Se connecter / S'enregistrer
Votre question

xp 2008 anti virus

Tags :
  • Hijackthis
  • Sécurité
Dernière réponse : dans Sécurité et virus
27 Septembre 2008 23:47:42

salut,

j'aimerai savoir comment se debarasser de xp 2008 antivirus .
j'ai trouve deux podte sur le forum mais ils sont fermés, je sais pas pourquoi?

aidez moi svp!!!

Autres pages sur : 2008 anti virus

13 Octobre 2008 16:18:21

Salut
Désolée pour le retard voici mon rapport

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:49:08, on 13/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\System32\CbEvtSvc.exe
D:\WINDOWS\system32\inetsrv\inetinfo.exe
D:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
D:\WINDOWS\system32\tcpsvcs.exe
D:\WINDOWS\System32\WScript.exe
D:\WINDOWS\system32\cssrss.exe
D:\WINDOWS\system32\lphc9u6j0eagc.exe
D:\WINDOWS\system32\sysrest32.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\system32\msupdate.exe
D:\Program Files\AV9\avsecurity.exe
D:\WINDOWS\system32\mkrnl.exe
D:\WINDOWS\system32\mqsvc.exe
D:\WINDOWS\system32\pphc9u6j0eagc.exe
D:\WINDOWS\system32\mqtgsvc.exe
D:\Program Files\Microsoft Office\Office10\EXCEL.EXE
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
D:\Program Files\Microsoft Office\Office10\WINWORD.EXE
D:\Program Files\WinRAR\WinRAR.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: &Research - {037C7B8A-151A-49E6-BAED-CC05FCB50328} - D:\WINDOWS\system32\winsrc.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [System] D:\WINDOWS\system32\Syso.vbs
O4 - HKLM\..\Run: [WMDM PMSP Service] D:\WINDOWS\system32\cssrss.exe
O4 - HKLM\..\Run: [lphc9u6j0eagc] D:\WINDOWS\system32\lphc9u6j0eagc.exe
O4 - HKLM\..\Run: [SMrhccu6j0eagc] D:\Program Files\rhccu6j0eagc\rhccu6j0eagc.exe
O4 - HKLM\..\Run: [QGBKMDKO] %systemroot%\QGBKMDKO.exe
O4 - HKLM\..\Run: [rakjbjrj] %systemroot%\rakjbjrj.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [sysrest32.exe] D:\WINDOWS\system32\sysrest32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SalaatTime] D:\Program Files\Salaat Time\SalaatTime.exe
O4 - HKCU\..\Run: [amva] D:\WINDOWS\system32\amvo.exe
O4 - HKCU\..\Run: [kamsoft] D:\WINDOWS\system32\ckvo.exe
O4 - HKCU\..\Run: [msupdate.exe] D:\WINDOWS\system32\msupdate.exe -check
O4 - HKCU\..\Run: [14944851601473031534099251917845] D:\Program Files\AV9\avsecurity.exe
O4 - HKCU\..\Run: [ieupdate] "D:\WINDOWS\system32\ieexplorer32.exe"
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: d:\windows\system32\nwprovau.dll
O21 - SSODL: cGnlgIVCJMT - {19050BD6-B3AF-A17C-859F-618C561888BD} - D:\WINDOWS\system32\bmjy.dll
O23 - Service: CbEvbSvc - Unknown owner - D:\WINDOWS\System32\CbEvbSvc.exe
O23 - Service: CbEvtSvc - Unknown owner - D:\WINDOWS\System32\CbEvtSvc.exe

--
End of file - 4139 bytes
Contenus similaires
13 Octobre 2008 20:43:41

bonsoir

j'ai rarement vu autant d'infection sur un seul log... sauvegarde tes données car ça va secouer.

1

Cette procédure doit être imprimée pour que tu puisses l’avoir sous les yeux quand tu seras en mode sans échec.

Télécharge SDFix(créé par AndyManchesta) et sauvegarde le sur ton Bureau.
***Si le lien ne fonctionne pas, essaie celui-ci : http://download.bleepingcomputer.com/andymanchesta/SDFi... ***

Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
  • Redémarre ton ordinateur
  • Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
  • A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
  • Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
  • Choisis ton compte.
    Déroule la liste des instructions ci-dessous :
  • Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
  • Appuie sur Y pour commencer le processus de nettoyage.
  • Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
  • Appuie sur une touche pour redémarrer le PC.
  • Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
  • Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
  • Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
  • Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
  • Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum


    2

    Désactive ton antivirus et tout autre type de protection.
    Télécharge ComboFix de sUBs :
    ComboFix.exe
    et sauvegarde le sur ton bureau et pas ailleurs!

    Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
    clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"

    viens sur le forum et édition "coller"

    3


    ajoute un nouveau rapport Hijackthis.
    13 Octobre 2008 23:05:09

    désolée, j'ai fais une petite manipulation entre temps,
    j'ai installé anti malware j'ai scanné et j'ai effectivement trouvé 142 infection(au fait il s'agit pas de mon ordi c'est un poste au travail et c'est pour cela que j'ai tardé arépondre j été en congé).
    bref sur le pc il n'y avait aucun anti virus, je sais pas si j'ai bien fait d'utiliser l'anti malware "Malwarebytes' Anti-Malware".
    ben j'ai suprimé la liste d'infection, et j'ai quitté mon travail :) 
    demain je compte installé kaspersky et scanné le pauvre ordi qui est tres endomagé!
    si tu veux je t'envoie demain le rapport Hijackthis pour vois si j'ai causé des dégat au pc!
    13 Octobre 2008 23:30:53

    re
    fais la manip que je te propose, MBAM ne sera pas suffisant. :) 
    14 Octobre 2008 00:19:39

    ok je te tiendrai au courant
    14 Octobre 2008 16:44:27

    Bonjour

    C fait mais :( 

    les rapports sont pas lisible apres transfert dans mon ordi et LE PC NE MA FICHE RIEN AU BURAU MEME PAS LA BARRE!

    ???
    14 Octobre 2008 21:24:50

    bonsoir

    tu peux expliquer ?
    je comprends rien
    14 Octobre 2008 21:42:13

    apres que j'ai terminé la procedure l'ordi a redemarré mais il restait bloquer sans afficher le bueau, seule l'image apparaissait! j'ai redamaré sans résultat, apres j'ai laissé l'ordi 15 min sans aucun changemant..et là j'ai posté ma réponse!!
    apres j'ai totalement arreté la machine puis j'ai démaré en mode sans échec-- redemare--> surpris ça marche!
    j'avais copier les rapports sur ma clé mais les fichiers sans endomagés, je vérifie demain sur le poste pour obtenir une nouvelle copie que je publirai!

    Merci et désolée pour le dérangement!
    14 Octobre 2008 21:51:52

    donc le pc tourne... c'est le principal.

    reposte un log hijackthis stp :) 
    15 Octobre 2008 16:27:42

    Voici les rapports

    Raport.txt


    SDFix: Version 1.235
    Run by najat on 14/10/2008 at 13:49

    Microsoft Windows XP [version 5.1.2600]
    Running From: D:\Documents and Settings\najat\Bureau\SDFix

    Checking Services :


    Restoring Default Security Values
    Restoring Default Hosts File

    Rebooting


    Checking Files :

    Trojan Files Found:

    D:\autorun.inf - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt18.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt10.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt11.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt13.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt17.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt1A.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt12.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt16.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt1B.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt19.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt1D.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt1F.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt14.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt1C.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt21.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt24.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt26.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt28.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt2A.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt2C.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt2E.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt30.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt32.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt34.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt36.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt38.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt3A.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt3C.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt3E.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt40.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt42.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt44.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt46.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt48.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt4A.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt4C.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt4E.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt50.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt52.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt54.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt56.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt58.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt5A.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt5C.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt5E.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt60.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt62.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt64.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt66.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt68.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt6A.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt6C.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt6E.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt70.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt72.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt74.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt76.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt78.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt7A.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt7C.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt7E.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt80.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt82.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt84.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt86.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt88.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt8A.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt8C.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt8E.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt90.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt92.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt94.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt96.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt98.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt9A.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt9C.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt9E.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttA0.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttA2.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttA4.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttA6.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttA8.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttAA.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttAC.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttAE.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttB0.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttB3.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttB6.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttB8.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttBA.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttBC.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttBE.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttC0.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttC2.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttC4.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttC6.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttC8.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttCA.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttCC.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttCE.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttD0.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttD2.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttD4.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttD6.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttD8.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttDA.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttDC.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttDE.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttE0.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttE2.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttE4.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttE6.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttE8.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt1E.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt22.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt25.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt29.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt2D.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt31.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt35.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt39.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt3D.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt41.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt45.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt49.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt4D.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt51.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt55.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt59.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt5D.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt61.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt65.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt69.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt6D.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt71.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt75.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt79.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt7D.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt81.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt85.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt20.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt43.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt4B.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt23.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt2B.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt33.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt3B.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt47.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt27.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt37.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt2F.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt4F.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt67.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt3F.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt6B.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt53.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt5B.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt6F.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt77.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt7F.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt87.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt8B.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt8F.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt93.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt57.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt63.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt5F.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt7B.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt89.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt91.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt97.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt9B.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt9F.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttA3.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttA7.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttAB.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttAF.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttB2.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttB5.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttB9.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttBD.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttC1.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt73.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt8D.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt83.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt99.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttA1.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttA9.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt95.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttA5.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttB1.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttB7.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttBF.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt106.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttC5.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt108.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttC9.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt10A.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttCD.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt10C.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttD1.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt10E.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttD5.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt110.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt112.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttD9.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt114.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttDD.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt116.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttE1.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt118.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttE5.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt11A.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttE9.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt11C.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttEB.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt11E.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttED.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt120.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt122.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt124.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt126.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt9D.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt128.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt12A.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttB4.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt12C.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt12E.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttAD.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttC3.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttCB.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttC7.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttD3.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttD7.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttE7.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttEF.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttF3.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttF7.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttFB.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttFF.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt107.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt10B.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt20A.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt192.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt1D0.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt210.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt212.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt214.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt216.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt133.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt218.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt21A.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt21C.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt21E.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt221.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt223.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt225.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt227.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt229.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt22B.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt22D.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt22F.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt231.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt233.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt235.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt237.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt239.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt23B.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt23D.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt23F.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt241.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt243.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt245.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt247.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt249.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttDB.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt24B.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt24D.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttE3.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt24F.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttEA.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt251.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt253.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt255.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt257.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttEE.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt259.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttF0.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt25B.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttF2.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt25D.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttF4.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt25F.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttF6.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt261.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttF8.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt263.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttFA.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt265.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttFC.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt267.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttFE.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt269.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt100.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt26B.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt102.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt26D.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt104.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt26F.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt2EA.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt271.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt2EC.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt273.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt2EE.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt275.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt2F0.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt277.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt2F2.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt279.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt2F4.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt27B.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt2F6.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt27D.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt2F8.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt27F.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt2FA.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt281.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt2FC.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt283.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt2FE.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt285.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt300.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt287.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt302.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt289.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt304.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt28B.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt306.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt28D.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt308.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt28F.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt30A.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt291.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt30C.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt293.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt30E.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt295.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt310.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt297.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt312.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt299.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt314.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt29B.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt316.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt29D.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt318.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt29F.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt31A.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt2A1.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt31C.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt2A3.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt31E.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt2A5.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttBB.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt2A7.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt2A9.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttDF.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt2AB.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttF1.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt2AD.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttF9.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt2AF.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt101.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt2B1.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt105.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt2B3.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt10D.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt2B5.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt111.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt2B7.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt115.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt2B9.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt121.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt2BB.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt125.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt2BD.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt129.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt2BF.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt12D.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt2C1.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttCF.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt2C3.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt2C5.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttF5.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt2C7.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt2C9.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt103.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt2CB.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt2CD.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt10F.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt2CF.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt117.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt2D1.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt11B.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt2D3.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt11F.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt2D5.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt127.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt2D7.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt12F.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt2D9.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt131.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt2DB.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt134.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt2DD.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt136.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt2DF.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt138.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt13A.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt2E2.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt13C.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt13E.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt140.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt142.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt144.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt146.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt2E8.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt148.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt159.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt14A.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt15D.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt14C.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt161.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt14E.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt165.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt150.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt169.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt152.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt16D.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt154.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt171.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt156.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt175.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt158.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt179.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt15A.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt17D.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt15C.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttFD.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt15E.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt160.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt119.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt162.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt12B.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt164.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt137.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt166.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt13F.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt168.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt147.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt14F.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt16A.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt157.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt16C.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt15F.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt16E.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt167.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt170.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt109.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt172.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt132.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt174.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt143.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt176.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt178.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt153.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt11D.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt17A.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt14B.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt17C.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt163.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt17E.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt16F.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt180.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt177.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt182.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt17F.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt184.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt183.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt187.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt186.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt18B.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt13B.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt16B.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt188.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt18A.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt15B.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt18C.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt18E.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt17B.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt185.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.ttEC.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt18D.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt190.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt113.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt173.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt194.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt181.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt196.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt189.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt123.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt130.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt198.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt18F.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt135.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt19A.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt139.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt191.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt13D.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt19C.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt141.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt193.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt145.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt149.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt14D.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt203.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt151.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt205.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt155.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt207.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt209.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt20C.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt20E.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt19E.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt211.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt1A2.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt215.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt1A4.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt219.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt1A6.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt1A8.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt1C9.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt1CE.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt1D1.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt1D3.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt1D5.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt1D7.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt1D9.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt1DB.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt1DD.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt1DF.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt1E1.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt1E3.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt1E5.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt1ED.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt1EF.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt1F1.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt1F3.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt1F5.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt1F7.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt1F9.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt1FB.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt1FD.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt1FF.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt201.tmp - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt109.tmp.vbs - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt11D.tmp.vbs - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt13B.tmp.vbs - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt15B.tmp.vbs - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt173.tmp.vbs - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt181.tmp.vbs - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt189.tmp.vbs - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt18F.tmp.vbs - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt191.tmp.vbs - Deleted
    D:\DOCUME~1\najat\LOCALS~1\Temp\.tt193.tmp.vbs - Deleted
    D:\WINDOWS\system32\msupdate.exe - Deleted
    D:\WINDOWS\system32\winsrc.dll.tmp - Deleted
    D:\WINDOWS\Temp\bca4e2da.$$$ - Deleted
    D:\WINDOWS\Temp\ed47fa.$ - Deleted
    D:\WINDOWS\Temp\fa56d7ec.$$$ - Deleted

    Note - Files associated with the MBR Rootkit have been found on this system, to check the PC use the MBR Rootkit Detector by Gmer




    Removing Temp Files

    ADS Check :



    Final Check :

    catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-14 13:53:18
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    scanning hidden processes ...

    scanning hidden services ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0


    Remaining Services :




    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "D:\\Program Files\\Messenger\\MSMSGS.EXE"="D:\\Program Files\\Messenger\\MSMSGS.EXE:*:Enabled:Windows Messenger"
    "D:\\WINDOWS\\System32\\mmc.exe"="D:\\WINDOWS\\System32\\mmc.exe:*:Enabled:Microsoft Management Console"
    "D:\\WINDOWS\\System32\\mqsvc.exe"="D:\\WINDOWS\\System32\\mqsvc.exe:*:Enabled:Message Queuing"
    "c:\\8u2zqe.exe"="c:\\8u2zqe.exe:*:Enabled:D HCP Client"
    "D:\\WINDOWS\\system32\\cssrss.exe"="D:\\WINDOWS\\system32\\cssrss.exe:*:Enabled:D HCP Client"
    "D:\\Documents and Settings\\najat\\Local Settings\\Temp\\.ttB3.tmp"="D:\\Documents and Settings\\najat\\Local Settings\\Temp\\.ttB3.tmp:*:Enabled:enable"
    "D:\\WINDOWS\\system32\\sysrest32.exe"="D:\\WINDOWS\\system32\\sysrest32.exe:*:Enabled:enable"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "D:\\WINDOWS\\System32\\mqsvc.exe"="D:\\WINDOWS\\System32\\mqsvc.exe:*:Enabled:Message Queuing"

    Remaining Files :


    File Backups: - D:\DOCUME~1\najat\Bureau\SDFix\backups\backups.zip

    Files with Hidden Attributes :

    Tue 6 May 2008 103,832 ..SHR --- "D:\xlu8a8sy.exe"
    Tue 9 Sep 2008 96,211 ..SHR --- "D:\jdhc2x2.com"
    Mon 13 Oct 2008 104,628 ..SHR --- "D:\68.exe"
    Tue 16 Sep 2008 98,693 ..SHR --- "D:\kqnns.exe"
    Thu 25 Sep 2008 99,286 ..SHR --- "D:\rdsfk.com"
    Tue 30 Sep 2008 100,484 ..SHR --- "D:\tknapl.exe"
    Fri 3 Oct 2008 102,053 ..SHR --- "D:\d.com"
    Tue 7 Oct 2008 100,569 ..SHR --- "D:\itsduel.exe"
    Tue 7 Oct 2008 85,504 ..SHR --- "D:\WINDOWS\system32\ckvo2.dll"
    Tue 14 Oct 2008 104,028 ..SHR --- "D:\WINDOWS\system32\ckvo.exe"
    Tue 14 Oct 2008 85,504 ..SHR --- "D:\WINDOWS\system32\ckvo1.dll"
    Tue 14 Oct 2008 85,504 ..SHR --- "D:\WINDOWS\system32\ckvo0.dll"
    Thu 19 Aug 2004 1,667,584 ..SH. --- "D:\Program Files\Messenger\msmsgs.exe"
    Sun 22 Apr 2007 72,704 ..SHR --- "D:\Program Files\Salaat Time\Setup.exe"
    Tue 1 Apr 2008 247,808 ...H. --- "D:\Documents and Settings\najat\Mes documents\~WRL2284.tmp"
    Tue 1 Apr 2008 180,736 ...H. --- "D:\Documents and Settings\najat\Mes documents\~WRL3335.tmp"
    Mon 13 Oct 2008 267,386,880 A.SH. --- "D:\System Volume Information\_restore{E89798A4-E99D-4731-896E-A3F5B5BBF760}\RP1\A0001253.sys"

    Finished!


    Combofix

    ComboFix 08-10-12.01 - najat 2008-10-14 13:55:54.1 - FAT32x86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.69 [GMT 0:00]
    Lancé depuis: D:\Documents and Settings\najat\Bureau\ComboFix.exe
    * Un nouveau point de restauration a été créé

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Autorun.inf
    C:\d.com
    C:\ev60a2.cmd
    C:\itsduel.exe
    C:\ps.bat
    C:\pv6mxu.bat
    C:\qwultj1.bat
    C:\s.bat
    C:\taqhptr.bat
    C:\vva0hc0p.cmd
    C:\yew.bat
    D:\68.exe
    D:\autorun.inf
    D:\d.com
    D:\ev60a2.cmd
    D:\itsduel.exe
    D:\ps.bat
    D:\pv6mxu.bat
    D:\s.bat
    D:\vva0hc0p.cmd
    D:\WINDOWS\system32\Bitkv1.dll
    D:\WINDOWS\system32\Cache
    D:\WINDOWS\system32\ckvo.exe
    D:\WINDOWS\system32\ckvo0.dll
    D:\WINDOWS\system32\ckvo1.dll
    D:\WINDOWS\system32\ckvo2.dll
    D:\yew.bat
    F:\autorun.inf
    F:\ev60a2.cmd

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_CBEVBSVC
    -------\Legacy_CBEVTSVC
    -------\Legacy_IPRIP
    -------\Legacy_SYSREST.SYS
    -------\Service_Iprip


    ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-14 au 2008-10-14 ))))))))))))))))))))))))))))))))))))
    .

    2008-10-14 13:47 . 2008-10-14 13:47 <REP> d-------- D:\WINDOWS\ERUNT
    2008-10-14 13:27 . 2008-10-14 13:27 75,932 --a------ D:\WINDOWS\system32\drivers\klick.dat
    2008-10-14 13:27 . 2008-10-14 13:27 74,396 --a------ D:\WINDOWS\system32\drivers\klin.dat
    2008-10-14 13:27 . 2008-10-14 13:58 32 --ahs---- D:\WINDOWS\system32\drivers\fidbox2.idx
    2008-10-14 13:27 . 2008-10-14 13:58 32 --ahs---- D:\WINDOWS\system32\drivers\fidbox2.dat
    2008-10-14 13:27 . 2008-10-14 13:58 32 --ahs---- D:\WINDOWS\system32\drivers\fidbox.idx
    2008-10-14 13:27 . 2008-10-14 13:58 32 --ahs---- D:\WINDOWS\system32\drivers\fidbox.dat
    2008-10-13 17:46 . 2008-10-13 17:46 <REP> d--hs---- D:\FOUND.003
    2008-10-13 17:44 . 2008-10-13 17:44 61,440 --a------ D:\WINDOWS\system32\drivers\plcvy.sys
    2008-10-13 15:33 . 2008-10-13 15:34 2,496 --a------ D:\WINDOWS\system32\d3d8caps.dat
    2008-10-13 14:43 . 2008-10-13 14:43 <REP> d-------- D:\Program Files\Malwarebytes' Anti-Malware
    2008-10-13 14:43 . 2008-10-13 14:43 <REP> d-------- D:\Documents and Settings\najat\Application Data\Malwarebytes
    2008-10-13 14:43 . 2008-10-13 14:43 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-10-13 14:43 . 2008-09-10 00:04 38,528 --a------ D:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-10-13 14:43 . 2008-09-10 00:03 17,200 --a------ D:\WINDOWS\system32\drivers\mbam.sys
    2008-10-13 11:48 . 2008-10-13 11:48 <REP> d-------- D:\Program Files\Trend Micro
    2008-10-07 08:36 . 104,414 D:\WINDOWS\system32\drivers\97b3727b.sys
    2008-10-06 15:27 . 2008-10-14 13:37 58 --a------ D:\WINDOWS\system32\winwp.bmp
    2008-10-06 15:21 . 2008-10-06 15:21 140,288 --a------ D:\WINDOWS\system32\mkrnl.exe
    2008-09-30 08:40 . 2008-09-30 08:40 100,484 -r-hs---- D:\tknapl.exe
    2008-09-27 10:26 . 2008-09-27 10:26 <REP> d-------- D:\Documents and Settings\najat\Application Data\URSoft
    2008-09-27 10:26 . 2008-09-27 10:26 <REP> d-------- D:\Documents and Settings\All Users\Application Data\TEMP
    2008-09-27 10:25 . 2008-09-27 10:25 <REP> d-------- D:\Program Files\Your Uninstaller 2008
    2008-09-26 08:34 . 2008-09-26 08:34 <REP> d--hs---- D:\FOUND.002
    2008-09-25 09:20 . 2008-09-25 09:20 <REP> d--hs---- D:\FOUND.001
    2008-09-25 09:05 . 2008-09-25 09:05 29 --a------ D:\WINDOWS\system32\rduqpuda.tmp
    2008-09-23 08:35 . 2008-09-25 16:04 99,286 -r-hs---- D:\rdsfk.com
    2008-09-16 09:02 . 2008-09-16 09:02 98,693 -r-hs---- D:\kqnns.exe

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-13 17:44 1,240 ----a-w D:\Program Files\ixbinitc.txt
    2008-09-09 08:55 96,211 --sh--r D:\jdhc2x2.com
    2007-12-10 15:51 40,864 ----a-w D:\Documents and Settings\najat\Application Data\GDIPFONTCACHEV1.DAT
    .

    ------- Sigcheck -------

    md5deep: D:\WINDOWS\system32\svchost.exe: error at offset 0: Permission denied

    2007-11-23 17:57 359040 27a5959c94ee173a063ca06bd14f021a D:\WINDOWS\system32\drivers\TCPIP.SYS
    2007-11-23 17:57 359040 27a5959c94ee173a063ca06bd14f021a D:\WINDOWS\system32\dllcache\TCPIP.SYS

    md5deep: D:\WINDOWS\system32\winlogon.exe: error at offset 0: Permission denied

    md5deep: D:\WINDOWS\explorer.exe: error at offset 0: Permission denied

    md5deep: D:\WINDOWS\system32\services.exe: error at offset 0: Permission denied

    md5deep: D:\WINDOWS\system32\lsass.exe: error at offset 0: Permission denied

    md5deep: D:\WINDOWS\system32\spoolsv.exe: error at offset 0: Permission denied
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IMJPMIG8.1"="D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
    "PHIME2002ASync"="D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
    "PHIME2002A"="D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
    "MsmqIntCert"="mqrt.dll" [2004-08-19 D:\WINDOWS\system32\mqrt.dll]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15360]

    D:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Microsoft Office.lnk - D:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
    Lancement rapide d'Adobe Reader.lnk - D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{C5F43BEF-CE2F-46D8-AFE6-A647BACD1F09}"= "D:\WINDOWS\system32\Bitkv0.dll" [2004-08-19 69632]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "cGnlgIVCJMT"= {19050BD6-B3AF-A17C-859F-618C561888BD} - D:\WINDOWS\system32\bmjy.dll [2004-08-19 32768]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "D:\\Program Files\\Messenger\\MSMSGS.EXE"=
    "D:\\WINDOWS\\System32\\mmc.exe"=
    "D:\\WINDOWS\\System32\\mqsvc.exe"=
    "c:\\8u2zqe.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3587:TCP"= 3587:TCP:Groupement homologue Windows
    "3540:UDP"= 3540:UDP:p rotocole PNRP (Peer Name Resolution Protocol)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)

    R2 NwSapAgent;Agent SAP;D:\WINDOWS\system32\svchost.exe [2004-08-19 17408]
    S2 zrrzrjjr;zrrzrjjr;D:\WINDOWS\system32\drivers\zrrzrjjr.sys [ ]
    S3 avpsys;AVPsys;D:\WINDOWS\system32\drivers\cdaudio.sys [2001-08-17 18688]
    S3 p2pgasvc;Authentification de groupe réseau homologue;D:\WINDOWS\system32\svchost.exe [2004-08-19 17408]
    S3 p2pimsvc;Gestionnaire d'identité réseau homologue;D:\WINDOWS\system32\svchost.exe [2004-08-19 17408]
    S3 p2psvc;Réseau homologue;D:\WINDOWS\system32\svchost.exe [2004-08-19 17408]
    S3 PNRPSvc;Protocole de résolution de noms d'homologues;D:\WINDOWS\system32\svchost.exe [2004-08-19 17408]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0aaf772e-9131-11dc-830a-00306e27151f}]
    \Shell\AutoRun\command - F:\krg62.cmd
    \Shell\explore\Command - F:\krg62.cmd
    \Shell\open\Command - F:\krg62.cmd

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2e1cff60-800f-11dd-9f1c-00306e27151f}]
    \Shell\AutoRun\command - F:\s.bat
    \Shell\explore\Command - F:\s.bat
    \Shell\open\Command - F:\s.bat

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8807484-21d6-11dd-9eb0-00306e27151f}]
    \Shell\AutoRun\command - F:\LaunchU3.exe -a
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    HKCU-Run-SalaatTime - D:\Program Files\Salaat Time\SalaatTime.exe
    HKCU-Run-msupdate.exe - D:\WINDOWS\system32\msupdate.exe
    HKCU-Run-kamsoft - D:\WINDOWS\system32\ckvo.exe
    HKLM-Run-QGBKMDKO - D:\WINDOWS\QGBKMDKO.exe
    HKLM-Run-rakjbjrj - D:\WINDOWS\rakjbjrj.exe


    .
    ------- Examen supplémentaire -------
    .
    R0 -: HKCU-Main,Start Page = hxxp://www.google.fr/
    R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
    O8 -: ajouter à kaspersky anti-banner - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm
    O8 -: E&xporter vers Microsoft Excel - D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-14 14:00:35
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\controlset003\Services\97b3727b]
    "ImagePath"="\SystemRoot\System32\drivers\97b3727b.sys"
    .
    ------------------------ Autres processus actifs ------------------------
    .
    D:\WINDOWS\SYSTEM32\MSDTC.EXE
    D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
    D:\WINDOWS\SYSTEM32\INETSRV\INETINFO.EXE
    D:\PROGRAM FILES\FICHIERS COMMUNS\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
    D:\WINDOWS\SYSTEM32\TCPSVCS.EXE
    D:\WINDOWS\SYSTEM32\MQSVC.EXE
    D:\WINDOWS\SYSTEM32\MQTGSVC.EXE
    D:\WINDOWS\system32\wscntfy.exe
    D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
    .
    **************************************************************************
    .
    Heure de fin: 2008-10-14 14:02:00 - La machine a redémarré
    ComboFix-quarantined-files.txt 2008-10-14 14:01:54

    Avant-CF: 9 400 057 856 octets libres
    Après-CF: 9,349,005,312 octets libres

    195


    rapport Hijackthis


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:55:57, on 15/10/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\WINDOWS\Explorer.EXE
    D:\WINDOWS\system32\ctfmon.exe
    D:\WINDOWS\system32\inetsrv\inetinfo.exe
    D:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    D:\WINDOWS\system32\tcpsvcs.exe
    D:\WINDOWS\system32\mqsvc.exe
    D:\WINDOWS\system32\mqtgsvc.exe
    D:\WINDOWS\system32\wscntfy.exe
    D:\Program Files\Microsoft Office\Office10\EXCEL.EXE
    D:\Program Files\Messenger\msmsgs.exe
    D:\Program Files\Internet Explorer\IEXPLORE.EXE
    D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O4 - HKLM\..\Run: [IMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
    O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [kamsoft] D:\WINDOWS\system32\ckvo.exe
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: d:\windows\system32\nwprovau.dll
    O21 - SSODL: cGnlgIVCJMT - {19050BD6-B3AF-A17C-859F-618C561888BD} - D:\WINDOWS\system32\bmjy.dll

    --
    End of file - 2910 bytes
    15 Octobre 2008 22:45:35

    Bonsoir

    Je pense que des fichiers systèmes sont touchés (patchés par l'infection) on fait un scan en ligne pour vérifier, mais ça sent le format... je sais pas ce que tu fais avec ton pc, mais là, c'est n'importe quoi...

    ~Fais une analyse antivirus en ligne sur le site de Kaspersky
    http://www.kaspersky.com/kos/eng/partner/default/kavweb...

    * Clique sur Accept
    * Une barre jaune va te demander si tu acceptes d'installer le Kavwebscan_Unicode.cab, installe l'Active X.
    * clique une nouvelle fois sur "Accept"
    * Les bases de mises à jour vont s'installer, patiente un moment
    * Clique sur Next.
    * Clique sur My Computer, le scan se met en route; attends la fin du scan sans fermer la fenêtre sinon il s'arrêtera.
    * Poste le rapport de scan.
    15 Octobre 2008 23:28:40

    je peux pas proceder a une reparation windows au lieu du formatage???
    15 Octobre 2008 23:33:26

    pas sûr, je veux voir l'étendue des dégâts avec le scan en ligne...
    si c'est trop pourri, on formate...
    18 Octobre 2008 22:39:19

    salut,

    j'ai essayé trosi fois d'avoir le rapport de scan, mais le pc plante a chaque fois.
    le scan me detecte 146 infection (c enome).
    Je vais réeseyé lundi et si marche pas encore, je formate!

    a+
    18 Octobre 2008 22:59:31

    ok
    En même temps, je crois que tu fais un peu n'importe quoi avec ton pc... :D 
    19 Octobre 2008 22:38:10

    ce n'est pas mon pc, je le jure c un poste de ma collegue au travail, elle voulais pas d'anti virus et voila elle a bousiée son pc!
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS