Aller au contenu

Elmire

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    7

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par Elmire

  1. Elmire

    anti vir xp

    Elmire a répondu à un(e) sujet de Elmire dans Analyses et éradication malwares

    le fichier ne contient que ça et aucun soucis à signaler. je dois partir je retest demain. merci de ton aide.
  2. Elmire

    anti vir xp

    Elmire a répondu à un(e) sujet de Elmire dans Analyses et éradication malwares

    voici le rapport, ça me parait bizarrement léger comme rapport : ComboFix 08-08-24.03 - Baudouin 2008-08-25 18:01:21.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.1.1252.1.1036.18.77 [GMT 2:00] Endroit: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
  3. Elmire

    anti vir xp

    Elmire a répondu à un(e) sujet de Elmire dans Analyses et éradication malwares

    c'est l'ordi d'un ami, j'avais même pas remarqué la sp1, c'est trop abusé ! je t'envoi le rapport dès que possible.
  4. Elmire

    anti vir xp

    Elmire a répondu à un(e) sujet de Elmire dans Analyses et éradication malwares

    Voila le HiJackThis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:56:43, on 25/08/2008 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\INCRED~1\bin\IMApp.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Xerox\Xerox SMart eSolutions Client\bin\SMarteSolutionsClient.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\WINDOWS\System32\dllhost.exe C:\Program Files\IncrediMail\bin\IncMail.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\IZArc\IZArc.exe C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ARC22\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/040C/bl8.asp R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/040C/bl8.asp R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com/1Q00CDT/040C/bl7.asp R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.compaq.com/1Q00CDT/040C/bl7.asp R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL (file missing) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\Av_Fw\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\Av_Fw\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Securitoo\Av_Fw\FSGUI\FSSW.EXE" /reboot O4 - HKLM\..\Run: [News Service] "C:\Program Files\Securitoo\Av_Fw\FSGUI\ispnews.exe" O4 - HKLM\..\Run: [AmrProxyRun] "C:\Program Files\Xerox\Xerox SMart eSolutions Client\bin\SMarteSolutionsClient.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://www.securitoo.com/fra/pages/navol/fscax.cab O21 - SSODL: OVjlqcOw - {38D3F616-9279-5CBC-BCB0-0A0C65FFFDDD} - C:\WINDOWS\System32\wb.dll O23 - Service: Securitoo Antivirus Firewall (BackWeb Plug-in - 8520111) - Unknown owner - C:\PROGRA~1\SECURI~1\Av_Fw\backweb\8520111\Program\SERVIC~1.EXE (file missing) O23 - Service: F-Secure Gatekeeper Handler Starter - Unknown owner - C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fsgk32st.exe (file missing) O23 - Service: fsbwsys - Unknown owner - C:\Program Files\Securitoo\Av_Fw\backweb\8520111\program\fsbwsys.exe (file missing) O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - Unknown owner - C:\Program Files\Securitoo\Av_Fw\FWES\Program\fsdfwd.exe (file missing) O23 - Service: F-Secure Management Agent (FSMA) - Unknown owner - C:\Program Files\Securitoo\Av_Fw\Common\FSMA32.EXE (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Remote Accounts Client (WksPatch) - Unknown owner - C:\WINDOWS\System32\drivers\svchost.exe (file missing) -- End of file - 5265 bytes
  5. Elmire

    anti vir xp

    Elmire a répondu à un(e) sujet de Elmire dans Analyses et éradication malwares

    ok je fais ça dans 5 min. merci bien
  6. Elmire

    anti vir xp

    Elmire a répondu à un(e) sujet de Elmire dans Analyses et éradication malwares

    je l'avai téléchargé mais pas encore fait par manque de compréhension anglaise EDIT: je dois refiare un HiJackThis alors ? SDFix : SDFix: Version 1.219 Run by Baudouin on 25/08/2008 at 15:18 Microsoft Windows XP [version 5.1.2600] Running From: C:\SDFix Checking Services : Name : CbEvtSvc sysrest.sys Path : %SystemRoot%\System32\CbEvtSvc.exe -k netsvcs \??\C:\WINDOWS\System32\sysrest.sys CbEvtSvc - Deleted sysrest.sys - Deleted Restoring Default Security Values Restoring Default Hosts File Restoring Default Desktop Wallpaper Restoring Default ScreenSaver value Rebooting Checking Files : Trojan Files Found: C:\WINDOWS\system32\lphc92sj0e7dt.exe - Deleted C:\WINDOWS\system32\pphc92sj0e7dt.exe - Deleted C:\Program Files\rhcc2sj0e7dt\database.dat - Deleted C:\Program Files\rhcc2sj0e7dt\license.txt - Deleted C:\Program Files\rhcc2sj0e7dt\MFC71.dll - Deleted C:\Program Files\rhcc2sj0e7dt\MFC71ENU.DLL - Deleted C:\Program Files\rhcc2sj0e7dt\msvcp71.dll - Deleted C:\Program Files\rhcc2sj0e7dt\msvcr71.dll - Deleted C:\Program Files\rhcc2sj0e7dt\rhcc2sj0e7dt.exe - Deleted C:\Program Files\rhcc2sj0e7dt\rhcc2sj0e7dt.exe.local - Deleted C:\Program Files\rhcc2sj0e7dt\Uninstall.exe - Deleted C:\WINDOWS\SYSTEM32\PPHC92~1.EXE - Deleted C:\WINDOWS\system32\phc92sj0e7dt.bmp - Deleted C:\WINDOWS\system32\blphc92sj0e7dt.scr - Deleted C:\DOCUME~1\LOCALS~1\APPLIC~1\628266~1.EXE - Deleted C:\DOCUME~1\LOCALS~1\APPLIC~1\633509~1.EXE - Deleted C:\DOCUME~1\LOCALS~1\APPLIC~1\658087~1.EXE - Deleted C:\DOCUME~1\LOCALS~1\APPLIC~1\661954~1.EXE - Deleted C:\DOCUME~1\LOCALS~1\APPLIC~1\705996~1.EXE - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt1.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt10.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt100.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt101.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt102.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt104.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt106.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt108.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt109.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt10A.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt10B.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt10C.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt10D.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt10F.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt11.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt110.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt111.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt112.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt113.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt115.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt116.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt117.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt118.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt11A.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt11D.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt11E.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt11F.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt12.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt120.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt122.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt123.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt124.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt125.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt126.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt127.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt128.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt129.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt12B.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt12D.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt12F.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt13.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt130.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt131.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt133.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt134.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt135.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt136.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt137.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt139.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt13A.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt13B.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt13C.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt13E.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt14.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt140.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt142.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt143.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt145.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt146.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt147.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt149.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt14A.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt14B.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt14D.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt14F.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt15.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt152.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt155.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt157.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt159.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt15A.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt16.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt161.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt164.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt167.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt17.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt18.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt19.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt1A.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt1B.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt1C.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt1D.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt1E.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt1F.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt2.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt20.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt21.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt22.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt23.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt24.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt25.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt26.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt27.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt28.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt29.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt2A.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt2B.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt2C.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt2D.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt2E.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt2F.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt3.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt30.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt31.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt32.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt33.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt34.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt35.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt36.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt37.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt38.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt39.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt3A.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt3B.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt3C.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt3D.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt3E.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt3F.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt4.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt40.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt41.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt42.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt43.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt44.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt45.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt46.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt47.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt48.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt49.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt4A.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt4B.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt4C.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt4D.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt4E.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt4F.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt5.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt50.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt51.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt52.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt53.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt54.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt55.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt56.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt57.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt58.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt59.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt5A.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt5B.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt5C.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt5D.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt5E.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt5F.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt6.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt60.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt61.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt62.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt63.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt64.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt65.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt66.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt67.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt68.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt69.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt6A.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt6B.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt6C.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt6D.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt6E.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt6F.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt7.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt70.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt71.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt72.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt73.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt74.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt75.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt76.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt77.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt78.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt79.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt7A.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt7B.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt7C.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt7D.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt7E.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt7F.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt8.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt80.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt81.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt82.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt83.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt84.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt85.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt86.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt87.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt88.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt89.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt8A.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt8B.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt8C.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt8D.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt8E.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt8F.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt9.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt90.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt91.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt92.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt93.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt94.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt95.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt96.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt97.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt98.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt99.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt9A.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt9B.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt9C.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt9D.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt9E.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt9F.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttA.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttA0.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttA1.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttA2.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttA3.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttA4.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttA5.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttA6.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttA7.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttA8.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttA9.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttAA.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttAB.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttAC.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttAD.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttAE.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttAF.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttB.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttB1.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttB2.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttB3.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttB4.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttB5.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttB6.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttB7.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttB8.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttB9.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttBA.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttBB.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttBC.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttBD.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttBE.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttBF.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttC.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttC0.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttC1.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttC2.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttC3.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttC4.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttC5.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttC6.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttC7.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttC8.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttC9.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttCA.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttCB.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttCD.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttCE.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttCF.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttD.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttD0.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttD1.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttD2.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttD3.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttD4.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttD5.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttD6.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttD7.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttD8.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttD9.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttDA.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttDB.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttDC.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttDD.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttDE.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttDF.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttE.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttE0.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttE1.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttE2.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttE3.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttE4.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttE5.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttE6.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttE7.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttE8.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttE9.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttEA.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttEB.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttEC.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttED.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttEE.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttEF.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttF.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttF1.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttF2.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttF3.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttF4.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttF6.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttF7.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttF8.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttF9.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttFB.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttFC.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttFD.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttFF.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt1.tmp.vbs - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt13.tmp.vbs - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt15.tmp.vbs - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt1B.tmp.vbs - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt2.tmp.vbs - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt21.tmp.vbs - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt26.tmp.vbs - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt30.tmp.vbs - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt36.tmp.vbs - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt37.tmp.vbs - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt38.tmp.vbs - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt4.tmp.vbs - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt43.tmp.vbs - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt56.tmp.vbs - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt6.tmp.vbs - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt61.tmp.vbs - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt63.tmp.vbs - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt6E.tmp.vbs - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt72.tmp.vbs - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt77.tmp.vbs - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt7C.tmp.vbs - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt7E.tmp.vbs - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt8.tmp.vbs - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt83.tmp.vbs - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt8D.tmp.vbs - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt9.tmp.vbs - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttA.tmp.vbs - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttA8.tmp.vbs - Deleted C:\WINDOWS\system32\2.tmp - Deleted C:\WINDOWS\system32\CbEvtSvc.exe - Deleted C:\WINDOWS\system32\sysrest32.exe - Deleted C:\WINDOWS\system32\sysrest.sys - Deleted Folder C:\Program Files\rhcc2sj0e7dt - Removed Folder C:\Documents and Settings\Administrateur\Application Data\rhcc2sj0e7dt - Removed Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-25 15:28:25 Windows 5.1.2600 Service Pack 1 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\\Program Files\\Securitoo\\Av_Fw\\backweb\\8520111\\program\\fspex.exe"="C:\\Program Files\\Securitoo\\Av_Fw\\backweb\\8520111\\program\\fspex.exe:*:enabled:Securitoo Antivirus Firewall" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "C:\\Program Files\\Securitoo\\Av_Fw\\backweb\\8520111\\program\\fspex.exe"="C:\\Program Files\\Securitoo\\Av_Fw\\backweb\\8520111\\program\\fspex.exe:*:enabled:Securitoo Antivirus Firewall" Remaining Files : File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes : Wed 22 Dec 2004 76,568 ..SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\Setup.exe" Wed 22 Dec 2004 16,384 A.SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\_Setup.dll" Thu 20 Jan 2005 11,344 A.SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\_Setupx.dll" Fri 17 Dec 2004 174,080 A..H. --- "C:\Documents HECA\86_Vienne\SIA_Loudunais\Messais\595_AVP_Messais\~WRL0002.tmp" Fri 17 Dec 2004 174,592 A..H. --- "C:\Documents HECA\86_Vienne\SIA_Loudunais\Messais\595_AVP_Messais\~WRL0003.tmp" Mon 20 Dec 2004 174,080 A..H. --- "C:\Documents HECA\86_Vienne\SIA_Loudunais\Ranton\AVP_Ranton\~WRL0002.tmp" Mon 20 Dec 2004 173,568 A..H. --- "C:\Documents HECA\86_Vienne\SIA_Loudunais\Ranton\AVP_Ranton\~WRL0643.tmp" Mon 20 Dec 2004 173,568 A..H. --- "C:\Documents HECA\86_Vienne\SIA_Loudunais\Ranton\AVP_Ranton\~WRL2447.tmp" Mon 20 Dec 2004 172,032 A..H. --- "C:\Documents HECA\86_Vienne\SIA_Loudunais\Ranton\AVP_Ranton\~WRL2705.tmp" Thu 23 Dec 2004 280,064 A..H. --- "C:\Documents HECA\86_Vienne\SIA_Loudunais\Ranton\AVP_Ranton\~WRL2757.tmp" Mon 20 Dec 2004 173,056 A..H. --- "C:\Documents HECA\86_Vienne\SIA_Loudunais\Ranton\AVP_Ranton\~WRL3498.tmp" Mon 20 Dec 2004 174,080 A..H. --- "C:\Documents HECA\86_Vienne\SIA_Loudunais\Ranton\AVP_Ranton\~WRL3794.tmp" Mon 20 Dec 2004 171,520 A..H. --- "C:\Documents HECA\86_Vienne\SIA_Loudunais\Moncontour\Programme 2006\AVP_Moncontour\~WRL1446.tmp" Tue 7 Sep 2004 367,616 A..H. --- "C:\Documents HECA\85_Vendee\Vendee_Eau\Bons_Commande\349_2005 et 700_2005\349_05_DN 300_La_Gatine\P398_Conventions\~WRL0426.tmp" Tue 7 Sep 2004 368,640 A..H. --- "C:\Documents HECA\85_Vendee\Vendee_Eau\Bons_Commande\349_2005 et 700_2005\349_05_DN 300_La_Gatine\P398_Conventions\~WRL0431.tmp" Tue 7 Sep 2004 366,592 A..H. --- "C:\Documents HECA\85_Vendee\Vendee_Eau\Bons_Commande\349_2005 et 700_2005\349_05_DN 300_La_Gatine\P398_Conventions\~WRL1938.tmp" Tue 17 Aug 2004 37,888 A..H. --- "C:\Documents HECA\85_Vendee\Vendee_Eau\Bons_Commande\349_2005 et 700_2005\349_05_DN 300_La_Gatine\P398_Conventions\~WRL2529.tmp" Tue 7 Sep 2004 368,640 A..H. --- "C:\Documents HECA\85_Vendee\Vendee_Eau\Bons_Commande\349_2005 et 700_2005\349_05_DN 300_La_Gatine\P398_Conventions\~WRL3163.tmp" Tue 23 Aug 2005 33,792 A..H. --- "C:\Documents HECA\85_Vendee\Vendee_Eau\Bons_Commande\349_2005 et 700_2005\700_05_Croix_Mervent\P547_Pro\~WRL3135.tmp" Mon 5 Nov 2007 38,400 A..H. --- "C:\Documents HECA\85_Vendee\Vendee_Eau\THP\1011_THP_Mervent-LongŠves\1011-Att-PV-08\Envoi_Att Saur\~WRL2506.tmp" Tue 23 Aug 2005 33,792 A..H. --- "C:\Documents HECA\85_Vendee\Vendee_Eau\Bons_Commande\349_2005 et 700_2005\349_05_PI+Ext gatine\P538_Marillet _Ext_De Fontaines\P538_Pro\~WRL3135.tmp" Finished!
  7. Elmire
    Bonjour, je parcours ce forum depuis longtemps sans jamais m'inscrire, trouvant souvent les réponses que je cherchais mais là, j'ai besoin de vous... anti vir xp à infecté le pc d'un collègue. donc voici le rapport HijackThis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:43:44, on 25/08/2008 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\INCRED~1\bin\IncMail.exe C:\PROGRA~1\INCRED~1\bin\IMApp.exe C:\Program Files\Xerox\Xerox SMart eSolutions Client\bin\SMarteSolutionsClient.exe C:\WINDOWS\System32\lphc92sj0e7dt.exe C:\Program Files\rhcc2sj0e7dt\rhcc2sj0e7dt.exe C:\WINDOWS\System32\sysrest32.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\System32\CbEvtSvc.exe C:\WINDOWS\System32\pphc92sj0e7dt.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\WINDOWS\System32\dllhost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\IZArc\IZArc.exe C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ARC13E\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/040C/bl8.asp R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/040C/bl8.asp R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com/1Q00CDT/040C/bl7.asp R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.compaq.com/1Q00CDT/040C/bl7.asp R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL (file missing) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\Av_Fw\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\Av_Fw\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Securitoo\Av_Fw\FSGUI\FSSW.EXE" /reboot O4 - HKLM\..\Run: [News Service] "C:\Program Files\Securitoo\Av_Fw\FSGUI\ispnews.exe" O4 - HKLM\..\Run: [AmrProxyRun] "C:\Program Files\Xerox\Xerox SMart eSolutions Client\bin\SMarteSolutionsClient.exe" O4 - HKLM\..\Run: [lphc92sj0e7dt] C:\WINDOWS\System32\lphc92sj0e7dt.exe O4 - HKLM\..\Run: [sMrhcc2sj0e7dt] C:\Program Files\rhcc2sj0e7dt\rhcc2sj0e7dt.exe O4 - HKLM\..\Run: [sysrest32.exe] C:\WINDOWS\System32\sysrest32.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://www.securitoo.com/fra/pages/navol/fscax.cab O21 - SSODL: OVjlqcOw - {38D3F616-9279-5CBC-BCB0-0A0C65FFFDDD} - C:\WINDOWS\System32\wb.dll O23 - Service: Securitoo Antivirus Firewall (BackWeb Plug-in - 8520111) - Unknown owner - C:\PROGRA~1\SECURI~1\Av_Fw\backweb\8520111\Program\SERVIC~1.EXE (file missing) O23 - Service: CbEvtSvc - Unknown owner - C:\WINDOWS\System32\CbEvtSvc.exe O23 - Service: F-Secure Gatekeeper Handler Starter - Unknown owner - C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fsgk32st.exe (file missing) O23 - Service: fsbwsys - Unknown owner - C:\Program Files\Securitoo\Av_Fw\backweb\8520111\program\fsbwsys.exe (file missing) O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - Unknown owner - C:\Program Files\Securitoo\Av_Fw\FWES\Program\fsdfwd.exe (file missing) O23 - Service: F-Secure Management Agent (FSMA) - Unknown owner - C:\Program Files\Securitoo\Av_Fw\Common\FSMA32.EXE (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Remote Accounts Client (WksPatch) - Unknown owner - C:\WINDOWS\System32\drivers\svchost.exe (file missing) -- End of file - 5754 bytes merci d'avance pour votre aide et vos réponses.
×
×
  • Créer...