLITEC.exe.lnk = ?
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{24C06904-FE20-418A-AD9A-A62E0B0416C8}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O21 - SSODL: vbgtorfd - {64B2ACBD-F327-45BF-A21C-B43D66922933} - C:\WINDOWS\vbgtorfd.dll
O21 - SSODL: dwnrpofk - {F048C09F-C66A-4914-8D76-12636A70EA24} - C:\WINDOWS\dwnrpofk.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
A voir également:
- Pc infecté
- Reinitialiser pc - Guide
- Pc lent - Guide
- Downloader for pc - Télécharger - Téléchargement & Transfert
- Forcer demarrage pc - Guide
- Double ecran pc - Guide
31 réponses
28/03/2008 a 16:27:01,90
*** Recherche des fichiers dans C:
*** Recherche des fichiers dans C:\WINDOWS\
C:\WINDOWS\ALCXMNTR.EXE FOUND
C:\WINDOWS\iTunesMusic.exe FOUND
*** Recherche des fichiers dans C:\WINDOWS\system32
"C:\WINDOWS\Downloaded Program Files\CONFLICT.1" FOUND
*** Recherche des fichiers dans C:\Program Files
"C:\Program Files\Viewpoint\" FOUND
*** Fin du rapport !
*** Recherche des fichiers dans C:
*** Recherche des fichiers dans C:\WINDOWS\
C:\WINDOWS\ALCXMNTR.EXE FOUND
C:\WINDOWS\iTunesMusic.exe FOUND
*** Recherche des fichiers dans C:\WINDOWS\system32
"C:\WINDOWS\Downloaded Program Files\CONFLICT.1" FOUND
*** Recherche des fichiers dans C:\Program Files
"C:\Program Files\Viewpoint\" FOUND
*** Fin du rapport !
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
→ Redémarre en MSE
Autre tutorials pour MSE:
https://www.micro-astuce.com/depannage/demarrer-mode-sans-echec.php
http://www.coupdepoucepc.com/modules/news/article.php?storyid=253
→ Re-lance clean -> Choisis l'option 2
---Clean va travailler.---
→ Un rapport Va etre généré , poste le moi ;)
( Le rapport est aussi sauvegardé dans C:\Rapport_clean.txt )
+ un autre Hijackthis.
a+
Autre tutorials pour MSE:
https://www.micro-astuce.com/depannage/demarrer-mode-sans-echec.php
http://www.coupdepoucepc.com/modules/news/article.php?storyid=253
→ Re-lance clean -> Choisis l'option 2
---Clean va travailler.---
→ Un rapport Va etre généré , poste le moi ;)
( Le rapport est aussi sauvegardé dans C:\Rapport_clean.txt )
+ un autre Hijackthis.
a+
Script execute en mode sans echec
Rapport clean par Malekal_morte - http://www.malekal.com
Script execute en mode sans echec 28/03/2008 a 17:02:26,37
Microsoft Windows XP [version 5.1.2600]
*** Suppression des fichiers dans C:
*** Suppression des fichiers dans C:\WINDOWS\
tentative de suppression de C:\WINDOWS\ALCXMNTR.EXE
tentative de suppression de C:\WINDOWS\iTunesMusic.exe
*** Suppression des fichiers dans C:\WINDOWS\system32
tentative de suppression de "C:\WINDOWS\Downloaded Program Files\CONFLICT.1"
*** Suppression des fichiers dans C:\Program Files
tentative de suppression de "C:\Program Files\Viewpoint\"
*** Suppression des clefs du registre effectuee..
*** Fin du rapport !
Rapport clean par Malekal_morte - http://www.malekal.com
Script execute en mode sans echec 28/03/2008 a 17:02:26,37
Microsoft Windows XP [version 5.1.2600]
*** Suppression des fichiers dans C:
*** Suppression des fichiers dans C:\WINDOWS\
tentative de suppression de C:\WINDOWS\ALCXMNTR.EXE
tentative de suppression de C:\WINDOWS\iTunesMusic.exe
*** Suppression des fichiers dans C:\WINDOWS\system32
tentative de suppression de "C:\WINDOWS\Downloaded Program Files\CONFLICT.1"
*** Suppression des fichiers dans C:\Program Files
tentative de suppression de "C:\Program Files\Viewpoint\"
*** Suppression des clefs du registre effectuee..
*** Fin du rapport !
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:17:11, on 28/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OLITEC\Moniteur WiFi OLITEC\Moniteur WiFi OLITEC.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66006
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66006
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Global Startup: Moniteur WiFi OLITEC.exe.lnk = ?
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{24C06904-FE20-418A-AD9A-A62E0B0416C8}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Scan saved at 17:17:11, on 28/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OLITEC\Moniteur WiFi OLITEC\Moniteur WiFi OLITEC.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66006
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66006
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Global Startup: Moniteur WiFi OLITEC.exe.lnk = ?
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{24C06904-FE20-418A-AD9A-A62E0B0416C8}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Re ,
> Supprime cleanup.
***********************
Ta version d'Adobe n'est pas à jour , désinstalle ta version actuelle en passant par ' ajout et supréssion de programmes '
Puis télécharge la dernière , via ce site --> https://get2.adobe.com/reader/otherversions/
Bulletin de sécurité sur les versions Adobe 7.0.8 et antérieures :
https://www.adobe.com/support/security/bulletins/apsb07-01.html
https://get2.adobe.com/reader/otherversions/
******************
→ Ferme toutes les applications en cours, puis télécharge ToolsCleaner2 sur ton Bureau.
→ Double clique sur ToolsCleaner2.exe >
→ Clique sur .Recherche
→ puis sur Suppression quand la liste est trouvée.
→ Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Note : ton bureau RISQUE de disparaître, c'est normal. S'il n'apparaît pas à la fin du scan, fais la manip suivante :
CTRL+ALT+SUPP pour ouvrir le Gestionnaire des tâches.
Puis rends toi à l'onglet "Processus". Clique en haut à gauche sur Fichiers et choisis "Exécuter"
Tape explorer.exe et valide. Cela fera re-apparaître le Bureau
Tuto : http://www.commentcamarche.net/faq/sujet 8341 toolscleaner suppression des fix de force brute ( merci espion3004 )
********************
Maintenant que ton PC n'est plus infecté, désactive ta "Restauration du système" puis réactive la, ce qui créer un point de restauration sain...
Désactivation :
Clique droit sur le "Poste de travail" > Propriétés > onglet "Restauration du système" > coche la case "Désactiver la Restauration du système sur tous les lecteurs"
> Applique patiente jusqu’à ce que cela soit marqué "désactivé" puis Ok.
Activation :
Suivre le même chemin ; décoche la case "Désactiver la Restauration du système sur tous les lecteurs"
> Applique attends que cela soit à nouveau sur "surveillance" puis Ok. Redémarre l'ordinateur.
*************
Rapport Toolcleaner.
Plus de soucis ?
A+
> Supprime cleanup.
***********************
Ta version d'Adobe n'est pas à jour , désinstalle ta version actuelle en passant par ' ajout et supréssion de programmes '
Puis télécharge la dernière , via ce site --> https://get2.adobe.com/reader/otherversions/
Bulletin de sécurité sur les versions Adobe 7.0.8 et antérieures :
https://www.adobe.com/support/security/bulletins/apsb07-01.html
https://get2.adobe.com/reader/otherversions/
******************
→ Ferme toutes les applications en cours, puis télécharge ToolsCleaner2 sur ton Bureau.
→ Double clique sur ToolsCleaner2.exe >
→ Clique sur .Recherche
→ puis sur Suppression quand la liste est trouvée.
→ Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Note : ton bureau RISQUE de disparaître, c'est normal. S'il n'apparaît pas à la fin du scan, fais la manip suivante :
CTRL+ALT+SUPP pour ouvrir le Gestionnaire des tâches.
Puis rends toi à l'onglet "Processus". Clique en haut à gauche sur Fichiers et choisis "Exécuter"
Tape explorer.exe et valide. Cela fera re-apparaître le Bureau
Tuto : http://www.commentcamarche.net/faq/sujet 8341 toolscleaner suppression des fix de force brute ( merci espion3004 )
********************
Maintenant que ton PC n'est plus infecté, désactive ta "Restauration du système" puis réactive la, ce qui créer un point de restauration sain...
Désactivation :
Clique droit sur le "Poste de travail" > Propriétés > onglet "Restauration du système" > coche la case "Désactiver la Restauration du système sur tous les lecteurs"
> Applique patiente jusqu’à ce que cela soit marqué "désactivé" puis Ok.
Activation :
Suivre le même chemin ; décoche la case "Désactiver la Restauration du système sur tous les lecteurs"
> Applique attends que cela soit à nouveau sur "surveillance" puis Ok. Redémarre l'ordinateur.
*************
Rapport Toolcleaner.
Plus de soucis ?
A+
...
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\GHIJ8HMN\inline[1].js - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\GHIJ8HMN\kennedy10.skyrock[1].htm - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\GHIJ8HMN\MSN_Green-bleu[1].gif - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\GHIJ8HMN\ovr9[2].css - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\GHIJ8HMN\parke[1].gif - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\GHIJ8HMN\pa_module[1].php - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\GHIJ8HMN\photo_27112318_small[1].jpg - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\GHIJ8HMN\proxy_bb_cm[1].htm - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\GHIJ8HMN\RL-728x90[1].swf - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\GHIJ8HMN\sarko65[1].jpg - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\GHIJ8HMN\sbox-bg[1].gif - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\GHIJ8HMN\search[1].gif - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\GHIJ8HMN\search[1].xml - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\GHIJ8HMN\search[2].xml - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\GHIJ8HMN\signalize[1].png - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\GHIJ8HMN\SkyblogRG-728x90[1].js - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\GHIJ8HMN\yfr[1].gif - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\GHIJ8HMN\yui_1.0.1[2].js - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\KLIJGPUV\1025591834_comment_1[1].htm - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\KLIJGPUV\13[1].htm - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\KLIJGPUV\14[1].htm - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\KLIJGPUV\1552464670@Top,Bottom,Bottom2[1] - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\KLIJGPUV\1647_bandeau_1[1].swf - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\KLIJGPUV\1647_embed[1].js - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\KLIJGPUV\1751628227@Top,Bottom,Bottom2[1] - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\KLIJGPUV\1DB40C2DB6576754B7CE157FE5F[1].jpg - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\KLIJGPUV\1x1[1].gif - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\KLIJGPUV\282007190882[1].gif - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\KLIJGPUV\2[1].htm - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\KLIJGPUV\6D32427AE5E6B34DDCD2E720BBE0BA[1].jpg - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\KLIJGPUV\73EA3A497EB807310219A1C4D1E9E[1].gif - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\KLIJGPUV\7CE57843948D6DF13E79A2DE4E15C[1].gif - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\KLIJGPUV\817067835_small[1].jpg - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\KLIJGPUV\818733957_small[1].jpg - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\KLIJGPUV\8E763C825DC0E388929AE1B375CE18[1].jpg - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\KLIJGPUV\8x6_all_services[1].gif - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\KLIJGPUV\92x68editorial[1].gif - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\KLIJGPUV\AEC64F712423A523F7A5396EC025[1].jpg - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\KLIJGPUV\B2FCCF26AFD28F9543EB6BC5AF11A[1].jpg - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\KLIJGPUV\bb2a1[1].jpg - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\KLIJGPUV\bb2c1[1].jpg - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\KLIJGPUV\beta[1].gif - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\KLIJGPUV\bg_b[1].gif - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\KLIJGPUV\blog[1].gif - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\KLIJGPUV\CAH7Z3DX.HTM - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\KLIJGPUV\chaus3[1].gif - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\KLIJGPUV\crossdomain[1].xml - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\KLIJGPUV\FDCAAC85D66BE7CB4D71155977E9CC[1].gif - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\KLIJGPUV\gifstats[1].gif - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\KLIJGPUV\global[2].js - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\KLIJGPUV\gradient02[1].jpg - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\KLIJGPUV\grd-4px[1].gif - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\KLIJGPUV\headerbar[1].png - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\KLIJGPUV\hptg[2].js - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\KLIJGPUV\icons[1].gif - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\KLIJGPUV\ieminwidth[2].js - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\KLIJGPUV\jt15[1].jpg - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\KLIJGPUV\juppe[1].gif - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\KLIJGPUV\lastminutegordonyahoo430x80wednesday1[1].swf - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\KLIJGPUV\message_envoye[1].png - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\KLIJGPUV\mini[1].jpg - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\KLIJGPUV\nopho[1].jpg - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\KLIJGPUV\opart1[1].js - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\KLIJGPUV\paris9[1].jpg - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\KLIJGPUV\radar3[1].jpg - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\KLIJGPUV\screeningroom1[1].js - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\KLIJGPUV\search[1].htm - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\KLIJGPUV\search[1].xml - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\KLIJGPUV\search_1.1[1].png - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\KLIJGPUV\stats_blog[1].js - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\KLIJGPUV\s[1].htm - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\KLIJGPUV\s[2].htm - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\KLIJGPUV\s[3].htm - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\KLIJGPUV\ThumbnailServer2[1].jpg - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\KLIJGPUV\triplet-v1-blanc-728x90[1].swf - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\KLIJGPUV\u600[1].gif - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\KLIJGPUV\ushp[1].css - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\KLIJGPUV\videofeed[1].xml - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\KLIJGPUV\video[2].js - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\S1U30T63\0000005552_000000000000000446496[1].gif - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\S1U30T63\104x15[1].gif - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\S1U30T63\1104551836@Top,Bottom,Bottom2[1] - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\S1U30T63\1159351567@Top,Bottom,Bottom2[1] - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\S1U30T63\11[1].gif - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\S1U30T63\1[1].gif - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\S1U30T63\26[1].gif - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\S1U30T63\282007190882[1].gif - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\S1U30T63\282007190882[2].gif - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\S1U30T63\3F3AAD38FABF635618817CD16B6BA[1].jpg - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\S1U30T63\4E381C752EC4BDE97298CD86591073[1].gif - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\S1U30T63\6D5CC853B3707258D960A1079FA6C[1].jpg - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\S1U30T63\70x5040[1].gif - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\S1U30T63\728x90-bonsplans[1].swf - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\S1U30T63\728x90-iin[1].swf - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\S1U30T63\7DA8B0F0D3D12E32E266EC654214C3[1].gif - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\S1U30T63\818770295_small[1].jpg - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\S1U30T63\821305327[1] - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\S1U30T63\821404955_small[1].jpg - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\S1U30T63\910884868[1].gif - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\S1U30T63\920525028_small[1].jpg - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\S1U30T63\A1142944DEE3D9DAAC9DC3B1B0F1B8[1].jpg - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\S1U30T63\aa024[1].jpg - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\S1U30T63\blog[2].js - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\S1U30T63\bullet[1].gif - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\S1U30T63\buttons2[1].gif - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\S1U30T63\CAHSSJ1D.swf - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\S1U30T63\CAOX8POV.gif - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\S1U30T63\CheckCnx[1].gif - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\S1U30T63\comment-add[1].png - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\S1U30T63\commentaires[1].png - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\S1U30T63\dap[2].js - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\S1U30T63\eurov1[1].jpg - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\S1U30T63\googleplayer[1].swf - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\S1U30T63\header_bg_ie[1].png - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\S1U30T63\icons_1.1[1].gif - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\S1U30T63\jsbase_1.1.14[2].js - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\S1U30T63\lastminutegordonyahoo430x80wednesday1[1].swf - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\S1U30T63\lastminutegordonyahoo950x350wednesday[1].swf - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\S1U30T63\logo_bandeau-skyblog[1].jpg - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\S1U30T63\maill7[1].gif - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\S1U30T63\mail[1].gif - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\S1U30T63\menes[1].jpg - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\S1U30T63\nav_logo[1].png - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\S1U30T63\opart2[2].js - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\S1U30T63\override[1].css - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\S1U30T63\pa-preview-shadow[1].gif - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\S1U30T63\pacg2[1].gif - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\S1U30T63\paic2[1].gif - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\S1U30T63\solde5[1].jpg - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\S1U30T63\stats[2].js - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\S1U30T63\styles[2].css - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\S1U30T63\s_code[2].js - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\S1U30T63\ThumbnailServer2[1].jpg - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\S1U30T63\tpl[2].css - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\S1U30T63\troug7[1].gif - deleted
C:\Documents and Settings\CATHY\Local Settings\Temporary Internet Files\Content.IE5\S1U30T63\video[1].gif - deleted
C:\Documents and Settings\cassandra.NOM-47D5A5B94AD\locals~1\tempor~1\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat - deleted
C:\Documents and Settings\cassandra.NOM-47D5A5B94AD\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat - deleted
C:\Documents and Settings\Administrateur\Cookies\index.dat - deleted
C:\Documents and Settings\Administrateur\Cookies\index.dat - deleted
C:\WINDOWS\Prefetch\A2FREE.EXE-34CE1BFD.pf - deleted
C:\WINDOWS\Prefetch\ACRORD32.EXE-13285B88.pf - deleted
C:\WINDOWS\Prefetch\AD-AWARE2007.EXE-0CF9A7E5.pf - deleted
C:\WINDOWS\Prefetch\ALG.EXE-0F138680.pf - deleted
C:\WINDOWS\Prefetch\ANTIVIR_WORKSTATION_WIN7U_EN_-0AAD7F4A.pf - deleted
C:\WINDOWS\Prefetch\ASHDISP.EXE-0B874892.pf - deleted
C:\WINDOWS\Prefetch\ASHMAISV.EXE-12E27032.pf - deleted
C:\WINDOWS\Prefetch\ASHPOPWZ.EXE-11BDDCD9.pf - deleted
C:\WINDOWS\Prefetch\ASHWEBSV.EXE-0548EF0A.pf - deleted
C:\WINDOWS\Prefetch\ASWCLEAR.EXE-349F855C.pf - deleted
C:\WINDOWS\Prefetch\ATTRIB.EXE-39EAFB02.pf - deleted
C:\WINDOWS\Prefetch\AVAST.SETUP-032170A8.pf - deleted
C:\WINDOWS\Prefetch\AVCENTER.EXE-058B10AA.pf - deleted
C:\WINDOWS\Prefetch\AVGNT.EXE-11EBE658.pf - deleted
C:\WINDOWS\Prefetch\AVGUARD.EXE-188FB0FF.pf - deleted
C:\WINDOWS\Prefetch\AVNOTIFY.EXE-32FAE179.pf - deleted
C:\WINDOWS\Prefetch\CATCHME.CFEXE-0F2A0789.pf - deleted
C:\WINDOWS\Prefetch\CCLEANER.EXE-0BCE437C.pf - deleted
C:\WINDOWS\Prefetch\CF3754.EXE-009F20D2.pf - deleted
C:\WINDOWS\Prefetch\CF64.EXE-2E579241.pf - deleted
C:\WINDOWS\Prefetch\CHCP.COM-18156052.pf - deleted
C:\WINDOWS\Prefetch\CLEANUP.EXE-3438663A.pf - deleted
C:\WINDOWS\Prefetch\CLEANUP452.EXE-06CC3C16.pf - deleted
C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf - deleted
C:\WINDOWS\Prefetch\COMBOFIX.EXE-2C04FBF7.pf - deleted
C:\WINDOWS\Prefetch\CSCRIPT.EXE-1C26180C.pf - deleted
C:\WINDOWS\Prefetch\CTFMON.EXE-0E17969B.pf - deleted
C:\WINDOWS\Prefetch\DUMPHIVE.CFEXE-2ED3B134.pf - deleted
C:\WINDOWS\Prefetch\ERUNT.CFEXE-039977DB.pf - deleted
C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf - deleted
C:\WINDOWS\Prefetch\FDSV.CFEXE-2F207127.pf - deleted
C:\WINDOWS\Prefetch\FIND.EXE-0EC32F1E.pf - deleted
C:\WINDOWS\Prefetch\FINDSTR.CFEXE-38519B93.pf - deleted
C:\WINDOWS\Prefetch\FINDSTR.EXE-0CA6274B.pf - deleted
C:\WINDOWS\Prefetch\FIREFOX.EXE-28641590.pf - deleted
C:\WINDOWS\Prefetch\FXSSVC.EXE-3B8F7819.pf - deleted
C:\WINDOWS\Prefetch\GLB1D.TMP-01350C0B.pf - deleted
C:\WINDOWS\Prefetch\GLB2F.TMP-081565B1.pf - deleted
C:\WINDOWS\Prefetch\GREP.CFEXE-20443039.pf - deleted
C:\WINDOWS\Prefetch\GRPCONV.EXE-111CD845.pf - deleted
C:\WINDOWS\Prefetch\GSAR.CFEXE-156760D9.pf - deleted
C:\WINDOWS\Prefetch\GUARDGUI.EXE-2C20A958.pf - deleted
C:\WINDOWS\Prefetch\GZIP.EXE-2153CFC0.pf - deleted
C:\WINDOWS\Prefetch\HANDLE.CFEXE-13427ED2.pf - deleted
C:\WINDOWS\Prefetch\HELPCTR.EXE-3862B6F5.pf - deleted
C:\WINDOWS\Prefetch\HELPER.EXE-0415776D.pf - deleted
C:\WINDOWS\Prefetch\HELPSVC.EXE-2878DDA2.pf - deleted
C:\WINDOWS\Prefetch\HIJACKTHIS.EXE-34A0FC79.pf - deleted
C:\WINDOWS\Prefetch\IEXPLORE.EXE-27122324.pf - deleted
C:\WINDOWS\Prefetch\IMAPI.EXE-0BF740A4.pf - deleted
C:\WINDOWS\Prefetch\INSTMTDR.EXE-1815F396.pf - deleted
C:\WINDOWS\Prefetch\Layout.ini - deleted
C:\WINDOWS\Prefetch\LFILES.EXE-03101E1A.pf - deleted
C:\WINDOWS\Prefetch\LOGONUI.EXE-0AF22957.pf - deleted
C:\WINDOWS\Prefetch\MONITEUR WIFI OLITEC.EXE-05589276.pf - deleted
C:\WINDOWS\Prefetch\MOVEEX.CFEXE-01B74CA8.pf - deleted
C:\WINDOWS\Prefetch\MSCONFIG.EXE-35E4DAE9.pf - deleted
C:\WINDOWS\Prefetch\MSNMSGR.EXE-030AB647.pf - deleted
C:\WINDOWS\Prefetch\MTEE.CFEXE-1E067BC7.pf - deleted
C:\WINDOWS\Prefetch\NIRCMD.CFEXE-19FF4781.pf - deleted
C:\WINDOWS\Prefetch\NIRCMD.COM-223F42C3.pf - deleted
C:\WINDOWS\Prefetch\NIRCMD.COM-323C21EC.pf - deleted
C:\WINDOWS\Prefetch\NIRCMD.EXE-2C39EF53.pf - deleted
C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf - deleted
C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf - deleted
C:\WINDOWS\Prefetch\NTVDM.EXE-1A10A423.pf - deleted
C:\WINDOWS\Prefetch\PREUPD.EXE-0C5BC219.pf - deleted
C:\WINDOWS\Prefetch\PSEXEC.CFEXE-2CB6A9EC.pf - deleted
C:\WINDOWS\Prefetch\PSEXESVC.EXE-35EFACCF.pf - deleted
C:\WINDOWS\Prefetch\PV.CFEXE-057B3499.pf - deleted
C:\WINDOWS\Prefetch\PV.CFEXE-0E6F2701.pf - deleted
C:\WINDOWS\Prefetch\QTTASK.EXE-342507FB.pf - deleted
C:\WINDOWS\Prefetch\REGCAT.EXE-0981E33F.pf - deleted
C:\WINDOWS\Prefetch\REGEDIT.EXE-1B606482.pf - deleted
C:\WINDOWS\Prefetch\REGSVR32.EXE-25EEFE2F.pf - deleted
C:\WINDOWS\Prefetch\REGT.CFEXE-15DB5DAE.pf - deleted
C:\WINDOWS\Prefetch\ROUTE.EXE-371D32DE.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-12E27DD0.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-13DA0E71.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-14711FAA.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-15646B1C.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-19DF0612.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-21E72088.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-229606BF.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-2576181F.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-25E054DB.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-26C2C861.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-27E5DCE3.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-2905E326.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-2CBA7525.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-309DAE7A.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-311943EE.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-4686276A.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-4C45840F.pf - deleted
C:\WINDOWS\Prefetch\RUNONCE.EXE-2803F297.pf - deleted
C:\WINDOWS\Prefetch\SCHED.EXE-0CAE1E50.pf - deleted
C:\WINDOWS\Prefetch\SED.CFEXE-268D7E58.pf - deleted
C:\WINDOWS\Prefetch\SETUP.EXE-256F0E0D.pf - deleted
C:\WINDOWS\Prefetch\SF.CFEXE-164B3B2D.pf - deleted
C:\WINDOWS\Prefetch\SORT.EXE-194AE83C.pf - deleted
C:\WINDOWS\Prefetch\SVCHOST.EXE-3530F672.pf - deleted
C:\WINDOWS\Prefetch\SWREG.CFEXE-287CC9EF.pf - deleted
C:\WINDOWS\Prefetch\SWREG.CFEXE-2BF4FFCD.pf - deleted
C:\WINDOWS\Prefetch\SWSC.CFEXE-3B4FE4FE.pf - deleted
C:\WINDOWS\Prefetch\SWXCACLS.CFEXE-24057B3B.pf - deleted
C:\WINDOWS\Prefetch\TASKMGR.EXE-20256C55.pf - deleted
C:\WINDOWS\Prefetch\UNINSTALL.EXE-072EB032.pf - deleted
C:\WINDOWS\Prefetch\UNINSTALL.EXE-33692F6D.pf - deleted
C:\WINDOWS\Prefetch\UPDATE.EXE-264167D5.pf - deleted
C:\WINDOWS\Prefetch\UPDATE.EXE-2C2467F8.pf - deleted
C:\WINDOWS\Prefetch\UPDATER.EXE-1D14111E.pf - deleted
C:\WINDOWS\Prefetch\UPDCLIENT.EXE-215FC96B.pf - deleted
C:\WINDOWS\Prefetch\USERINIT.EXE-30B18140.pf - deleted
C:\WINDOWS\Prefetch\USNSVC.EXE-2DF2835C.pf - deleted
C:\WINDOWS\Prefetch\VERCLSID.EXE-3667BD89.pf - deleted
C:\WINDOWS\Prefetch\VFIND.CFEXE-2033727F.pf - deleted
C:\WINDOWS\Prefetch\VFIND.EXE-0CB9A64E.pf - deleted
C:\WINDOWS\Prefetch\VSMON.EXE-1609C098.pf - deleted
C:\WINDOWS\Prefetch\WDFMGR.EXE-2CF4013B.pf - deleted
C:\WINDOWS\Prefetch\WGATRAY.EXE-0ED38BED.pf - deleted
C:\WINDOWS\Prefetch\WLLOGINPROXY.EXE-2D4B6027.pf - deleted
C:\WINDOWS\Prefetch\WMIADAP.EXE-2DF425B2.pf - deleted
C:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf - deleted
C:\WINDOWS\Prefetch\WSCNTFY.EXE-1B24F5EB.pf - deleted
C:\WINDOWS\Prefetch\WUAUCLT.EXE-399A8E72.pf - deleted
C:\WINDOWS\Prefetch\ZASETUP_FR.EXE-25106B13.pf - deleted
C:\WINDOWS\Prefetch\ZLCLIENT.EXE-02918DDB.pf - deleted
C:\WINDOWS\Prefetch\ZLCLIENT.EXE-1C550EB2.pf - deleted
C:\WINDOWS\Prefetch\ZLSSETUP_70_462_000_FR[1].EXE-38AF6499.pf - deleted
'Run MRU' list - removed from the registry.
'Doc Find Spec MRU' list - removed from the registry.
'FindComputerMRU' list - removed from the registry.
'ComputerNameMRU' list - removed from the registry.
'ContainingTextMRU' list - removed from the registry.
'FilesNamedMRU' list - removed from the registry.
Search Assistant MRU list - removed from the registry.
Explorer Open/Save MRU list - removed from the registry.
Explorer Last Visited MRU list - removed from the registry.
Paint Recent File List - removed from the registry.
WordPad Recent File List - removed from the registry.
Telnet's MRU list - removed from the registry.
Windows Media Player Recent File List - removed from the registry.
WinZip Extract MRU list - removed from the registry.
WinZip File MRU list - removed from the registry.
CleanUp! 4.5.2 recovered 561.9 MB of disk space from 17877 files.
CleanUp! finished on 03/28/08 07:46:18.