Tom's Guide > Forum > Sécurité - Virus > log hijackthis pour virus (popup et plantage de explorer.exe)

log hijackthis pour virus (popup et plantage de explorer.exe)

Forum Sécurité - Virus : log hijackthis pour virus (popup et plantage de explorer.exe)

TomsGuide.com : 800 000 inscrits répondent à toutes vos questions high-tech et informatique. Pour obtenir de l'aide, inscrivez-vous gratuitement !
Créer un nouveau sujet Répondre
Mot :    Pseudo :           
 
nasuryan   19-03-2006 à 15:14:25

Logfile of HijackThis v1.99.1
Scan saved at 14:57:29, on 19/03/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Documents and Settings\Arthur\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [intell321.exe] C:\WINDOWS\System32\intell321.exe
O4 - HKLM\..\Run: [AlfaCleaner] C:\Program Files\AlfaCleaner\AlfaCleaner.exe
O4 - HKLM\..\Run: [keyboard] C:\\keyboard3.exe
O4 - HKLM\..\Run: [mousepad] c:\\mousepad3.exe
O4 - HKLM\..\Run: [newname] C:\\newname3.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Program Files\webHancer\Programs\whsurvey.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00299.exe"
O4 - HKCU\..\Run: [Key] C:\DOCUME~1\Arthur\LOCALS~1\Temp\A.tmp
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/301cd6 [...] 601_fr.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\System32\win_8.dll
O20 - Winlogon Notify: Dynamic Directory - C:\WINDOWS\system32\c4000edmeh0a0.dll (file missing)
O20 - Winlogon Notify: OptimalLayout - C:\WINDOWS\system32\fp2s03f7e.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - C:\WINDOWS\System32\dcom_14.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\QXJ0aHVy\command.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe

En esperant que vous saurez me dire ce qui *%&" :P. Merci

Répondre
Liens sponsorisés
Inscrivez-vous ou connectez-vous pour masquer ceci.
Angeldark   19-03-2006 à 15:22:45
- 0 +

Salut,

Pour les pubs c'est un infection de type Look2me.

Imprime ces instructions, ou colle les dans un fichier texte.
Regarde bien les trois indications en bas, avant de commencer la procédure.
Télécharge Look2Me-Destroyer.exe sur ton Bureau.

http://www.atribune.org/ccount/click.php?id=7

. Ferme toutes les fenêtres actives.
. Lance l'outil Look2Me-Destroyer.exe.
. Coche Run this program as a task
. Un message s'affichera :
"Look2Me-Destroyer will close and re-open in approximately 10 seconds"-> OK
. Il se relancera après les 10 secondes, puis appuie sur le bouton Scan for L2M.
. Les icônes de ton Bureau vont disparaître.
. Le scan termine, clique sur Remove L2M
. Un nouveau message Done Scanning apparaîtra, clique sur OK.
. Suivi de Done removing infected files! Look2Me-Destroyer will now shutdown your computer -> OK.
. Ton PC va s’éteindre.
. Démarre ton PC normalement.
. Colle le rapport généré, situé ici : C:\Look2Me-Destroyer.txt ,ainsi qu'un rapport HijackThis.

1/ Si Look2Me-Destroyer ne se relance pas automatiquement après les 10 secondes, redémarre et essaie à nouveau.

2/ Si tu reçois un message de ton firewall disant que l'outil tente d'accéder à l'internet : Accepte ou desactive ton firewall

3/ Si un message runtime error '339' s'affiche : télécharge MSWINSCK.OCX et place-le dans le dossier C:\Windows\System32.
http://www.ascentive.com/support/n [...] WINSCK.OCX

Répondre à Angeldark
Angeldark   19-03-2006 à 15:23:57
- 0 +

Ensuite...

1/ Télécharge SmitfraudFix
http://siri.urz.free.fr/Fix/SmitfraudFix.zip

Dézippe-le sur le Bureau.
Ouvre le dossier SmitfraudFix et lance SmitfraudFix.cmd
Choisis l'Option 1 (Recherche)
Si tu vois des lignes avec PRESENT! Continue

2/ Redémarre en mode sans échec (Pour cela : démarrer le PC en tapotant sur la touche F8 du clavier jusqu'à ce que le menu des options avancées de Windows apparaisse puis avec les touches fléchées du clavier, sélectionner Mode sans échec puis appuyer sur la touche Entrée...)

Relance SmitfraudFix et choisis cette fois l’Option 2 et réponds oui à chaque question
Sauvegarde le rapport puis poste le rapport.

3/ Poste un rapport Hijackthis

Répondre à Angeldark
nasuryan   19-03-2006 à 15:54:12
- 0 +

Merci beaucoup j'ai fait tout ca, et pour le moment pas de popup ou de plantage, je te post quand même les deux logs :

---> hijackthis :
Logfile of HijackThis v1.99.1
Scan saved at 15:50:51, on 19/03/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\windows\mousepad3.exe
C:\WINDOWS\System32\LVComS.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\WINDOWS\QXJ0aHVy\command.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
c:\drsmartload1.exe
C:\Documents and Settings\Arthur\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [intell321.exe] C:\WINDOWS\System32\intell321.exe
O4 - HKLM\..\Run: [AlfaCleaner] C:\Program Files\AlfaCleaner\AlfaCleaner.exe
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard3.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad3.exe
O4 - HKLM\..\Run: [newname] C:\windows\newname3.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Program Files\webHancer\Programs\whsurvey.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00299.exe"
O4 - HKCU\..\Run: [Key] C:\DOCUME~1\Arthur\LOCALS~1\Temp\A.tmp
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/301cd6 [...] 601_fr.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\System32\win_8.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - C:\WINDOWS\System32\dcom_14.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\QXJ0aHVy\command.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe

-----> look2me-destroyer :


Look2Me-Destroyer V1.0.11

Scanning for infected files.....
Scan started at 19/03/2006 15:37:23

Infected! C:\WINDOWS\system32\f6j20g1oe6.dll
Infected! C:\WINDOWS\system32\c4000edmeh0a0.dll
Infected! C:\Documents and Settings\Arthur\Mes documents\antispy\l2mfix\dlls\c4000edmeh0a0.dll
Infected! C:\Documents and Settings\Arthur\Mes documents\antispy\l2mfix\dlls\dyvmgr.dll
Infected! C:\Documents and Settings\Arthur\Mes documents\antispy\l2mfix\dlls\f00olad31d0.dll
Infected! C:\Documents and Settings\Arthur\Mes documents\antispy\l2mfix\dlls\fp0q03d5e.dll
Infected! C:\Documents and Settings\Arthur\Mes documents\antispy\l2mfix\dlls\g4220efoeh2c0.dll
Infected! C:\Documents and Settings\Arthur\Mes documents\antispy\l2mfix\dlls\gntuname.dll
Infected! C:\Documents and Settings\Arthur\Mes documents\antispy\l2mfix\dlls\h6l20g3oe6.dll
Infected! C:\Documents and Settings\Arthur\Mes documents\antispy\l2mfix\dlls\hrn2055oe.dll
Infected! C:\Documents and Settings\Arthur\Mes documents\antispy\l2mfix\dlls\IKcenc.dll
Infected! C:\Documents and Settings\Arthur\Mes documents\antispy\l2mfix\dlls\Iq50_qc.dll
Infected! C:\Documents and Settings\Arthur\Mes documents\antispy\l2mfix\dlls\irr4l59q1.dll
Infected! C:\Documents and Settings\Arthur\Mes documents\antispy\l2mfix\dlls\jt2u07f9e.dll
Infected! C:\Documents and Settings\Arthur\Mes documents\antispy\l2mfix\dlls\khdno.dll
Infected! C:\Documents and Settings\Arthur\Mes documents\antispy\l2mfix\dlls\kmdru1.dll
Infected! C:\Documents and Settings\Arthur\Mes documents\antispy\l2mfix\dlls\kt84l7lq1.dll
Infected! C:\Documents and Settings\Arthur\Mes documents\antispy\l2mfix\dlls\mmprivs.dll
Infected! C:\Documents and Settings\Arthur\Mes documents\antispy\l2mfix\dlls\mUpistub.dll
Infected! C:\Documents and Settings\Arthur\Mes documents\antispy\l2mfix\dlls\o2ro0c93ef.dll
Infected! C:\Documents and Settings\Arthur\Mes documents\antispy\l2mfix\dlls\s2pulc791f.dll
Infected! C:\Documents and Settings\Arthur\Mes documents\antispy\l2mfix\dlls\sncbase.dll
Infected! C:\Documents and Settings\Arthur\Mes documents\antispy\l2mfix\dlls\uvrsvpia.dll
Infected! C:\Documents and Settings\Arthur\Mes documents\antispy\l2mfix\dlls\wohisn.dll
Infected! C:\RECYCLER\S-1-5-21-1547161642-412668190-682003330-1004\Dc2.dll
Infected! C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP20\A0003570.dll
Infected! C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP21\A0006616.dll
Infected! C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP21\A0006617.dll
Infected! C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP21\A0006619.dll
Infected! C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP21\A0006622.dll
Infected! C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP21\A0007847.dll
Infected! C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP21\A0007851.dll
Infected! C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP21\A0007855.dll
Infected! C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP21\A0007859.dll
Infected! C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP21\A0007863.dll
Infected! C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP21\A0007864.dll
Infected! C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP21\A0007976.dll
Infected! C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP21\A0007980.dll
Infected! C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP21\A0007987.dll
Infected! C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP21\A0007991.dll
Infected! C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP21\A0007995.dll
Infected! C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP21\A0007999.dll
Infected! C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP21\A0008001.dll
Infected! C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP21\A0008005.dll
Infected! C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP21\A0008007.dll
Infected! C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP21\A0008011.dll
Infected! C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP21\A0008015.dll
Infected! C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP21\A0008019.dll
Infected! C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP22\A0008023.dll
Infected! C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP22\A0008027.dll
Infected! C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP22\A0008030.dll
Infected! C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP22\A0008034.dll
Infected! C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP22\A0008040.dll
Infected! C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP22\A0008068.dll
Infected! C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP22\A0008072.dll
Infected! C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP24\A0008086.dll
Infected! C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP24\A0008090.dll
Infected! C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP26\A0008106.dll
Infected! C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP26\A0008133.dll
Infected! C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP26\A0009137.dll
Infected! C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP27\A0010142.dll
Infected! C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP28\A0010164.dll
Infected! C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP28\A0010168.dll
Infected! C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010274.dll
Infected! C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010278.dll
Infected! C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010285.dll
Infected! C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010286.dll
Infected! C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010287.dll
Infected! C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010288.dll
Infected! C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010289.dll
Infected! C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010290.dll
Infected! C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010291.dll
Infected! C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010292.dll
Infected! C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010293.dll
Infected! C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010294.dll
Infected! C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010295.dll
Infected! C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010296.dll
Infected! C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010297.dll
Infected! C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010298.dll
Infected! C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010299.dll
Infected! C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010300.dll
Infected! C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010301.dll
Infected! C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010302.dll
Infected! C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010303.dll
Infected! C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010304.dll
Infected! C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010444.dll
Infected! C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010445.dll
Infected! C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010446.dll
Infected! C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010447.dll
Infected! C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010448.dll
Infected! C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010449.dll
Infected! C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010450.dll
Infected! C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010451.dll
Infected! C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010452.dll
Infected! C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010453.dll
Infected! C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010454.dll
Infected! C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010455.dll
Infected! C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010456.dll
Infected! C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010457.dll
Infected! C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010458.dll
Infected! C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010459.dll
Infected! C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010460.dll
Infected! C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010461.dll
Infected! C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010462.dll
Infected! C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010463.dll
Infected! C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010464.dll
Infected! C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010465.dll
Infected! C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP73\A0022327.dll
Infected! C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP73\A0022333.dll
Infected! C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP73\A0022345.dll
Infected! C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP73\A0022351.dll
Infected! C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP73\A0022358.dll
Infected! C:\WINDOWS\system32\cocfg32.dll
Infected! C:\WINDOWS\system32\e4200efmeh2a0.dll
Infected! C:\WINDOWS\system32\enl6l13s1.dll
Infected! C:\WINDOWS\system32\f6j20g1oe6.dll
Infected! C:\WINDOWS\system32\lygif13n.dll
Infected! C:\WINDOWS\system32\pxtorec.dll
Infected! C:\WINDOWS\system32\rzvpperf.dll

Attempting to delete infected files...

Attempting to delete: C:\WINDOWS\system32\f6j20g1oe6.dll
C:\WINDOWS\system32\f6j20g1oe6.dll Deleted successfully!

Attempting to delete: C:\Documents and Settings\Arthur\Mes documents\antispy\l2mfix\dlls\c4000edmeh0a0.dll
C:\Documents and Settings\Arthur\Mes documents\antispy\l2mfix\dlls\c4000edmeh0a0.dll Deleted successfully!

Attempting to delete: C:\Documents and Settings\Arthur\Mes documents\antispy\l2mfix\dlls\dyvmgr.dll
C:\Documents and Settings\Arthur\Mes documents\antispy\l2mfix\dlls\dyvmgr.dll Deleted successfully!

Attempting to delete: C:\Documents and Settings\Arthur\Mes documents\antispy\l2mfix\dlls\f00olad31d0.dll
C:\Documents and Settings\Arthur\Mes documents\antispy\l2mfix\dlls\f00olad31d0.dll Deleted successfully!

Attempting to delete: C:\Documents and Settings\Arthur\Mes documents\antispy\l2mfix\dlls\fp0q03d5e.dll
C:\Documents and Settings\Arthur\Mes documents\antispy\l2mfix\dlls\fp0q03d5e.dll Deleted successfully!

Attempting to delete: C:\Documents and Settings\Arthur\Mes documents\antispy\l2mfix\dlls\g4220efoeh2c0.dll
C:\Documents and Settings\Arthur\Mes documents\antispy\l2mfix\dlls\g4220efoeh2c0.dll Deleted successfully!

Attempting to delete: C:\Documents and Settings\Arthur\Mes documents\antispy\l2mfix\dlls\gntuname.dll
C:\Documents and Settings\Arthur\Mes documents\antispy\l2mfix\dlls\gntuname.dll Deleted successfully!

Attempting to delete: C:\Documents and Settings\Arthur\Mes documents\antispy\l2mfix\dlls\h6l20g3oe6.dll
C:\Documents and Settings\Arthur\Mes documents\antispy\l2mfix\dlls\h6l20g3oe6.dll Deleted successfully!

Attempting to delete: C:\Documents and Settings\Arthur\Mes documents\antispy\l2mfix\dlls\hrn2055oe.dll
C:\Documents and Settings\Arthur\Mes documents\antispy\l2mfix\dlls\hrn2055oe.dll Deleted successfully!

Attempting to delete: C:\Documents and Settings\Arthur\Mes documents\antispy\l2mfix\dlls\IKcenc.dll
C:\Documents and Settings\Arthur\Mes documents\antispy\l2mfix\dlls\IKcenc.dll Deleted successfully!

Attempting to delete: C:\Documents and Settings\Arthur\Mes documents\antispy\l2mfix\dlls\Iq50_qc.dll
C:\Documents and Settings\Arthur\Mes documents\antispy\l2mfix\dlls\Iq50_qc.dll Deleted successfully!

Attempting to delete: C:\Documents and Settings\Arthur\Mes documents\antispy\l2mfix\dlls\irr4l59q1.dll
C:\Documents and Settings\Arthur\Mes documents\antispy\l2mfix\dlls\irr4l59q1.dll Deleted successfully!

Attempting to delete: C:\Documents and Settings\Arthur\Mes documents\antispy\l2mfix\dlls\jt2u07f9e.dll
C:\Documents and Settings\Arthur\Mes documents\antispy\l2mfix\dlls\jt2u07f9e.dll Deleted successfully!

Attempting to delete: C:\Documents and Settings\Arthur\Mes documents\antispy\l2mfix\dlls\khdno.dll
C:\Documents and Settings\Arthur\Mes documents\antispy\l2mfix\dlls\khdno.dll Deleted successfully!

Attempting to delete: C:\Documents and Settings\Arthur\Mes documents\antispy\l2mfix\dlls\kmdru1.dll
C:\Documents and Settings\Arthur\Mes documents\antispy\l2mfix\dlls\kmdru1.dll Deleted successfully!

Attempting to delete: C:\Documents and Settings\Arthur\Mes documents\antispy\l2mfix\dlls\kt84l7lq1.dll
C:\Documents and Settings\Arthur\Mes documents\antispy\l2mfix\dlls\kt84l7lq1.dll Deleted successfully!

Attempting to delete: C:\Documents and Settings\Arthur\Mes documents\antispy\l2mfix\dlls\mmprivs.dll
C:\Documents and Settings\Arthur\Mes documents\antispy\l2mfix\dlls\mmprivs.dll Deleted successfully!

Attempting to delete: C:\Documents and Settings\Arthur\Mes documents\antispy\l2mfix\dlls\mUpistub.dll
C:\Documents and Settings\Arthur\Mes documents\antispy\l2mfix\dlls\mUpistub.dll Deleted successfully!

Attempting to delete: C:\Documents and Settings\Arthur\Mes documents\antispy\l2mfix\dlls\o2ro0c93ef.dll
C:\Documents and Settings\Arthur\Mes documents\antispy\l2mfix\dlls\o2ro0c93ef.dll Deleted successfully!

Attempting to delete: C:\Documents and Settings\Arthur\Mes documents\antispy\l2mfix\dlls\s2pulc791f.dll
C:\Documents and Settings\Arthur\Mes documents\antispy\l2mfix\dlls\s2pulc791f.dll Deleted successfully!

Attempting to delete: C:\Documents and Settings\Arthur\Mes documents\antispy\l2mfix\dlls\sncbase.dll
C:\Documents and Settings\Arthur\Mes documents\antispy\l2mfix\dlls\sncbase.dll Deleted successfully!

Attempting to delete: C:\Documents and Settings\Arthur\Mes documents\antispy\l2mfix\dlls\uvrsvpia.dll
C:\Documents and Settings\Arthur\Mes documents\antispy\l2mfix\dlls\uvrsvpia.dll Deleted successfully!

Attempting to delete: C:\Documents and Settings\Arthur\Mes documents\antispy\l2mfix\dlls\wohisn.dll
C:\Documents and Settings\Arthur\Mes documents\antispy\l2mfix\dlls\wohisn.dll Deleted successfully!

Attempting to delete: C:\RECYCLER\S-1-5-21-1547161642-412668190-682003330-1004\Dc2.dll
C:\RECYCLER\S-1-5-21-1547161642-412668190-682003330-1004\Dc2.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP20\A0003570.dll
C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP20\A0003570.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP21\A0006616.dll
C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP21\A0006616.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP21\A0006617.dll
C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP21\A0006617.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP21\A0006619.dll
C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP21\A0006619.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP21\A0006622.dll
C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP21\A0006622.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP21\A0007847.dll
C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP21\A0007847.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP21\A0007851.dll
C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP21\A0007851.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP21\A0007855.dll
C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP21\A0007855.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP21\A0007859.dll
C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP21\A0007859.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP21\A0007863.dll
C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP21\A0007863.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP21\A0007864.dll
C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP21\A0007864.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP21\A0007976.dll
C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP21\A0007976.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP21\A0007980.dll
C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP21\A0007980.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP21\A0007987.dll
C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP21\A0007987.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP21\A0007991.dll
C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP21\A0007991.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP21\A0007995.dll
C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP21\A0007995.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP21\A0007999.dll
C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP21\A0007999.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP21\A0008001.dll
C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP21\A0008001.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP21\A0008005.dll
C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP21\A0008005.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP21\A0008007.dll
C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP21\A0008007.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP21\A0008011.dll
C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP21\A0008011.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP21\A0008015.dll
C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP21\A0008015.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP21\A0008019.dll
C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP21\A0008019.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP22\A0008023.dll
C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP22\A0008023.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP22\A0008027.dll
C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP22\A0008027.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP22\A0008030.dll
C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP22\A0008030.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP22\A0008034.dll
C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP22\A0008034.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP22\A0008040.dll
C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP22\A0008040.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP22\A0008068.dll
C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP22\A0008068.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP22\A0008072.dll
C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP22\A0008072.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP24\A0008086.dll
C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP24\A0008086.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP24\A0008090.dll
C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP24\A0008090.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP26\A0008106.dll
C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP26\A0008106.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP26\A0008133.dll
C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP26\A0008133.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP26\A0009137.dll
C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP26\A0009137.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP27\A0010142.dll
C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP27\A0010142.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP28\A0010164.dll
C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP28\A0010164.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP28\A0010168.dll
C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP28\A0010168.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010274.dll
C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010274.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010278.dll
C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010278.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010285.dll
C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010285.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010286.dll
C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010286.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010287.dll
C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010287.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010288.dll
C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010288.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010289.dll
C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010289.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010290.dll
C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010290.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010291.dll
C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010291.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010292.dll
C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010292.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010293.dll
C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010293.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010294.dll
C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010294.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010295.dll
C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010295.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010296.dll
C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010296.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010297.dll
C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010297.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010298.dll
C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010298.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010299.dll
C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010299.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010300.dll
C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010300.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010301.dll
C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010301.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010302.dll
C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010302.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010303.dll
C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010303.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010304.dll
C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010304.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010444.dll
C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010444.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010445.dll
C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010445.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010446.dll
C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010446.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010447.dll
C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010447.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010448.dll
C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010448.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010449.dll
C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010449.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010450.dll
C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010450.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010451.dll
C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010451.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010452.dll
C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010452.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010453.dll
C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010453.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010454.dll
C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010454.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010455.dll
C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010455.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010456.dll
C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010456.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010457.dll
C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010457.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010458.dll
C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010458.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010459.dll
C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010459.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010460.dll
C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010460.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010461.dll
C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010461.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010462.dll
C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010462.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010463.dll
C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010463.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010464.dll
C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010464.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010465.dll
C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP31\A0010465.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP73\A0022327.dll
C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP73\A0022327.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP73\A0022333.dll
C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP73\A0022333.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP73\A0022345.dll
C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP73\A0022345.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP73\A0022351.dll
C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP73\A0022351.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP73\A0022358.dll
C:\System Volume Information\_restore{EF282118-4AF1-47A4-9C1D-96A07B2C312B}\RP73\A0022358.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\cocfg32.dll
C:\WINDOWS\system32\cocfg32.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\e4200efmeh2a0.dll
C:\WINDOWS\system32\e4200efmeh2a0.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\enl6l13s1.dll
C:\WINDOWS\system32\enl6l13s1.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\f6j20g1oe6.dll
C:\WINDOWS\system32\f6j20g1oe6.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\lygif13n.dll
C:\WINDOWS\system32\lygif13n.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\pxtorec.dll
C:\WINDOWS\system32\pxtorec.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\rzvpperf.dll
C:\WINDOWS\system32\rzvpperf.dll Deleted successfully!

Making registry repairs.

Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\MS-DOS Emulation
Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Dynamic Directory

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{B84A4D45-675B-4C62-8AF7-093F8F8E86A7}"
HKCR\Clsid\{B84A4D45-675B-4C62-8AF7-093F8F8E86A7}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{7A99F9B1-FEB4-40D8-8016-878E84290303}"
HKCR\Clsid\{7A99F9B1-FEB4-40D8-8016-878E84290303}

Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administrateurs - Succeeded

Encore un grand merci !!

Répondre à nasuryan
Angeldark   19-03-2006 à 15:56:11
- 0 +

Maintenant utilise Smitfraudfix.

Répondre à Angeldark
nasuryan   19-03-2006 à 16:07:23
- 0 +

ouaip c'est fait. j'avais encore 2-3 truc trouvés apr ad-awar mais ils ne semblent pas avoir posé de difficultés. alors un grand merci, et si jamais je repost un scan tout frais, pour être sûr . :-D

Répondre à nasuryan
nasuryan   19-03-2006 à 16:09:09
- 0 +

ouarf j'ai rien dit le temps de faire le scan : hop ! les mêmes popups. Voila mon scan :'( :

Logfile of HijackThis v1.99.1
Scan saved at 16:07:48, on 19/03/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\windows\mousepad3.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\WINDOWS\System32\LVComS.exe
C:\Documents and Settings\Arthur\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [intell321.exe] C:\WINDOWS\System32\intell321.exe
O4 - HKLM\..\Run: [AlfaCleaner] C:\Program Files\AlfaCleaner\AlfaCleaner.exe
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard3.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad3.exe
O4 - HKLM\..\Run: [newname] C:\windows\newname3.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Program Files\webHancer\Programs\whsurvey.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00299.exe"
O4 - HKCU\..\Run: [Key] C:\DOCUME~1\Arthur\LOCALS~1\Temp\A.tmp
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/301cd6 [...] 601_fr.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\System32\win_8.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - C:\WINDOWS\System32\dcom_14.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\QXJ0aHVy\command.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe

en esperant qe ca aide .

Répondre à nasuryan
Angeldark   19-03-2006 à 16:16:15
- 0 +

Tu es sur d'avoir utiliser Smitfraudfix ?

1/ Redemarre en mode sans echec
/!\ Tu n'as pas acces a Internet dans ce mode, note bien les instructions /!\

Desinstalle si possible
Alfa Cleaner
WebHancer

2/ Lance Hijackthis ->Do a system scan only
->Coche les lignes puis Fix checked

O4 - HKLM\..\Run: [intell321.exe] C:\WINDOWS\System32\intell321.exe
O4 - HKLM\..\Run: [AlfaCleaner] C:\Program Files\AlfaCleaner\AlfaCleaner.exe
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard3.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad3.exe
O4 - HKLM\..\Run: [newname] C:\windows\newname3.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Program Files\webHancer\Programs\whsurvey.exe
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00299.exe"
O4 - HKCU\..\Run: [Key] C:\DOCUME~1\Arthur\LOCALS~1\Temp\A.tmp
O20 - AppInit_DLLs: C:\WINDOWS\System32\win_8.dll
O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - C:\WINDOWS\System32\dcom_14.dll (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\QXJ0aHVy\command.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe

Assure toi d'avoir acces au dossier/fichiers caches
->Panneau de configuration
->Options dossiers
->Coche Afficher les dossiers caches
Decoche Masquer les extensions...
Decoche Masquer les fichiers proteges...

3/ Suppime ces fichiers/dossiers si existe

C:\WINDOWS\System32\intell321.exe
C:\Program Files\AlfaCleaner
C:\windows\keyboard3.exe
C:\windows\mousepad3.exe
C:\windows\newname3.exe
C:\Program Files\webHancer
C:\WINDOWS\QXJ0aHVy
C:\Program Files\Network Monitor

HJT-> Open the Misc Tools Section
Delete a file on reboot
Ouvre C:\WINDOWS\System32\win_8.dll

Redemarre normalement

4/ Lance un nettoyage Ccleaner
(N’oublie pas de supprimer les Erreurs (a gauche))

5/ Lance un scan Ewido(mis a jour)
Sauvegarde puis colle le rapport Ewido

6/Fais un scan en ligne Panda (avec IE)
Sauvegarde, colle le rapport

7/ Reposte un log Hijackthis

As tu encore des problemes ?

Répondre à Angeldark
nasuryan   19-03-2006 à 18:59:38
- 0 +

voila tout est fait, et la ca sembnle regler, ca fait maintenant 1h que c'est fait et plus rien, alors merci bcp. dans le doute voici les 3 scans. :

Logfile of HijackThis v1.99.1
Scan saved at 18:57:01, on 19/03/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\WINDOWS\System32\LVComS.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Electronic Arts\La Bataille pour la Terre du Milieu II\lotrbfme2.exe
C:\Program Files\Electronic Arts\La Bataille pour la Terre du Milieu II\game.dat
C:\DOCUME~1\Arthur\LOCALS~1\Temp\~e5.0001
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Arthur\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/301cd6 [...] 601_fr.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activ [...] asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\QXJ0aHVy\command.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe




---------------------------------------------------------
ewido anti-malware - Rapport de scan
---------------------------------------------------------

+ Créé le: 17:14:44, 19/03/2006
+ Somme de contrôle: AEF03BA

+ Résultats du scan:

HKU\S-1-5-21-1547161642-412668190-682003330-1004\Software\Microsoft\Internet Explorer\Keywords -> Adware.CoolWebSearch : Nettoyer et sauvegarder
C:\Documents and Settings\Arthur\Mes documents\antispy\l2mfix\backup.zip/dlls/c4000edmeh0a0.dll -> Adware.Look2Me : Nettoyer et sauvegarder
C:\Documents and Settings\Arthur\Mes documents\antispy\l2mfix\backup.zip/dlls/dyvmgr.dll -> Adware.Look2Me : Nettoyer et sauvegarder
C:\Documents and Settings\Arthur\Mes documents\antispy\l2mfix\backup.zip/dlls/f00olad31d0.dll -> Adware.Look2Me : Nettoyer et sauvegarder
C:\Documents and Settings\Arthur\Mes documents\antispy\l2mfix\backup.zip/dlls/fp0q03d5e.dll -> Adware.Look2Me : Nettoyer et sauvegarder
C:\Documents and Settings\Arthur\Mes documents\antispy\l2mfix\backup.zip/dlls/g4220efoeh2c0.dll -> Adware.Look2Me : Nettoyer et sauvegarder
C:\Documents and Settings\Arthur\Mes documents\antispy\l2mfix\backup.zip/dlls/gntuname.dll -> Adware.Look2Me : Nettoyer et sauvegarder
C:\Documents and Settings\Arthur\Mes documents\antispy\l2mfix\backup.zip/dlls/h6l20g3oe6.dll -> Adware.Look2Me : Nettoyer et sauvegarder
C:\Documents and Settings\Arthur\Mes documents\antispy\l2mfix\backup.zip/dlls/hrn2055oe.dll -> Adware.Look2Me : Nettoyer et sauvegarder
C:\Documents and Settings\Arthur\Mes documents\antispy\l2mfix\backup.zip/dlls/IKcenc.dll -> Adware.Look2Me : Nettoyer et sauvegarder
C:\Documents and Settings\Arthur\Mes documents\antispy\l2mfix\backup.zip/dlls/Iq50_qc.dll -> Adware.Look2Me : Nettoyer et sauvegarder
C:\Documents and Settings\Arthur\Mes documents\antispy\l2mfix\backup.zip/dlls/irr4l59q1.dll -> Adware.Look2Me : Nettoyer et sauvegarder
C:\Documents and Settings\Arthur\Mes documents\antispy\l2mfix\backup.zip/dlls/jt2u07f9e.dll -> Adware.Look2Me : Nettoyer et sauvegarder
C:\Documents and Settings\Arthur\Mes documents\antispy\l2mfix\backup.zip/dlls/khdno.dll -> Adware.Look2Me : Nettoyer et sauvegarder
C:\Documents and Settings\Arthur\Mes documents\antispy\l2mfix\backup.zip/dlls/kmdru1.dll -> Adware.Look2Me : Nettoyer et sauvegarder
C:\Documents and Settings\Arthur\Mes documents\antispy\l2mfix\backup.zip/dlls/kt84l7lq1.dll -> Adware.Look2Me : Nettoyer et sauvegarder
C:\Documents and Settings\Arthur\Mes documents\antispy\l2mfix\backup.zip/dlls/mmprivs.dll -> Adware.Look2Me : Nettoyer et sauvegarder
C:\Documents and Settings\Arthur\Mes documents\antispy\l2mfix\backup.zip/dlls/mUpistub.dll -> Adware.Look2Me : Nettoyer et sauvegarder
C:\Documents and Settings\Arthur\Mes documents\antispy\l2mfix\backup.zip/dlls/o2ro0c93ef.dll -> Adware.Look2Me : Nettoyer et sauvegarder
C:\Documents and Settings\Arthur\Mes documents\antispy\l2mfix\backup.zip/dlls/s2pulc791f.dll -> Adware.Look2Me : Nettoyer et sauvegarder
C:\Documents and Settings\Arthur\Mes documents\antispy\l2mfix\backup.zip/dlls/sncbase.dll -> Adware.Look2Me : Nettoyer et sauvegarder
C:\Documents and Settings\Arthur\Mes documents\antispy\l2mfix\backup.zip/dlls/uvrsvpia.dll -> Adware.Look2Me : Nettoyer et sauvegarder
C:\Documents and Settings\Arthur\Mes documents\antispy\l2mfix\backup.zip/dlls/wohisn.dll -> Adware.Look2Me : Nettoyer et sauvegarder
C:\Documents and Settings\Arthur\Mes documents\Installer\Windows_XP_SP1_Crack.zip/crack.exe -> Downloader.Small.cgl : Nettoyer et sauvegarder
C:\Documents and Settings\Arthur\Mes documents\Windows_XP_SP1_Crack\crack.exe -> Downloader.Small.cgl : Nettoyer et sauvegarder
C:\keyboard1.exe -> Downloader.VB.ys : Nettoyer et sauvegarder
C:\keyboard3.exe -> Downloader.VB.yv : Nettoyer et sauvegarder
C:\mousepad3.exe -> Hijacker.VB.lv : Nettoyer et sauvegarder
C:\MTE3NDI6ODoxNg.exe -> Downloader.Small.buy : Nettoyer et sauvegarder
C:\newname3.exe -> Downloader.VB.ri : Nettoyer et sauvegarder
C:\Program Files\Fichiers communs\microsoft shared\Web Folders\ibm00299.dll -> Logger.Small.dg : Nettoyer et sauvegarder
C:\Program Files\Fichiers communs\microsoft shared\Web Folders\ibm00299.exe -> Logger.Small.dg : Nettoyer et sauvegarder
C:\Program Files\Fichiers communs\microsoft shared\Web Folders\ibm00300.dll -> Logger.Small.dg : Nettoyer et sauvegarder
C:\Program Files\Fichiers communs\microsoft shared\Web Folders\_ibm00015.exe -> Trojan.Agent.bu : Nettoyer et sauvegarder
C:\Program Files\Fichiers communs\microsoft shared\Web Folders\_ibm00021.exe -> Trojan.Agent.bu : Nettoyer et sauvegarder
C:\Program Files\Fichiers communs\microsoft shared\Web Folders\_ibm00049.exe -> Trojan.Agent.bu : Nettoyer et sauvegarder
C:\Program Files\Fichiers communs\microsoft shared\Web Folders\_ibm00103.exe -> Trojan.Agent.bu : Nettoyer et sauvegarder
C:\Program Files\Fichiers communs\microsoft shared\Web Folders\_ibm00183.exe -> Trojan.Agent.bu : Nettoyer et sauvegarder
C:\Program Files\Fichiers communs\microsoft shared\Web Folders\_ibm00211.exe -> Trojan.Agent.bu : Nettoyer et sauvegarder
C:\Program Files\Fichiers communs\microsoft shared\Web Folders\_ibm00233.exe -> Trojan.Agent.bu : Nettoyer et sauvegarder
C:\Program Files\Fichiers communs\microsoft shared\Web Folders\_ibm00237.exe -> Trojan.Agent.bu : Nettoyer et sauvegarder
C:\Program Files\Fichiers communs\microsoft shared\Web Folders\_ibm00269.exe -> Trojan.Agent.bu : Nettoyer et sauvegarder
C:\Program Files\Fichiers communs\microsoft shared\Web Folders\_ibm00279.exe -> Trojan.Agent.bu : Nettoyer et sauvegarder
C:\Program Files\Fichiers communs\microsoft shared\Web Folders\_ibm00287.exe -> Trojan.Agent.bu : Nettoyer et sauvegarder
C:\Program Files\whInstall -> Adware.Webhancer : Nettoyer et sauvegarder
C:\stub_113_4_0_4_0.exe -> Downloader.TSUpdate.o : Nettoyer et sauvegarder
C:\WHCC2.exe/whAgent.exe -> Adware.WebHancer : Nettoyer et sauvegarder
C:\WINDOWS\DH.dll -> Hijacker.Small.jf : Nettoyer et sauvegarder
C:\WINDOWS\Installer.exe -> Adware.Look2Me : Nettoyer et sauvegarder
C:\WINDOWS\kl1.exe -> Logger.Small.dg : Nettoyer et sauvegarder
C:\WINDOWS\smss.exe -> Logger.Sters.m : Nettoyer et sauvegarder
C:\WINDOWS\system32\ib6.dll -> Logger.Banker.mm : Nettoyer et sauvegarder
C:\WINDOWS\winsysupd2.exe -> Hijacker.StartPage.ahg : Nettoyer et sauvegarder


::Fin du rapport





Incident Status Location

Adware:adware/commad Not disinfected C:\WINDOWS\SYSTEM32\atmtd.dll
Adware:adware/spysheriff Not disinfected C:\WINDOWS\SYSTEM32\kernels8.exe
Adware:adware/dollarrevenue Not disinfected C:\drsmartload46a.exe
Adware:adware/alfacleaner Not disinfected C:\WINDOWS\uninstDsk.exe
Adware:adware/cws.searchmeup Not disinfected C:\WINDOWS\uniq
Potentially unwanted tool:application/alfacleaner Not disinfected C:\Documents and Settings\Arthur\Application Data\AlfaCleaner
Adware:adware/cws.yexe Not disinfected C:\WINDOWS\inet20003
Dialer:dialer.ags Not disinfected HKEY_CURRENT_USER\SOFTWARE\MONTORGUEIL
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Arthur\Mes documents\antispy\l2mfix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Arthur\Mes documents\antispy\SmitfraudFix\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Arthur\Mes documents\antispy\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Arthur\Mes documents\Installer\l2mfix.exe[Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Arthur\Mes documents\Installer\SmitfraudFix.zip[Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Arthur\Mes documents\Installer\smitRem.exe[Process.exe]
Adware:Adware/Deskwizz Not disinfected C:\DR140306.exe
Adware:Adware/DollarRevenue Not disinfected C:\gimmysmileys1.exe
Adware:Adware/Tibs Not disinfected C:\WINDOWS\system32\kernels8.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe
Virus:Trj/Downloader.HZC Not disinfected C:\WINDOWS\system32\win_8.dll
Virus:Trj/Downloader.HZX Not disinfected C:\WINDOWS\system32\win_l.exe
Adware:Adware/SearchAid Not disinfected C:\WINDOWS\uninstall_nmon.vbs
voila ! merci encore.

Répondre à nasuryan
Créer un nouveau sujet Répondre
Tom's Guide > Forum > Sécurité - Virus > log hijackthis pour virus (popup et plantage de explorer.exe)
Aller à :

Il y a 362 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.

Plan du forum
Forum Bestofmedia ©
2000-2009 Bestofmedia Group
Page générée en 0,583 secondes
Attention

Vous allez répondre sur un sujet resté inactif pendant plus de 6 mois.
Assurez-vous d'apporter des éléments nouveaux à la discussion avant de poursuivre.

Répondre Annuler
Liens