Sujet Précédent Sujet Suivant

Fenêtres très intempestives

olivier64 -  
 Utilisateur anonyme -
Bonjour jlpjlp

J'ai également le même souci de fenêtre intempestive dans Firefox.
Merci d'avance de prendre un peu de temps pour m'aider.

Voici le rapport après scan navilog :
Search Navipromo version 3.5.4 commencé le 25/04/2008 à 16:03:45,31

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "OLIVIER"

Mise à jour le 15.04.2008 à 18h00 par IL-MAFIOSO

Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11
Système de fichiers : NTFS

Executé en mode normal

*** Recherche Programmes installés ***

*** Recherche dossiers dans "C:\WINDOWS" ***

*** Recherche dossiers dans "C:\Program Files" ***

*** Recherche dossiers dans "C:\DOCUME~1\ALLUSE~1\APPLIC~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\OlivierBAREYRE\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\OlivierBAREYRE\locals~1\applic~1"

***

*** Recherche dossiers dans "C:\Documents and Settings\OlivierBAREYRE\menudm~1

\progra~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\ALLUSE~1\MENUD?~1\PROGRA~1" ***

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Fichier(s) caché(s) :

C:\WINDOWS\system32\ukewmgaop.dat
C:\WINDOWS\system32\ukewmgaop.exe
C:\WINDOWS\system32\ukewmgaop_nav.dat
C:\WINDOWS\system32\ukewmgaop_navps.dat

*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

Fichiers trouvés :

zjywpferm.exe trouvé !
zjywpferm.exe trouvé !

* Recherche dans "C:\Documents and Settings\OlivierBAREYRE\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\LOGMEI~1\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\OLIVIE~1\locals~1\applic~1" *

*** Recherche fichiers ***

C:\WINDOWS\pack.epk trouvé !
C:\WINDOWS\system32\nvs2.inf trouvé !

*** Recherche clés spécifiques dans le Registre ***

HKEY_CURRENT_USER\Software\Lanconfig trouvé !

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :

2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :

ukewmgaop.dat trouvé !

* Dans "C:\Documents and Settings\OlivierBAREYRE\locals~1\applic~1" :

* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" :

* Dans "C:\DOCUME~1\LOGMEI~1\locals~1\applic~1" :

* Dans "C:\DOCUME~1\OLIVIE~1\locals~1\applic~1" :

3)Recherche Certificats :

Certificat Egroup trouvé !
Certificat Electronic-Group trouvé !
Certificat OOO-Favorit trouvé !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :

*** Analyse terminée le 25/04/2008 à 16:08:10,37 ***

11 réponses

Réponse 1 / 11
Utilisateur anonyme
 
Salut ,

Je ne suis pas jlpjlp , mais je vais quand même t'aider ;)

Relance Navilog1 > option2 > poste le rapport .

***************

→ Télécharge TrendMicro™ HijackThis™

Place le dans ' C:\programmes\ ' Une fois cela fait , merci de renommer l'icône ( clique droit > renommer )' Hijackthis.exe 'située dans le dossier dans C:\ , en ' HJT.exe ' <<<<<<<<< Important !!! <<<<<<<

Le chemin d'accés du programme doit être ressemblant à celui-ci : C:\Programme\Trend Micro\Hijackthis\HJT.exe

Ne pas renommer l'icône du raccourci sur le bureau bien entendu ...

/!\ Ferme toute les fenêtres encore ouvertes , et déconnecte toi du web /!\

→ Puis lance-le et choisi l'option '' do a system scan and save a logfile '' et poste moi le rapport ( qui apparait sur le bloc-note )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Tuto si tu n'y arrive pas : http://pageperso.aol.fr/balltrap34/demohijack.htm

A+
0
olivier64
 
Merci de ton aide Cyrildu17
Je serai de retour sur mon poste lundi matin
Je fais ce que tu me proposes et je te tiens au courant.

Bon week-end
0
Réponse 2 / 11
Utilisateur anonyme
 
Pas de soucis ;)

A Lundi

+++
0
Réponse 3 / 11
olivier64
 
Bonjour,

Voici le rapport après le lancement de l'option 2 :

Clean Navipromo version 3.5.4 commencé le 28/04/2008 à 8:31:49,07

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "OLIVIER"

Mise à jour le 15.04.2008 à 18h00 par IL-MAFIOSO

Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11
Système de fichiers : NTFS

Mode suppression automatique
avec prise en charge résultats Catchme et GNS

*** Creation backups fichiers trouvés par Catchme ***

Copie vers "C:\Program Files\navilog1\Backupnavi"

*** Suppression des fichiers trouvés avec Catchme ***

** 2ème passage avec résultats Catchme **

* Dans "C:\WINDOWS\system32" *

C:\WINDOWS\prefetch\ukewmgaop*.pf trouvé !
Copie C:\WINDOWS\prefetch\ukewmgaop*.pf réalisée avec succès !
C:\WINDOWS\prefetch\ukewmgaop*.pf supprimé !

* Dans "C:\Documents and Settings\OlivierBAREYRE\locals~1\applic~1" *

*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans "C:\WINDOWS\System32" *

zjywpferm.exe trouvé !
Copie zjywpferm.exe réalisée avec succès !
zjywpferm.exe supprimé !

* Suppression dans "C:\Documents and Settings\OlivierBAREYRE\locals~1\applic~1" *

* Suppression dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *

* Suppression dans "C:\DOCUME~1\LOGMEI~1\locals~1\applic~1" *

* Suppression dans "C:\DOCUME~1\OLIVIE~1\locals~1\applic~1" *

*** Suppression dossiers dans "C:\WINDOWS" ***

*** Suppression dossiers dans "C:\Program Files" ***

*** Suppression dossiers dans "C:\DOCUME~1\ALLUSE~1\APPLIC~1" ***

*** Suppression dossiers dans "C:\Documents and Settings\OlivierBAREYRE\applic~1" ***

*** Suppression dossiers dans "C:\Documents and Settings\OlivierBAREYRE\locals~1\applic~1"

***

*** Suppression dossiers dans "C:\Documents and Settings\OlivierBAREYRE\menudm~1

\progra~1" ***

*** Suppression dossiers dans "C:\DOCUME~1\ALLUSE~1\MENUD?~1\PROGRA~1" ***

*** Suppression fichiers ***

C:\WINDOWS\pack.epk supprimé !
C:\WINDOWS\system32\nvs2.inf supprimé !

*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\OlivierBAREYRE\locals~1\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :

* Dans "C:\WINDOWS\system32" *

sxaheyoszc.dat trouvé !
Copie sxaheyoszc.dat réalisée avec succès !
sxaheyoszc.dat supprimé !

sxaheyoszc_nav.dat trouvé !
Copie sxaheyoszc_nav.dat réalisée avec succès !
sxaheyoszc_nav.dat supprimé !

sxaheyoszc_navps.dat trouvé !
Copie sxaheyoszc_navps.dat réalisée avec succès !
sxaheyoszc_navps.dat supprimé !

sxaheyoszc.exe trouvé !
Copie sxaheyoszc.exe réalisée avec succès !
sxaheyoszc.exe supprimé !

C:\WINDOWS\prefetch\sxaheyoszc*.pf trouvé !
Copie C:\WINDOWS\prefetch\sxaheyoszc*.pf réalisée avec succès !
C:\WINDOWS\prefetch\sxaheyoszc*.pf supprimé !

* Dans "C:\Documents and Settings\OlivierBAREYRE\locals~1\applic~1" *

* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *

* Dans "C:\DOCUME~1\LOGMEI~1\locals~1\applic~1" *

* Dans "C:\DOCUME~1\OLIVIE~1\locals~1\applic~1" *

*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok

*** Certificats ***

Certificat Egroup supprimé !
Certificat Electronic-Group supprimé !
Certificat OOO-Favorit supprimé !
Certificat Sunny-Day-Design-Ltdt absent !

*** Nettoyage terminé le 28/04/2008 à 8:35:10,51 ***

Je poursuis avec la suite des manipulations demandées dans ton message et je te tiens au courant.

@+
0
Réponse 4 / 11
olivier64
 
Voici de le rapport de l'option '' do a system scan and save a logfile '' :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:24:55, on 28/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Belkin\Logiciel Bluetooth\bin\btwdins.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\OfficeScan Client\ofcdog.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Belkin\Logiciel Bluetooth\BTTray.exe
C:\Program Files\KONICA MINOLTA\FTP Utility\KMFtp.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Documents and Settings\OlivierBAREYRE\Bureau\trayit\trayit!.exe
C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe
C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL =

www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=5060919
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} -

C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} -

C:\Program Files\BAE\BAE.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05

\bin\jusched.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers

communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers

communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe

/uninstall
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan

Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CapFax] w:\capFax.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0

\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Cld2000.exe] C:\Program Files\Calendrier\Cld2000.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0

\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE

LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE

RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User

'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default

user')
O4 - Startup: Outlook Express (2).lnk = C:\Program Files\Outlook Express

Launcher\OELauncher.exe
O4 - Startup: Raccourci vers OLIVIER.OR2.lnk = POSTES PERSO\Olivier\OLIVIER.OR2
O4 - Startup: Raccourci vers Post-Net.lnk = C:\Program Files\POST-NET\Post-Net.exe
O4 - Startup: TrayIt!.lnk = C:\Documents and Settings\OlivierBAREYRE\Bureau\trayit\trayit!.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon

Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe
O4 - Startup: Y'z Toolbar.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: FTP Utility.lnk = C:\Program Files\KONICA MINOLTA\FTP Utility\KMFtp.exe
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\Belkin\Logiciel

Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}

- C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program

Files\Belkin\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} -

C:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-

f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}

- C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://google.seekgoofr.com
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) -

http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4A2EB5FD-1869-43E8-BC5F-B402E73E97A2}:

NameServer = 193.252.19.3,193.252.19.4
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program

Files\Belkin\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program

Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program

Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Scan en temps réel OfficeScanNT (ntrtscan) - Trend Micro Inc. - C:\Program

Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Fichiers

communs\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend

Micro\OfficeScan Client\tmlisten.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 11
Utilisateur anonyme
 
Re !

Héhé bien tout ça ;))

*******************************

→ Relance hijackthis , en menu principal choisis ' Do a system scan only' Et fixe ces/cette ligne(s) : ( coche la case à leurs gauches )

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1


Ferme toutes les fenêtres (hormis Hijackthis), y compris ton navigateur web.

→ clique sur ' fixchecked '

*******************

→ Télécharge CleanUp452 ( Primary download site ... )

→ Lance-le et choisi l'option ' cleanup! '

Poste le rapport.

Tutorial: http://pageperso.aol.fr/balltrap34/democleanup.htm ( merci à balltrap34 )

***************

→ Télécharge clean : http://www.malekal.com/download/clean.zip

→ Dézippe-le ( clique droit , extraire tout)

→ Lance clean.cmd ( ou clean ), Choisi l'option 1 et poste moi le rapport.

(- Où est le rapport clean ? : « Poste de travail » / double clic sur disque « C / » double-clic sur « rapport_clean.txt » et « copier/coller le contenu » sur le forum. )

Note : Tu auras peut-être un message qui t'invitera a uploader un fichier , fait-le dès que tu pourras.

Tutorial : http://bibou0007.com/outils-specifiques-f78/tuto-clean-t1007.htm

*************

A+
0
Réponse 6 / 11
olivier64
 
Voici le rapport de CleanUp après son premier

CleanUp! started on 04/29/08 08:27:56.
...
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\47SYHGZH\x64__LMImirr2.dll[1].cab - deleted
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\47SYHGZH\x64__LMIprinterui.dll[1].cab - deleted
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\47SYHGZH\x64__LMIproc.dll[1].cab - deleted
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\47SYHGZH\x64__LogMeInSystray.dll[1].cab - deleted
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\47SYHGZH\x64__openssl.exe[1].cab - deleted
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\47SYHGZH\x64__rahook.dll[1].cab - deleted
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\47SYHGZH\x64__rainst.exe[1].cab - deleted
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\47SYHGZH\x64__rntfywnd.dll[1].cab - deleted
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\47SYHGZH\x64__zip.exe[1].cab - deleted
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\47SYHGZH\x86__LMImirr2.dll[1].cab - deleted
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\47SYHGZH\x86__LMIport.dll[1].cab - deleted
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\47SYHGZH\x86__LMIprinterui.dll[1].cab - deleted
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\47SYHGZH\x86__LMIprinteruint.dll[1].cab - deleted
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\47SYHGZH\x86__LMIRfsClientNP.dll[1].cab - deleted
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\47SYHGZH\x86__LogMeIn.dll[1].cab - deleted
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\47SYHGZH\x86__raabout.exe[1].cab - deleted
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\47SYHGZH\x86__racodec.ax[1].cab - deleted
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\47SYHGZH\x86__rainst.exe[1].cab - deleted
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\47SYHGZH\x86__ramaint.exe[1].cab - deleted
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\47SYHGZH\x86__rntfywnd.dll[1].cab - deleted
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\47SYHGZH\x86__zip.exe[1].cab - deleted
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\7XQA41AV\raupdate.exe[1].cab - deleted
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\7XQA41AV\WapClients[1].cfg - deleted
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\7XQA41AV\x64__LMImirr2.dll[1].cab - deleted
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\7XQA41AV\x64__LMIport.dll[1].cab - deleted
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\7XQA41AV\x64__LMIproc.dll[1].cab - deleted
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\7XQA41AV\x64__LMIRfsClientNP.dll[1].cab - deleted
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\7XQA41AV\x64__openssl.exe[1].cab - deleted
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\7XQA41AV\x64__raabout.exe[1].cab - deleted
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\7XQA41AV\x64__rainst.exe[1].cab - deleted
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\7XQA41AV\x64__ramaint.exe[1].cab - deleted
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\7XQA41AV\x64__zip.exe[1].cab - deleted
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\7XQA41AV\x86__LMIinit.dll[1].cab - deleted
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\7XQA41AV\x86__LMIport.dll[1].cab - deleted
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\7XQA41AV\x86__LMIprinter.dll[1].cab - deleted
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\7XQA41AV\x86__LMIprinteruint.dll[1].cab - deleted
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\7XQA41AV\x86__LMIproc.dll[1].cab - deleted
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\7XQA41AV\x86__LogMeIn.dll[1].cab - deleted
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\7XQA41AV\x86__LogMeInSystray.dll[1].cab - deleted
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\7XQA41AV\x86__racodec.ax[1].cab - deleted
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\7XQA41AV\x86__rahook.dll[1].cab - deleted
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\7XQA41AV\x86__ramaint.exe[1].cab - deleted
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\7XQA41AV\x86__ra_reboot.exe[1].cab - deleted
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\7XQA41AV\x86__zip.exe[1].cab - deleted
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\GF3XHHT7\template.rab[1].cab - deleted
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\GF3XHHT7\x64__LMIinit.dll[1].cab - deleted
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\GF3XHHT7\x64__LMIport.dll[1].cab - deleted
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\GF3XHHT7\x64__LMIprinter.dll[1].cab - deleted
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\GF3XHHT7\x64__LMIRfsClientNP.dll[1].cab - deleted
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\GF3XHHT7\x64__LogMeIn.dll[1].cab - deleted
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\GF3XHHT7\x64__raabout.exe[1].cab - deleted
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\GF3XHHT7\x64__racodec.ax[1].cab - deleted
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\GF3XHHT7\x64__ramaint.exe[1].cab - deleted
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\GF3XHHT7\x64__ra_reboot.exe[1].cab - deleted
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\GF3XHHT7\x86__LMIinit.dll[1].cab - deleted
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\GF3XHHT7\x86__LMImirr.dll[1].cab - deleted
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\GF3XHHT7\x86__LMIprinter.dll[1].cab - deleted
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\GF3XHHT7\x86__LMIprinternt.dll[1].cab - deleted
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\GF3XHHT7\x86__LMIproc.dll[1].cab - deleted
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\GF3XHHT7\x86__LMIprocnt.dll[1].cab - deleted
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\GF3XHHT7\x86__LogMeInSystray.dll[1].cab - deleted
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\GF3XHHT7\x86__openssl.exe[1].cab - deleted
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\GF3XHHT7\x86__rahook.dll[1].cab - deleted
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\GF3XHHT7\x86__rahook9x.dll[1].cab - deleted
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\GF3XHHT7\x86__ra_reboot.exe[1].cab - deleted
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\GF3XHHT7\x86__ra_sc.exe[1].cab - deleted
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\YOIAV45D\raupdate.exe[1].cab - deleted
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\YOIAV45D\x64__LMIinit.dll[1].cab - deleted
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\YOIAV45D\x64__LMImirr.dll[1].cab - deleted
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\YOIAV45D\x64__LMIprinter.dll[1].cab - deleted
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\YOIAV45D\x64__LMIprinterui.dll[1].cab - deleted
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\YOIAV45D\x64__LogMeIn.dll[1].cab - deleted
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\YOIAV45D\x64__LogMeInSystray.dll[1].cab - deleted
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\YOIAV45D\x64__racodec.ax[1].cab - deleted
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\YOIAV45D\x64__rahook.dll[1].cab - deleted
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\YOIAV45D\x64__ra_reboot.exe[1].cab - deleted
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\YOIAV45D\x64__rntfywnd.dll[1].cab - deleted
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\YOIAV45D\x86__LMImirr.dll[1].cab - deleted
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\YOIAV45D\x86__LMImirr2.dll[1].cab - deleted
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\YOIAV45D\x86__LMIprinternt.dll[1].cab - deleted
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\YOIAV45D\x86__LMIprinterui.dll[1].cab - deleted
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\YOIAV45D\x86__LMIprocnt.dll[1].cab - deleted
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\YOIAV45D\x86__LMIRfsClientNP.dll[1].cab - deleted
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\YOIAV45D\x86__openssl.exe[1].cab - deleted
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\YOIAV45D\x86__raabout.exe[1].cab - deleted
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\YOIAV45D\x86__rahook9x.dll[1].cab - deleted
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\YOIAV45D\x86__rainst.exe[1].cab - deleted
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\YOIAV45D\x86__ra_sc.exe[1].cab - deleted
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\YOIAV45D\x86__rntfywnd.dll[1].cab - deleted
C:\Documents and Settings\LocalService\Cookies\index.dat - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\47SYHGZH\template.rab[1].cab - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\47SYHGZH\x64__LMImirr.dll[1].cab - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\47SYHGZH\x64__LMImirr2.dll[1].cab - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\47SYHGZH\x64__LMIprinterui.dll[1].cab - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\47SYHGZH\x64__LMIproc.dll[1].cab - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\47SYHGZH\x64__LogMeInSystray.dll[1].cab - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\47SYHGZH\x64__openssl.exe[1].cab - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\47SYHGZH\x64__rahook.dll[1].cab - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\47SYHGZH\x64__rainst.exe[1].cab - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\47SYHGZH\x64__rntfywnd.dll[1].cab - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\47SYHGZH\x64__zip.exe[1].cab - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\47SYHGZH\x86__LMImirr2.dll[1].cab - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\47SYHGZH\x86__LMIport.dll[1].cab - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\47SYHGZH\x86__LMIprinterui.dll[1].cab - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\47SYHGZH\x86__LMIprinteruint.dll[1].cab - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\47SYHGZH\x86__LMIRfsClientNP.dll[1].cab - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\47SYHGZH\x86__LogMeIn.dll[1].cab - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\47SYHGZH\x86__raabout.exe[1].cab - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\47SYHGZH\x86__racodec.ax[1].cab - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\47SYHGZH\x86__rainst.exe[1].cab - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\47SYHGZH\x86__ramaint.exe[1].cab - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\47SYHGZH\x86__rntfywnd.dll[1].cab - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\47SYHGZH\x86__zip.exe[1].cab - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7XQA41AV\raupdate.exe[1].cab - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7XQA41AV\WapClients[1].cfg - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7XQA41AV\x64__LMImirr2.dll[1].cab - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7XQA41AV\x64__LMIport.dll[1].cab - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7XQA41AV\x64__LMIproc.dll[1].cab - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7XQA41AV\x64__LMIRfsClientNP.dll[1].cab - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7XQA41AV\x64__openssl.exe[1].cab - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7XQA41AV\x64__raabout.exe[1].cab - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7XQA41AV\x64__rainst.exe[1].cab - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7XQA41AV\x64__ramaint.exe[1].cab - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7XQA41AV\x64__zip.exe[1].cab - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7XQA41AV\x86__LMIinit.dll[1].cab - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7XQA41AV\x86__LMIport.dll[1].cab - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7XQA41AV\x86__LMIprinter.dll[1].cab - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7XQA41AV\x86__LMIprinteruint.dll[1].cab - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7XQA41AV\x86__LMIproc.dll[1].cab - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7XQA41AV\x86__LogMeIn.dll[1].cab - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7XQA41AV\x86__LogMeInSystray.dll[1].cab - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7XQA41AV\x86__racodec.ax[1].cab - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7XQA41AV\x86__rahook.dll[1].cab - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7XQA41AV\x86__ramaint.exe[1].cab - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7XQA41AV\x86__ra_reboot.exe[1].cab - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7XQA41AV\x86__zip.exe[1].cab - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GF3XHHT7\template.rab[1].cab - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GF3XHHT7\x64__LMIinit.dll[1].cab - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GF3XHHT7\x64__LMIport.dll[1].cab - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GF3XHHT7\x64__LMIprinter.dll[1].cab - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GF3XHHT7\x64__LMIRfsClientNP.dll[1].cab - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GF3XHHT7\x64__LogMeIn.dll[1].cab - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GF3XHHT7\x64__raabout.exe[1].cab - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GF3XHHT7\x64__racodec.ax[1].cab - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GF3XHHT7\x64__ramaint.exe[1].cab - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GF3XHHT7\x64__ra_reboot.exe[1].cab - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GF3XHHT7\x86__LMIinit.dll[1].cab - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GF3XHHT7\x86__LMImirr.dll[1].cab - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GF3XHHT7\x86__LMIprinter.dll[1].cab - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GF3XHHT7\x86__LMIprinternt.dll[1].cab - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GF3XHHT7\x86__LMIproc.dll[1].cab - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GF3XHHT7\x86__LMIprocnt.dll[1].cab - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GF3XHHT7\x86__LogMeInSystray.dll[1].cab - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GF3XHHT7\x86__openssl.exe[1].cab - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GF3XHHT7\x86__rahook.dll[1].cab - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GF3XHHT7\x86__rahook9x.dll[1].cab - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GF3XHHT7\x86__ra_reboot.exe[1].cab - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GF3XHHT7\x86__ra_sc.exe[1].cab - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YOIAV45D\raupdate.exe[1].cab - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YOIAV45D\x64__LMIinit.dll[1].cab - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YOIAV45D\x64__LMImirr.dll[1].cab - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YOIAV45D\x64__LMIprinter.dll[1].cab - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YOIAV45D\x64__LMIprinterui.dll[1].cab - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YOIAV45D\x64__LogMeIn.dll[1].cab - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YOIAV45D\x64__LogMeInSystray.dll[1].cab - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YOIAV45D\x64__racodec.ax[1].cab - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YOIAV45D\x64__rahook.dll[1].cab - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YOIAV45D\x64__ra_reboot.exe[1].cab - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YOIAV45D\x64__rntfywnd.dll[1].cab - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YOIAV45D\x86__LMImirr.dll[1].cab - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YOIAV45D\x86__LMImirr2.dll[1].cab - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YOIAV45D\x86__LMIprinternt.dll[1].cab - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YOIAV45D\x86__LMIprinterui.dll[1].cab - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YOIAV45D\x86__LMIprocnt.dll[1].cab - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YOIAV45D\x86__LMIRfsClientNP.dll[1].cab - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YOIAV45D\x86__openssl.exe[1].cab - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YOIAV45D\x86__raabout.exe[1].cab - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YOIAV45D\x86__rahook9x.dll[1].cab - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YOIAV45D\x86__rainst.exe[1].cab - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YOIAV45D\x86__ra_sc.exe[1].cab - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YOIAV45D\x86__rntfywnd.dll[1].cab - deleted
C:\Documents and Settings\Default User\Cookies\index.dat - deleted
C:\Documents and Settings\Default User\locals~1\tempor~1\Content.IE5\index.dat - deleted
C:\Documents and Settings\Default User\Cookies\index.dat - deleted
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\index.dat - deleted
C:\Documents and Settings\Administrateur\Cookies\index.dat - deleted
C:\Documents and Settings\Administrateur\locals~1\tempor~1\Content.IE5\index.dat - deleted
C:\Documents and Settings\Administrateur\Cookies\index.dat - deleted
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\index.dat - deleted
'Run MRU' list - removed from the registry.
'Doc Find Spec MRU' list - removed from the registry.
'FindComputerMRU' list - removed from the registry.
'ComputerNameMRU' list - removed from the registry.
'ContainingTextMRU' list - removed from the registry.
'FilesNamedMRU' list - removed from the registry.
Search Assistant MRU list - removed from the registry.
Explorer Open/Save MRU list - removed from the registry.
Explorer Last Visited MRU list - removed from the registry.
Paint Recent File List - removed from the registry.
WordPad Recent File List - removed from the registry.
Telnet's MRU list - removed from the registry.
Windows Media Player Recent File List - removed from the registry.
WinZip Extract MRU list - removed from the registry.
WinZip File MRU list - removed from the registry.
CleanUp! 4.5.2 recovered 1.34 GB of disk space from 75632 files. Wow! You really needed that.
CleanUp! finished on 04/29/08 08:36:28.

Et ci-dessous le rapport de Clean :

29/04/2008 a 8:55:09,85

*** Recherche des fichiers dans C:

*** Recherche des fichiers dans C:\WINDOWS\

*** Recherche des fichiers dans C:\WINDOWS\system32

*** Recherche des fichiers dans C:\Program Files
"C:\Program Files\GamesBar\" FOUND
*** Fin du rapport !

A+
0
Réponse 7 / 11
Utilisateur anonyme
 
Re ,,

→ Redémarre en MSE

Autre tutorials pour MSE:

https://www.micro-astuce.com/depannage/demarrer-mode-sans-echec.php
http://www.coupdepoucepc.com/modules/news/article.php?storyid=253

→ Re-lance clean -> Choisis l'option 2

---Clean va travailler.---

→ Un rapport Va etre généré , poste le moi ;)

( Le rapport est aussi sauvegardé dans C:\Rapport_clean.txt )

*****************

A+
0
Réponse 8 / 11
olivier64
 
Voici le rapport de Clean en mode sans échec :

Script execute en mode sans echec
Rapport clean par Malekal_morte - http://www.malekal.com
Script execute en mode sans echec 30/04/2008 a 13:29:00,09

Microsoft Windows XP [version 5.1.2600]

*** Suppression des fichiers dans C:

*** Suppression des fichiers dans C:\WINDOWS\

*** Suppression des fichiers dans C:\WINDOWS\system32

*** Suppression des fichiers dans C:\Program Files
tentative de suppression de "C:\Program Files\GamesBar\"

*** Suppression des clefs du registre effectuee..
*** Fin du rapport !

A+
0
Réponse 9 / 11
Utilisateur anonyme
 
Re ,,

Supprime Cleanup _

*********************************************

_Maintenant , nous allons supprimer les logiciels de désinfection que je t'ai fait téléchargé.
En effet , s'en servir est dangereux pour le pc si l'on ne s'y connais pas.
De plus ils sont mis régulièrement à jours.

→ Ferme toutes les applications en cours, puis télécharge ToolsCleaner2 sur ton Bureau.

→ Double clique sur ToolsCleaner2.exe >
→ Clique sur .Recherche
→ puis sur Suppression quand la liste est trouvée.
→ Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Note : ton bureau RISQUE de disparaître, c'est normal. S'il n'apparaît pas à la fin du scan, fais la manip suivante :

CTRL+ALT+SUPP pour ouvrir le Gestionnaire des tâches.
Puis rends toi à l'onglet "Processus". Clique en haut à gauche sur Fichiers et choisis "Exécuter"

Tape explorer.exe et valide. Cela fera re-apparaître le Bureau

Tuto : http://www.commentcamarche.net/faq/sujet 8341 toolscleaner suppression des fix de force brute ( merci espion3004 )

*******************************

Maintenant que ton PC n'est plus infecté, désactive ta "Restauration du système" puis réactive la, ce qui créer un point de restauration sain...

Désactivation :
Clique droit sur le "Poste de travail" > Propriétés > onglet "Restauration du système" > coche la case "Désactiver la Restauration du système sur tous les lecteurs"
> Applique patiente jusqu’à ce que cela soit marqué "désactivé" puis Ok.

Activation :
Suivre le même chemin ; décoche la case "Désactiver la Restauration du système sur tous les lecteurs"
> Applique attends que cela soit à nouveau sur "surveillance" puis Ok. Redémarre l'ordinateur.

************************

Voila plus que le rapport Toolscleaner , et ce sera fini ;)
++
0
Réponse 10 / 11
olivier64
 
Voici le rapport de ToolsCleaner2 (j'ai pas eu de problème de bureau) :

-->- Recherche:

C:\clean\Clean.zip: trouvé !
C:\clean\clean\tar.exe: trouvé !
C:\clean\clean\remove.reg: trouvé !
C:\clean\clean\pskill.exe: trouvé !
C:\clean\clean\LFiles.exe: trouvé !
C:\clean\clean\gzip.exe: trouvé !
C:\clean\clean\delsiri.cmd: trouvé !
C:\clean\clean\delr.cmd: trouvé !
C:\clean\clean\del3.cmd: trouvé !
C:\clean\clean\del2.cmd: trouvé !
C:\clean\clean\clean.cmd: trouvé !
C:\clean\clean\cherche.cmd: trouvé !
C:\Documents and Settings\All Users\Bureau\Navilog1.lnk: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: trouvé !
C:\Documents and Settings\OlivierBAREYRE\SmitFraudfix: trouvé !
C:\Documents and Settings\OlivierBAREYRE\Application Data\Opera\Opera\profile\cache4\temporary_download\SmitFraudfix: trouvé !
C:\Documents and Settings\OlivierBAREYRE\Bureau\clean\Clean.zip: trouvé !
C:\Documents and Settings\OlivierBAREYRE\Bureau\clean\clean\tar.exe: trouvé !
C:\Documents and Settings\OlivierBAREYRE\Bureau\clean\clean\remove.reg: trouvé !
C:\Documents and Settings\OlivierBAREYRE\Bureau\clean\clean\pskill.exe: trouvé !
C:\Documents and Settings\OlivierBAREYRE\Bureau\clean\clean\LFiles.exe: trouvé !
C:\Documents and Settings\OlivierBAREYRE\Bureau\clean\clean\gzip.exe: trouvé !
C:\Documents and Settings\OlivierBAREYRE\Bureau\clean\clean\delsiri.cmd: trouvé !
C:\Documents and Settings\OlivierBAREYRE\Bureau\clean\clean\delr.cmd: trouvé !
C:\Documents and Settings\OlivierBAREYRE\Bureau\clean\clean\del3.cmd: trouvé !
C:\Documents and Settings\OlivierBAREYRE\Bureau\clean\clean\del2.cmd: trouvé !
C:\Documents and Settings\OlivierBAREYRE\Bureau\clean\clean\clean.cmd: trouvé !
C:\Documents and Settings\OlivierBAREYRE\Bureau\clean\clean\cherche.cmd: trouvé !
C:\Documents and Settings\OlivierBAREYRE\Recent\HijackThis.lnk: trouvé !
C:\Program Files\HijackThis: trouvé !
C:\Program Files\Navilog1: trouvé !
C:\Program Files\Belkin\Logiciel Bluetooth\gzip.exe: trouvé !
C:\Program Files\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Navilog1\Navilog1.bat: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !

---------------------------------
-->- Suppression:

C:\clean\Clean.zip: supprimé !
C:\clean\clean\tar.exe: supprimé !
C:\clean\clean\remove.reg: supprimé !
C:\clean\clean\pskill.exe: supprimé !
C:\clean\clean\LFiles.exe: supprimé !
C:\clean\clean\gzip.exe: supprimé !
C:\clean\clean\delsiri.cmd: supprimé !
C:\clean\clean\delr.cmd: supprimé !
C:\clean\clean\del3.cmd: supprimé !
C:\clean\clean\del2.cmd: supprimé !
C:\clean\clean\clean.cmd: supprimé !
C:\clean\clean\cherche.cmd: supprimé !
C:\Documents and Settings\All Users\Bureau\Navilog1.lnk: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: supprimé !
C:\Documents and Settings\OlivierBAREYRE\Bureau\clean\Clean.zip: supprimé !
C:\Documents and Settings\OlivierBAREYRE\Bureau\clean\clean\tar.exe: supprimé !
C:\Documents and Settings\OlivierBAREYRE\Bureau\clean\clean\remove.reg: supprimé !
C:\Documents and Settings\OlivierBAREYRE\Bureau\clean\clean\pskill.exe: supprimé !
C:\Documents and Settings\OlivierBAREYRE\Bureau\clean\clean\LFiles.exe: supprimé !
C:\Documents and Settings\OlivierBAREYRE\Bureau\clean\clean\gzip.exe: supprimé !
C:\Documents and Settings\OlivierBAREYRE\Bureau\clean\clean\delsiri.cmd: supprimé !
C:\Documents and Settings\OlivierBAREYRE\Bureau\clean\clean\delr.cmd: supprimé !
C:\Documents and Settings\OlivierBAREYRE\Bureau\clean\clean\del3.cmd: supprimé !
C:\Documents and Settings\OlivierBAREYRE\Bureau\clean\clean\del2.cmd: supprimé !
C:\Documents and Settings\OlivierBAREYRE\Bureau\clean\clean\clean.cmd: supprimé !
C:\Documents and Settings\OlivierBAREYRE\Bureau\clean\clean\cherche.cmd: supprimé !
C:\Documents and Settings\OlivierBAREYRE\Recent\HijackThis.lnk: supprimé !
C:\Program Files\Belkin\Logiciel Bluetooth\gzip.exe: supprimé !
C:\Program Files\HijackThis\HijackThis.exe: supprimé !
C:\Program Files\Navilog1\Navilog1.bat: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1: supprimé !
C:\Documents and Settings\OlivierBAREYRE\SmitFraudfix: supprimé !
C:\Documents and Settings\OlivierBAREYRE\Application Data\Opera\Opera\profile\cache4\temporary_download\SmitFraudfix: supprimé !
C:\Program Files\HijackThis: supprimé !
C:\Program Files\Navilog1: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !

Vraiment un grand merci pour cette assistance en ligne.

A+
0
Réponse 11 / 11
Utilisateur anonyme
 
Re ,,

Supprime Toolscleaner , créé un nouveau point de restauration ...

Et c'est ok =D

Pis de rien ;)

Si tu as des questions ...

++
0

Discussions similaires

Afficher deux fenêtres côte à côte
ptitchinoise -
pistouri -

11 réponses
Problème de clavier, des fenêtre s'ouvrent !!
Lyon691D -
tanteelise -

5 réponses
Mon ordinateur ouvre des pages du bureau tout seul
Tanguy -
Tanguy -

9 réponses
Mon pc ouvre des fenetres tout seul
ilvyans -
bugiuglg -

25 réponses
Clavier ouvre raccourcis
angellee -
Clemence -

11 réponses