Se connecter avec
S'enregistrer | Connectez-vous

CMDSERVICE et POPUP a gogo

Dernière réponse : dans Sécurité

Bonjour à tous!!!
désolé de vous embeter avec de nouveau ce sujet, ms voilà, j'ai tout essayé et suivi les conseils des autres post, mais rien a faire, spybot detecte entre autre cmdservice qu'il n'arrive pas à kill, j'ai passé ewido adwareSE CCleaner et tt récemment j viens d'installer AVAST mais tjs ce meme probleme de pub non sollicité, merci de votre aide.
Voilà mon log HIJACTHIS :

Logfile of HijackThis v1.99.1
Scan saved at 00:26:01, on 18/03/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\mousepad3.exe
C:\WINDOWS\System32\MSDNSD32.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\MSDNSD32.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\wscntify.exe
C:\WINDOWS\system32\winscntrl.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\mei-ling\Bureau\logiciel Antivirus\HijackThis.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://accountservices.passport.net/reg.srf?xpwiz=true...
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: ADOUsefulNet Object - {22E85F2A-4A67-4835-B2C3-C575FE4EC322} - C:\WINDOWS\System32\ddayx.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [mousepad] C:\\mousepad3.exe
O4 - HKLM\..\Run: [newname] C:\\newname3.exe
O4 - HKLM\..\Run: [MS Domain Name Server Deamon] MSDNSD32.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunServices: [System Service] S4B3R.exe
O4 - HKLM\..\RunServices: [MSNS PLUS XP2] msnnsg.exe
O4 - HKLM\..\RunServices: [Microsoft CSRSS Service] csrssX.exe
O4 - HKLM\..\RunServices: [MS Domain Name Server Deamon] MSDNSD32.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MS Domain Name Server Deamon] MSDNSD32.exe
O4 - HKCU\..\RunServices: [Microsoft CSRSS Service] csrssX.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Zango/ie/bridge-c18.cab...
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: ddayx - C:\WINDOWS\System32\ddayx.dll
O20 - Winlogon Notify: ShellCompatibility - C:\WINDOWS\system32\gpp0l37m1.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Performance True Type Font (PerfFont) - Unknown owner - C:\WINDOWS\System32\perfont.exe (file missing)
O23 - Service: Créateur de rapports d'état Sophos Anti-Virus (SAVAdminService) - Sophos plc - c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos plc - c:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos AutoUpdate Service - Sophos plc - c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: security centre (windows security centre) - Unknown owner - C:\WINDOWS\wscntify.exe

Autres pages sur : cmdservice popup gogo

Lassé par la pub ? Créez un compte

Bonjour

Look2me, Vundo et plusieurs autres.

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=4

* Double-clique VundoFix.exe afin de le lancer.
* Coche Run VundoFix as a task.
* Un message t'avertira que l'outil va se fermer et s'ouvrir à nouveau : clique Ok
* Clique sur le bouton Scan for Vundo.
* Lorsque le scan est complété, clique sur le bouton Remove Vundo.
* Une invite te demandera si tu veux supprimer les fichiers, clique YES
* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
* Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown"); clique OK
* Démarre ton PC à nouveau.

Ensuite

Prière d'imprimer ces instructions, ou de les coller dans un fichier texte, pour lecture durant ce fix. Regarde bien les trois petites notes au bas, avant de débuter.
Télécharge Look2Me-Destroyer.exe sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=7

* Ferme toutes les fenêtres actives avant de passer à l'étape suivante.
* Double-clique Look2Me-Destroyer.exe afin de lancer l'outil.
* Coche Run this program as a task
* Un message s'affichera, te disant ceci : "Look2Me-Destroyer will close and re-open in approximately 10 seconds". Clique OK
* Il se relancera après les 10 secondes, puis clique sur le bouton Scan for L2M; les icônes de ton Bureau vont disparaître : c'est normal.
* Lorsque le scan termine, clique sur le bouton Remove L2M
* Un message Done Scanning apparaîtra, clique OK.
* Un nouveau message s'affichera : Done removing infected files! Look2Me-Destroyer will now shutdown your computer; clique OK.
* Ton PC va maintenant s'éteindre.
* Démarre ton PC normalement.

#Si Look2Me-Destroyer ne se relance pas automatiquement après les 10 secondes, redémarre et essaie à nouveau.

##Si tu reçois un message de ton parefeu que l'outil tente d'accéder à l'internet : accepte.

###Si un message runtime error '339' s'affiche : télécharge MSWINSCK.OCX du lien ci-bas, et place-le dans le dossier C:\Windows\System32.
http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX


* Colle le rapport généré, situé ici : C:\Look2Me-Destroyer.txt , ainsi que le contenu du rapport situé dans C:\vundofix.txt et un nouveau rapport HijackThis! dans ta prochaine réponse.

0/ Installe Ccleaner et Ewido

1/ Redemarre en mode sans echec
/!\ Tu n'as pas acces a Internet dans ce mode, note bien les instructions /!\

2/ Lance Hijackthis ->Do a system scan only
->Coche les lignes puis Fix checked

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about :blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about :blank
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [mousepad] C:\\mousepad3.exe
O4 - HKLM\..\Run: [newname] C:\\newname3.exe
O4 - HKLM\..\Run: [MS Domain Name Server Deamon] MSDNSD32.exe
O4 - HKLM\..\RunServices: [System Service] S4B3R.exe
O4 - HKLM\..\RunServices: [MSNS PLUS XP2] msnnsg.exe
O4 - HKLM\..\RunServices: [Microsoft CSRSS Service] csrssX.exe
O4 - HKLM\..\RunServices: [MS Domain Name Server Deamon] MSDNSD32.exe
O4 - HKCU\..\Run: [MS Domain Name Server Deamon] MSDNSD32.exe
O4 - HKCU\..\RunServices: [Microsoft CSRSS Service] csrssX.exe

Assure toi d'avoir acces au dossier/fichiers caches
->Panneau de configuration
->Options dossiers
->Coche Afficher les dossiers caches
Decoche Masquer les extensions...
Decoche Masquer les fichiers proteges...

3/ Suppime ces fichiers/dossiers si existe

C:\\mousepad3.exe
C:\\newname3.exe
MSDNSD32.exe
msnnsg.exe
csrssX.exe
C:\WINDOWS\wscntify.exe

Démarrer/Exécuter/cmd/ tape sc delete windows security centre puis Entrée

Redemarre normalement

4/ Lance un nettoyage Ccleaner
(N’oublie pas de supprimer les Erreurs (a gauche))

5/ Lance un scan Ewido(mis a jour)
Sauvegarde puis colle le rapport Ewido

6/ Fais un scan en ligne Panda (avec IE)
http://www.pandasoftware.com/activescan
Sauvegarde,colle le rapport

7/ Reposte un log Hijackthis

As tu encore des problemes ?

Bonjour et Merci de vos aide, j'ai d'abord suivi les instruction de ChercheurPCA :
alors voilà les logs de look2me-destroyer, celui de vundofix et un hijackthis :

Look2Me-Destroyer V1.0.11

Scanning for infected files.....
Scan started at 18/03/2006 11:45:10

Infected! C:\WINDOWS\system32\lv8809lue.dll
Infected! C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP16\A0005859.dll
Infected! C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP16\A0005860.dll
Infected! C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP16\A0005861.dll
Infected! C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP17\A0006072.dll
Infected! C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP17\A0006104.dll
Infected! C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP17\A0006158.dll
Infected! C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP17\A0006181.dll
Infected! C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP17\A0006185.dll
Infected! C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP17\A0006195.dll
Infected! C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP17\A0006206.dll
Infected! C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP17\A0006355.dll
Infected! C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP17\A0006359.dll
Infected! C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP17\A0006405.dll
Infected! C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP19\A0007469.dll
Infected! C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP19\A0007473.dll
Infected! C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP19\A0007480.dll
Infected! C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP19\A0008500.dll
Infected! C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP19\A0008529.dll
Infected! C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP19\A0008534.dll
Infected! C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP19\A0008540.dll
Infected! C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP19\A0008544.dll
Infected! C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP19\A0009544.dll
Infected! C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP19\A0009555.dll
Infected! C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP19\A0009560.dll
Infected! C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP19\A0009572.dll
Infected! C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP20\A0009583.dll
Infected! C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP20\A0009587.dll
Infected! C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP20\A0009600.dll
Infected! C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP20\A0009611.dll
Infected! C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP20\A0009638.dll
Infected! C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP20\A0009640.dll
Infected! C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP20\A0009641.dll
Infected! C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP20\A0009642.dll
Infected! C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP20\A0009643.dll
Infected! C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP20\A0009645.dll
Infected! C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP20\A0009648.dll
Infected! C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP20\A0009649.dll
Infected! C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP20\A0009650.dll
Infected! C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP20\A0009654.dll
Infected! C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP20\A0009655.dll
Infected! C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP20\A0009656.dll
Infected! C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP20\A0009658.dll
Infected! C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP20\A0009660.dll
Infected! C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP20\A0009661.dll
Infected! C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP20\A0009663.dll
Infected! C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP20\A0009665.dll
Infected! C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP21\A0009691.dll
Infected! C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP21\A0009718.dll
Infected! C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP21\A0009722.dll
Infected! C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP22\A0009747.dll
Infected! C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP22\A0009755.dll
Infected! C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP22\A0009765.dll
Infected! C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP22\A0009768.dll
Infected! C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP22\A0009778.dll
Infected! C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP22\A0009789.dll
Infected! C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP22\A0009793.dll
Infected! C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP22\A0009795.dll
Infected! C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP22\A0009796.dll
Infected! C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP22\A0009805.dll
Infected! C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP22\A0011813.dll
Infected! C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP22\A0011820.dll
Infected! C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP22\A0011833.dll
Infected! C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP22\A0011837.dll
Infected! C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP22\A0011869.dll
Infected! C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP22\A0011878.dll
Infected! C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP22\A0011881.dll
Infected! C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP22\A0011894.dll
Infected! C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP22\A0011961.dll
Infected! C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP22\A0011965.dll
Infected! C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP22\A0011974.dll
Infected! C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP22\A0011981.dll
Infected! C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP22\A0011991.dll
Infected! C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP22\A0011995.dll
Infected! C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP22\A0012009.dll
Infected! C:\WINDOWS\system32\gpl0l33m1.dll
Infected! C:\WINDOWS\system32\irpml5711.dll
Infected! C:\WINDOWS\system32\lv8809lue.dll
Infected! C:\WINDOWS\system32\mjacm.dll
Infected! C:\WINDOWS\system32\mlc42.dll
Infected! C:\WINDOWS\system32\n2l80c3uef.dll
Infected! C:\WINDOWS\system32\s4pule791h.dll
Infected! C:\WINDOWS\system32\wusapi32.dll

Attempting to delete infected files...

Attempting to delete: C:\WINDOWS\system32\lv8809lue.dll
C:\WINDOWS\system32\lv8809lue.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP16\A0005859.dll
C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP16\A0005859.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP16\A0005860.dll
C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP16\A0005860.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP16\A0005861.dll
C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP16\A0005861.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP17\A0006072.dll
C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP17\A0006072.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP17\A0006104.dll
C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP17\A0006104.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP17\A0006158.dll
C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP17\A0006158.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP17\A0006181.dll
C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP17\A0006181.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP17\A0006185.dll
C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP17\A0006185.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP17\A0006195.dll
C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP17\A0006195.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP17\A0006206.dll
C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP17\A0006206.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP17\A0006355.dll
C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP17\A0006355.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP17\A0006359.dll
C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP17\A0006359.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP17\A0006405.dll
C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP17\A0006405.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP19\A0007469.dll
C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP19\A0007469.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP19\A0007473.dll
C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP19\A0007473.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP19\A0007480.dll
C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP19\A0007480.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP19\A0008500.dll
C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP19\A0008500.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP19\A0008529.dll
C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP19\A0008529.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP19\A0008534.dll
C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP19\A0008534.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP19\A0008540.dll
C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP19\A0008540.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP19\A0008544.dll
C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP19\A0008544.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP19\A0009544.dll
C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP19\A0009544.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP19\A0009555.dll
C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP19\A0009555.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP19\A0009560.dll
C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP19\A0009560.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP19\A0009572.dll
C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP19\A0009572.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP20\A0009583.dll
C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP20\A0009583.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP20\A0009587.dll
C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP20\A0009587.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP20\A0009600.dll
C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP20\A0009600.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP20\A0009611.dll
C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP20\A0009611.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP20\A0009638.dll
C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP20\A0009638.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP20\A0009640.dll
C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP20\A0009640.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP20\A0009641.dll
C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP20\A0009641.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP20\A0009642.dll
C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP20\A0009642.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP20\A0009643.dll
C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP20\A0009643.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP20\A0009645.dll
C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP20\A0009645.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP20\A0009648.dll
C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP20\A0009648.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP20\A0009649.dll
C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP20\A0009649.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP20\A0009650.dll
C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP20\A0009650.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP20\A0009654.dll
C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP20\A0009654.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP20\A0009655.dll
C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP20\A0009655.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP20\A0009656.dll
C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP20\A0009656.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP20\A0009658.dll
C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP20\A0009658.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP20\A0009660.dll
C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP20\A0009660.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP20\A0009661.dll
C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP20\A0009661.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP20\A0009663.dll
C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP20\A0009663.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP20\A0009665.dll
C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP20\A0009665.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP21\A0009691.dll
C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP21\A0009691.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP21\A0009718.dll
C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP21\A0009718.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP21\A0009722.dll
C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP21\A0009722.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP22\A0009747.dll
C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP22\A0009747.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP22\A0009755.dll
C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP22\A0009755.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP22\A0009765.dll
C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP22\A0009765.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP22\A0009768.dll
C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP22\A0009768.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP22\A0009778.dll
C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP22\A0009778.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP22\A0009789.dll
C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP22\A0009789.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP22\A0009793.dll
C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP22\A0009793.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP22\A0009795.dll
C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP22\A0009795.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP22\A0009796.dll
C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP22\A0009796.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP22\A0009805.dll
C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP22\A0009805.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP22\A0011813.dll
C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP22\A0011813.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP22\A0011820.dll
C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP22\A0011820.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP22\A0011833.dll
C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP22\A0011833.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP22\A0011837.dll
C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP22\A0011837.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP22\A0011869.dll
C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP22\A0011869.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP22\A0011878.dll
C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP22\A0011878.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP22\A0011881.dll
C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP22\A0011881.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP22\A0011894.dll
C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP22\A0011894.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP22\A0011961.dll
C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP22\A0011961.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP22\A0011965.dll
C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP22\A0011965.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP22\A0011974.dll
C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP22\A0011974.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP22\A0011981.dll
C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP22\A0011981.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP22\A0011991.dll
C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP22\A0011991.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP22\A0011995.dll
C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP22\A0011995.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP22\A0012009.dll
C:\System Volume Information\_restore{EFBE4DBD-DF70-4A43-A0B6-7F81321F1233}\RP22\A0012009.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\gpl0l33m1.dll
C:\WINDOWS\system32\gpl0l33m1.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\irpml5711.dll
C:\WINDOWS\system32\irpml5711.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\lv8809lue.dll
C:\WINDOWS\system32\lv8809lue.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\mjacm.dll
C:\WINDOWS\system32\mjacm.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\mlc42.dll
C:\WINDOWS\system32\mlc42.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\n2l80c3uef.dll
C:\WINDOWS\system32\n2l80c3uef.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\s4pule791h.dll
C:\WINDOWS\system32\s4pule791h.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\wusapi32.dll
C:\WINDOWS\system32\wusapi32.dll Deleted successfully!

Making registry repairs.

Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Unimodem

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{AE06F405-A5FE-46AF-A5CE-73D128328869}"
HKCR\Clsid\{AE06F405-A5FE-46AF-A5CE-73D128328869}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{76035AFD-B6E8-445C-8406-1C30D135B026}"
HKCR\Clsid\{76035AFD-B6E8-445C-8406-1C30D135B026}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{9C50E615-BF70-4BAF-ACC4-ADA48E859E80}"
HKCR\Clsid\{9C50E615-BF70-4BAF-ACC4-ADA48E859E80}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{682CA4E4-DD6C-4734-B4A1-26C97B3F66D6}"
HKCR\Clsid\{682CA4E4-DD6C-4734-B4A1-26C97B3F66D6}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{A352BD7B-E771-41AF-8D8F-9B3C9036EF19}"
HKCR\Clsid\{A352BD7B-E771-41AF-8D8F-9B3C9036EF19}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{E693EBD8-170D-408A-9FA5-CBDB885FBB66}"
HKCR\Clsid\{E693EBD8-170D-408A-9FA5-CBDB885FBB66}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{B03C7747-F770-4425-836D-C325F030EEDE}"
HKCR\Clsid\{B03C7747-F770-4425-836D-C325F030EEDE}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{52AF2DFD-37E4-46E3-B5BB-6F6D0FEA0E97}"
HKCR\Clsid\{52AF2DFD-37E4-46E3-B5BB-6F6D0FEA0E97}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{75ED6C77-3284-4D9B-AE0B-A5E82644B66B}"
HKCR\Clsid\{75ED6C77-3284-4D9B-AE0B-A5E82644B66B}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{608818CD-A591-4389-8718-F0E2CD1C1AAD}"
HKCR\Clsid\{608818CD-A591-4389-8718-F0E2CD1C1AAD}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{DF6C1D81-2B86-4833-97D9-1B3B407A9731}"
HKCR\Clsid\{DF6C1D81-2B86-4833-97D9-1B3B407A9731}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{594C2195-F815-499D-A8ED-83D69333EBD2}"
HKCR\Clsid\{594C2195-F815-499D-A8ED-83D69333EBD2}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{EBFCEE94-F8C2-41D7-BBAF-197FF593F2C4}"
HKCR\Clsid\{EBFCEE94-F8C2-41D7-BBAF-197FF593F2C4}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{62E67F46-AF5D-4243-A422-B15F1603F14B}"
HKCR\Clsid\{62E67F46-AF5D-4243-A422-B15F1603F14B}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{5BFBBC56-2ED7-4A93-B002-8BD9C0914130}"
HKCR\Clsid\{5BFBBC56-2ED7-4A93-B002-8BD9C0914130}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{B898E7BA-7B11-4294-9902-FBA1BA9DD994}"
HKCR\Clsid\{B898E7BA-7B11-4294-9902-FBA1BA9DD994}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{0BE11428-2ECC-475E-8908-4DA770D88642}"
HKCR\Clsid\{0BE11428-2ECC-475E-8908-4DA770D88642}

Restoring Windows certificates.

Replaced hosts file with default windows hosts file


VundoFix V4.2.34

Checking Java version...

Sun Java not detected
Scan started at 11:40:15 18/03/2006

Listing files found while scanning....

C:\WINDOWS\System32\jkkjj.dll
C:\WINDOWS\System32\ddayx.dll
C:\WINDOWS\System32\xyadd.ini
C:\WINDOWS\System32\xyadd.bak1
C:\WINDOWS\System32\xyadd.bak2
C:\WINDOWS\System32\jkkjj.dll

C:\WINDOWS\system32\xyadd.bak1
C:\WINDOWS\system32\xyadd.bak2
C:\WINDOWS\system32\xyadd.ini
C:\WINDOWS\system32\ddayx.dll
Attempting to delete C:\WINDOWS\System32\jkkjj.dll
C:\WINDOWS\System32\jkkjj.dll Has been deleted!

Attempting to delete C:\WINDOWS\System32\ddayx.dll
C:\WINDOWS\System32\ddayx.dll Has been deleted!

Attempting to delete C:\WINDOWS\System32\xyadd.ini
C:\WINDOWS\System32\xyadd.ini Has been deleted!

Attempting to delete C:\WINDOWS\System32\xyadd.bak1
C:\WINDOWS\System32\xyadd.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\System32\xyadd.bak2
C:\WINDOWS\System32\xyadd.bak2 Has been deleted!

Performing Repairs to the registry.
Done!

Logfile of HijackThis v1.99.1
Scan saved at 11:54:45, on 18/03/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\mousepad3.exe
C:\WINDOWS\System32\MSDNSD32.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\mp2Ld.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\MSDNSD32.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\wscntify.exe
C:\WINDOWS\system32\winscntrl.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\mei-ling\Bureau\logiciel Antivirus\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://accountservices.passport.net/reg.srf?xpwiz=true...
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [mousepad] C:\\mousepad3.exe
O4 - HKLM\..\Run: [newname] C:\\newname3.exe
O4 - HKLM\..\Run: [MS Domain Name Server Deamon] MSDNSD32.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DRam prmaessor] mp2Ld.exe
O4 - HKLM\..\RunServices: [System Service] S4B3R.exe
O4 - HKLM\..\RunServices: [MSNS PLUS XP2] msnnsg.exe
O4 - HKLM\..\RunServices: [Microsoft CSRSS Service] csrssX.exe
O4 - HKLM\..\RunServices: [MS Domain Name Server Deamon] MSDNSD32.exe
O4 - HKLM\..\RunServices: [DRam prmaessor] mp2Ld.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MS Domain Name Server Deamon] MSDNSD32.exe
O4 - HKCU\..\RunServices: [Microsoft CSRSS Service] csrssX.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/webmasterexe/drsmartload...
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Zango/ie/bridge-c18.cab...
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: Guardian - C:\WINDOWS\system32\aoifil32.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Performance True Type Font (PerfFont) - Unknown owner - C:\WINDOWS\System32\perfont.exe (file missing)
O23 - Service: Créateur de rapports d'état Sophos Anti-Virus (SAVAdminService) - Sophos plc - c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos plc - c:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos AutoUpdate Service - Sophos plc - c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: security centre (windows security centre) - Unknown owner - C:\WINDOWS\wscntify.exe






Bonsoir

1 Télécharge
CCleaner.
http://www.filehippo.com/download_ccleaner.html
Installe le dans un répertoire dédié.

Ewido
http://www.ewido.net/fr/download/
Tu l'installes et tu le mets à jour.

2 Redémarre en mode sans echec. Attention, tu n'as pas accès à internet dans ce mode, note bien ce que tu as à faire.
Démarre l'ordinateur.
Une fois le chargement du BIOS terminé, il y a un écran noir. Appuye sur la touche F8 jusqu'à l'affichage du menu des options avancées de Windows.
En utilisant les touches du curseur, sélectionne Mode sans échec et appuye sur Entrée.

3 Relance un scan HijackThis et coche les lignes ci-dessous :

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about :blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about :blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://accountservices.passport.net/reg.srf?xpwiz=true...
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [mousepad] C:\\mousepad3.exe
O4 - HKLM\..\Run: [newname] C:\\newname3.exe
O4 - HKLM\..\Run: [MS Domain Name Server Deamon] MSDNSD32.exe
O4 - HKLM\..\Run: [DRam prmaessor] mp2Ld.exe
O4 - HKLM\..\RunServices: [System Service] S4B3R.exe
O4 - HKLM\..\RunServices: [MSNS PLUS XP2] msnnsg.exe
O4 - HKLM\..\RunServices: [Microsoft CSRSS Service] csrssX.exe
O4 - HKLM\..\RunServices: [MS Domain Name Server Deamon] MSDNSD32.exe
O4 - HKLM\..\RunServices: [DRam prmaessor] mp2Ld.exe
O4 - HKCU\..\Run: [MS Domain Name Server Deamon] MSDNSD32.exe
O4 - HKCU\..\RunServices: [Microsoft CSRSS Service] csrssX.exe
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/webmasterexe/drsmartload...
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Zango/ie/bridge-c18.cab...
O20 - Winlogon Notify: Guardian - C:\WINDOWS\system32\aoifil32.dll (file missing)
O23 - Service: Performance True Type Font (PerfFont) - Unknown owner - C:\WINDOWS\System32\perfont.exe (file missing)
O23 - Service: security centre (windows security centre) - Unknown owner - C:\WINDOWS\wscntify.exe

Ferme toutes les fenêtres Windows, Internet explorer, Outlook,sauf le logiciel Hijackthis et clique sur « Fix checked »

4 Assure toi d'avoir accés à tous les fichiers.
Démarrer, Poste de travail ou autre dossier, Menu Outils, Option des dossiers, onglet Affichage :
Activer la case : Afficher les fichiers et dossiers cachés
Désactiver la case : Masquer les extensions des fichiers dont le type est connu
Désactiver la case : Masquer les fichiers protégés du système d'exploitation
Puis Appliquer

5 Tu clique sur Démarrer puis Exécuter, tu tapes services.msc et tu cliques sur OK.

Dans la liste des services, cherche et sélectionne
"Performance True Type Font" / double clique sur la ligne
/ vérifie dans Chemin d'accès des fichiers exécutables qu'il
s'agit bien de "C:\WINDOWS\System32\perfont.exe" / dans Type de démarrage,
sélectionne Désactiver / valide la modification.

Recommence avec

security centre et C:\WINDOWS\wscntify.exe

6 Supprime les fichiers/dossiers incriminés (s'ils existent encore) :

C:\\mousepad3.exe
C:\\newname3.exe
C:\WINDOWS\wscntify.exe
C:\WINDOWS\System32\perfont.exe
C:\WINDOWS\System32\MSDNSD32.exe
C:\WINDOWS\System32\mp2Ld.exe
S4B3R.exe
msnnsg.exe
csrssX.exe
Pour ces derniers, probablement dans C:\WINDOWS\System32 ou C:\WINDOWS

7 Lance le nettoyage avec CCleaner.

Recache les fichiers systeme afin de ne pas faire d'erreur à l'avenir en sélectionnant ne pas afficher les fichiers cachés ou les fichiers système.

8 Lance Ewido.
Fais un scan en mode complet.
Sauvegardes le rapport.

9 Redémarre normalement et poste un nouveau log HijackThis avec le rapport d'Ewido.

Bonjour,
manip. faite, voilà les log hijack et le rapport EWIDO :

Logfile of HijackThis v1.99.1
Scan saved at 15:06:22, on 19/03/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
C:\PROGRA~1\FICHIE~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\system32\winscntrl.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\francois\Bureau\mei-ling\Bureau\logiciel Antivirus\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [qkim] C:\PROGRA~1\FICHIE~1\qkim\qkimm.exe
O4 - Global Startup: Wireless Configuration Utility HW.51.lnk = C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Créateur de rapports d'état Sophos Anti-Virus (SAVAdminService) - Sophos plc - c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos plc - c:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos AutoUpdate Service - Sophos plc - c:\Program Files\Sophos\AutoUpdate\ALsvc.exe

---------------------------------------------------------
ewido anti-malware - Rapport de scan
---------------------------------------------------------

+ Créé le: 15:02:23, 19/03/2006
+ Somme de contrôle: 53C474EF

+ Résultats du scan:

HKLM\SOFTWARE\Classes\CLSID\{6001CDF7-6F45-471b-A203-0225615E35A7} -> Adware.Generic : Nettoyer et sauvegarder
C:\a.bat -> Trojan.Zapchast : Nettoyer et sauvegarder
C:\Documents and Settings\francois\Bureau\mei-ling\Bureau\logiciel Antivirus\backups\backup-20060319-134803-178.dll -> Adware.WinAD : Nettoyer et sauvegarder
C:\Documents and Settings\francois\cx32.exe/rm32.dll -> Downloader.ConHook.y : Nettoyer et sauvegarder
C:\Documents and Settings\francois\cz32.exe/rm32.dll -> Downloader.ConHook.y : Nettoyer et sauvegarder
C:\MTE3NDI6ODoxNg.exe -> Downloader.Small.buy : Nettoyer et sauvegarder
C:\Program Files\Network Monitor\netmon.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Nettoyer et sauvegarder
C:\Program Files\whInstall -> Adware.Webhancer : Nettoyer et sauvegarder
C:\Program Files\whInstall\license.txt -> Adware.Webhancer : Nettoyer et sauvegarder
C:\Program Files\whInstall\readme.txt -> Adware.Webhancer : Nettoyer et sauvegarder
C:\Program Files\whInstall\whAgent.ini -> Adware.Webhancer : Nettoyer et sauvegarder
C:\stub_113_4_0_4_0.exe -> Downloader.TSUpdate.o : Nettoyer et sauvegarder
C:\WHCC2.exe/whAgent.exe -> Adware.WebHancer : Nettoyer et sauvegarder
C:\WINDOWS\Installer.exe -> Adware.Look2Me : Nettoyer et sauvegarder
C:\WINDOWS\system32\mansor.exe -> Backdoor.SdBot.xd : Nettoyer et sauvegarder
C:\WINDOWS\TkdVWUVOIA\asappsrv.dll -> Adware.CommAd : Nettoyer et sauvegarder
C:\WINDOWS\TkdVWUVOIA\command.exe -> Adware.CommAd : Nettoyer et sauvegarder


::Fin du rapport

Ligne fixé
voici le scan PANDA ca fait peur loll

Incident Status Location

Adware:adware/superspider Not disinfected C:\WINDOWS\SYSTEM32\a.exe
Potentially unwanted tool:application/winfixer2005 Not disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\UWA6PV_0001_N62M3012NetInstaller.exe
Adware:adware/deskwizz Not disinfected C:\DR140306.exe
Adware:adware/dollarrevenue Not disinfected C:\drsmartload1.exe
Adware:adware/maxifiles Not disinfected C:\mc-110-12-0000228.exe
Spyware:application/bestoffer Not disinfected C:\WINDOWS\smdat32m.sys
Adware:adware/commad Not disinfected C:\WINDOWS\uninstall_nmon.vbs
Potentially unwanted tool:application/myway Not disinfected C:\PROGRAM FILES\MyWay
Potentially unwanted tool:application/winantivirus2006 Not disinfected HKEY_LOCAL_MACHINE\SOFTWARE\WINANTIVIRUS PRO 2006
Potentially unwanted tool:application/altnet Not disinfected HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP MANAGEMENT\ARPCACHE\ALTNETDM
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\francois\Cookies\francois@atdmt[2].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\francois\Cookies\francois@bluestreak[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\francois\Cookies\francois@mediaplex[1].txt
Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\francois\Cookies\francois@weborama[2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\francois\Cookies\francois@xiti[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\francois\Cookies\francois@atdmt[2].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\francois\Cookies\francois@bluestreak[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\francois\Cookies\francois@mediaplex[1].txt
Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\francois\Cookies\francois@weborama[2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\francois\Cookies\francois@xiti[1].txt
Virus:W32/Sdbot.GPW.worm Disinfected C:\Documents and Settings\francois\sysctl.exe
Adware:Adware/Deskwizz Not disinfected C:\DR140306.exe
Adware:Adware/BroadcastPC Not disinfected C:\DR21206.exe
Adware:Adware/DollarRevenue Not disinfected C:\drsmartload1.exe
Adware:Adware/DollarRevenue Not disinfected C:\gimmysmileys1.exe
Adware:Adware/DollarRevenue Not disinfected C:\gotya.exe
Adware:Adware/DollarRevenue Not disinfected C:\keyboard1.exe
Adware:Adware/Maxifiles Not disinfected C:\mc-110-12-0000228.exe
Adware:Adware/Ucmore Not disinfected C:\msnmsg.exe
Adware:Adware/Ucmore Not disinfected C:\MSWIN32.dll.exe
Adware:Adware/Ucmore Not disinfected C:\msx32.dll.exe
Adware:Adware/DollarRevenue Not disinfected C:\newname2.exe
Adware:Adware/Maxifiles Not disinfected C:\Program Files\Fichiers communs\Download\mc-110-12-0000228.exe
Adware:Adware/Maxifiles Not disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\8XSZ8DST\launcher[1].exe
Adware:Adware/Maxifiles Not disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OHI5AH4D\mc-110-12-0000228[1].exe
Adware:Adware/Ucmore Not disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OHI5AH4D\test3[1].p
Adware:Adware/Ucmore Not disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OP89MJOL\test3[1].gif
Virus:Trj/Qhost.gen Disinfected C:\WINDOWS\system32\drivers\etc\hosts.20060305-125747.backup
Virus:Trj/Qhost.gen Disinfected C:\WINDOWS\system32\drivers\etc\hosts.20060312-143820.backup
Virus:Trj/Qhost.gen Disinfected C:\WINDOWS\system32\drivers\etc\hosts.20060317-125654.backup
Virus:Trj/Qhost.gen Disinfected C:\WINDOWS\system32\drivers\etc\hosts.20060317-125655.backup
Virus:W32/Sdbot.GUI.worm Disinfected C:\WINDOWS\system32\eraseme_40124.exe
Virus:W32/Sdbot.ftp Disinfected C:\WINDOWS\system32\i
Virus:W32/Gaobot.MMD.worm Disinfected C:\WINDOWS\system32\MSDNSD32.exe
Virus:W32/Sdbot.GUI.worm Disinfected C:\WINDOWS\system32\winscntrl.exe
Virus:W32/Sdbot.GSX.worm Disinfected C:\WINDOWS\system32\wlib32.dll
Adware:Adware/ISearch Not disinfected C:\WINDOWS\TkdVWUVOIA\n4xpqopiKE.vbs
Adware:Adware/SearchAid Not disinfected C:\WINDOWS\uninstall_nmon.vbs
Adware:Adware/ConsumerAlertSystem Not disinfected C:\WinFrgn.exe

Bonsoir,

1/ Télécharge SmitfraudFix
http://siri.urz.free.fr/Fix/SmitfraudFix.zip

Dézippe-le sur le Bureau.
Ouvre le dossier SmitfraudFix et lance SmitfraudFix.cmd
Choisis l'Option 1 (Recherche)
Si tu vois des lignes avec PRESENT! Continue

2/ Redémarre en mode sans échec (Pour cela : démarrer le PC en tapotant sur la touche F8 du clavier jusqu'à ce que le menu des options avancées de Windows apparaisse puis avec les touches fléchées du clavier, sélectionner Mode sans échec puis appuyer sur la touche Entrée...)

Relance SmitfraudFix et choisis cette fois l’Option 2 et réponds oui à chaque question
Sauvegarde le rapport puis poste le rapport.

Bonsoir
voillà le rapport:

SmitFraudFix v2.25

Rapport fait à 21:59:29,06 le 24/03/2006
Executé à partir de C:\Documents and Settings\francois\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600]

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\drsmartload1.exe supprimé
C:\gimmysmileys1.exe supprimé
C:\keyboard1.exe supprimé
C:\WINDOWS\gimmygames.dat supprimé

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport

Redemarre en mode sans echec puis supprime

C:\WINDOWS\SYSTEM32\a.exe
C:\WINDOWS\DOWNLOADED PROGRAM FILES\UWA6PV_0001_N62M3012NetInstaller.exe
C:\DR140306.exe
C:\mc-110-12-0000228.exe
C:\WINDOWS\smdat32m.sys
C:\WINDOWS\uninstall_nmon.vbs
C:\PROGRAM FILES\MyWay
C:\Documents and Settings\francois\Cookies <- Vide le dossier
C:\Documents and Settings\francois\sysctl.exe
C:\DR21206.exe
C:\gotya.exe
C:\msnmsg.exe
C:\MSWIN32.dll.exe
C:\msx32.dll.exe
C:\newname2.exe
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\8XSZ8DST\launcher[1].exe
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OHI5AH4D\mc-110-12-0000228[1].exe
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OHI5AH4D\test3[1].p
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OP89MJOL\test3[1].gif
C:\WINDOWS\system32\drivers\etc\hosts.20060305-125747.backup
C:\WINDOWS\system32\drivers\etc\hosts.20060312-143820.backup
C:\WINDOWS\system32\drivers\etc\hosts.20060317-125654.backup
C:\WINDOWS\system32\drivers\etc\hosts.20060317-125655.backup
C:\WINDOWS\system32\eraseme_40124.exe
C:\WINDOWS\system32\i
C:\WINDOWS\system32\MSDNSD32.exe
C:\WINDOWS\system32\winscntrl.exe
C:\WINDOWS\system32\wlib32.dll
C:\WINDOWS\TkdVWUVOIA\n4xpqopiKE.vbs
C:\WINDOWS\uninstall_nmon.vbs
C:\WinFrgn.exe

Executer, Regedit puis supprime

HKEY_LOCAL_MACHINE\SOFTWARE\WINANTIVIRUS PRO 2006
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP MANAGEMENT\ARPCACHE\ALTNETDM

Fichiers supprimés et base de registre nettoyé, certains fichiers n'ont pas été trouvé malgré l affichage de tous les dossiers et une recherche windows :

C:\WINDOWS\DOWNLOADED PROGRAM FILES\UWA6PV_0001_N62M3012NetInstaller.exe
C:\Documents and Settings\francois\sysctl.exe
C:\WINDOWS\system32\drivers\etc\hosts.20060305-125747.backup
C:\WINDOWS\system32\drivers\etc\hosts.20060312-143820.backup
C:\WINDOWS\system32\drivers\etc\hosts.20060317-125654.backup
C:\WINDOWS\system32\drivers\etc\hosts.20060317-125655.backup
C:\WINDOWS\system32\eraseme_40124.exe
C:\WINDOWS\system32\i
C:\WINDOWS\system32\MSDNSD32.exe
C:\WINDOWS\system32\winscntrl.exe
C:\WINDOWS\system32\wlib32.dll
C:\WINDOWS\uninstall_nmon.vbs
C:\WinFrgn.exe

:-o

que faire d'autre sachant qu'à l ouverture j'ai toujours AVAST qui me trouve un trojan

D'avance merci
Lassé par la pub ? Créez un compte

Créer un nouveau sujet

Tom's guide dans le monde