[Virus / Malware] Look2me; VX2
Résolu/Fermé
YopMa7e0
Messages postés
156
Date d'inscription
mardi 17 octobre 2006
Statut
Membre
Dernière intervention
9 février 2016
-
17 oct. 2006 à 17:09
did71 Messages postés 2187 Date d'inscription vendredi 24 mars 2006 Statut Contributeur sécurité Dernière intervention 30 janvier 2010 - 18 oct. 2006 à 21:27
did71 Messages postés 2187 Date d'inscription vendredi 24 mars 2006 Statut Contributeur sécurité Dernière intervention 30 janvier 2010 - 18 oct. 2006 à 21:27
A voir également:
- [Virus / Malware] Look2me; VX2
- Malware byte - Télécharger - Antivirus & Antimalwares
- Youtu.be virus - Accueil - Guide virus
- Svchost.exe virus - Guide
- Win32:malware-gen ✓ - Forum Virus
- Operagxsetup virus ✓ - Forum Virus
5 réponses
YopMa7e0
Messages postés
156
Date d'inscription
mardi 17 octobre 2006
Statut
Membre
Dernière intervention
9 février 2016
6
17 oct. 2006 à 19:17
17 oct. 2006 à 19:17
Euh .. y a personne ?
Ca serai bien qu'on m'aide s'il vous plais...
Ps : J'ai telecharger Ewido aussi ...
Ca serai bien qu'on m'aide s'il vous plais...
Ps : J'ai telecharger Ewido aussi ...
did71
Messages postés
2187
Date d'inscription
vendredi 24 mars 2006
Statut
Contributeur sécurité
Dernière intervention
30 janvier 2010
36
17 oct. 2006 à 19:50
17 oct. 2006 à 19:50
bonsoir YopMa7e0,
1) Télécharge SDFix sur ton bureau
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
Redémarre ton ordinateur en mode sans échec
Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.bat pour lancer le script.
Appuie sur Y pour commencer le processus de nettoyage.
Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
Appuie sur une touche pour redémarrer le PC.
Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
2)Télécharge Look2Me-Destroyer.exe sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=7
* Ferme toutes les fenêtres actives avant de passer à l'étape suivante.
* Double-clique Look2Me-Destroyer.exe afin de lancer l'outil.
* Coche Run this program as a task
* Un message s'affichera, te disant ceci : "Look2Me-Destroyer will close and re-open in approximately 10 seconds". Clique OK
* Il se relancera après les 10 secondes, puis clique sur le bouton Scan for L2M; les icônes de ton Bureau vont disparaître : c'est normal.
* Lorsque le scan termine, clique sur le bouton Remove L2M
* Un message Done Scanning apparaîtra, clique OK.
* Un nouveau message s'affichera : Done removing infected files! Look2Me-Destroyer will now shutdown your computer; clique OK.
* Ton PC va maintenant s'éteindre.
* Démarre ton PC normalement.
* Colle le rapport généré, situé ici : C:\Look2Me-Destroyer.txt , ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.
#Si Look2Me-Destroyer ne se relance pas automatiquement après les 10 secondes, redémarre et essaie à nouveau.
##Si tu reçois un message de ton parefeu que l'outil tente d'accéder à l'internet : accepte.
###Si un message runtime error '339' s'affiche : télécharge MSWINSCK.OCX du lien ci-bas, et place-le dans le dossier C:\Windows\System32.
http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX
3)poste les rapports sdfix, look2me et un nouveau hijackthis !
a+
1) Télécharge SDFix sur ton bureau
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
Redémarre ton ordinateur en mode sans échec
Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.bat pour lancer le script.
Appuie sur Y pour commencer le processus de nettoyage.
Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
Appuie sur une touche pour redémarrer le PC.
Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
2)Télécharge Look2Me-Destroyer.exe sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=7
* Ferme toutes les fenêtres actives avant de passer à l'étape suivante.
* Double-clique Look2Me-Destroyer.exe afin de lancer l'outil.
* Coche Run this program as a task
* Un message s'affichera, te disant ceci : "Look2Me-Destroyer will close and re-open in approximately 10 seconds". Clique OK
* Il se relancera après les 10 secondes, puis clique sur le bouton Scan for L2M; les icônes de ton Bureau vont disparaître : c'est normal.
* Lorsque le scan termine, clique sur le bouton Remove L2M
* Un message Done Scanning apparaîtra, clique OK.
* Un nouveau message s'affichera : Done removing infected files! Look2Me-Destroyer will now shutdown your computer; clique OK.
* Ton PC va maintenant s'éteindre.
* Démarre ton PC normalement.
* Colle le rapport généré, situé ici : C:\Look2Me-Destroyer.txt , ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.
#Si Look2Me-Destroyer ne se relance pas automatiquement après les 10 secondes, redémarre et essaie à nouveau.
##Si tu reçois un message de ton parefeu que l'outil tente d'accéder à l'internet : accepte.
###Si un message runtime error '339' s'affiche : télécharge MSWINSCK.OCX du lien ci-bas, et place-le dans le dossier C:\Windows\System32.
http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX
3)poste les rapports sdfix, look2me et un nouveau hijackthis !
a+
YopMa7e0
Messages postés
156
Date d'inscription
mardi 17 octobre 2006
Statut
Membre
Dernière intervention
9 février 2016
6
18 oct. 2006 à 18:33
18 oct. 2006 à 18:33
Voici ce ke tu demandais :
SDFix: Version 1.30
-------------------
Scan run on:
18/10/2006
Time:
18:12
Microsoft Windows XP [version 5.1.2600]
Running from: C:\Documents and Settings\XXXXX\Bureau\SDFix
Stage One...
Checking Services...
Name:
-----
Windows Log
Path:
----
C:\WINDOWS\system32\nvsvcd.exe
Windows Log ... deleted
Repairing Registry...
Restoring Default Hosts File...
Stage One Complete
Rebooting!
Stage Two...
Registry Cleaning Finished...
Checking For Malware Files:
--------------------------
C:\WINDOWS\drsmartload2.dat
Backing Up and Removing any Files Found...
Final Check:
Services:
---------
Files:
------
*Any removed Files are saved in the SDFix\backups Folder*
*FINISHED*
Look2Me-Destroyer V1.0.12
Scanning for infected files.....
Scan started at 18/10/2006 18:23:02
Infected! C:\WINDOWS\system32\mv84l9lq1.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP444\A0147985.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP444\A0147986.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP444\A0147987.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP444\A0149894.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP444\A0149902.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP446\A0150017.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP446\A0150025.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP446\A0150071.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP446\A0150079.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP447\A0150155.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP447\A0152086.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP447\A0152102.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP447\A0152109.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP447\A0153111.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP447\A0155117.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0155124.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0155128.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0155129.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0155130.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0155132.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0155133.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0155134.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0156285.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0156291.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0156306.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0156316.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0156317.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0156318.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0156319.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0156320.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0156325.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0156694.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0156782.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0156827.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0156844.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0156871.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0156872.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0156873.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0156874.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0156875.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0156876.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0156877.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0156887.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0156934.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0157935.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0157947.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0157948.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0157953.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0157960.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0157970.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0157978.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0157993.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0158003.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP450\A0159050.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP450\A0159051.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP450\A0159061.dll
Infected! C:\WINDOWS\system32\en0ol1d31.dll
Infected! C:\WINDOWS\system32\enj2l11o1.dll
Infected! C:\WINDOWS\system32\fpp2037oe.dll
Infected! C:\WINDOWS\system32\k644lghq164e.dll
Attempting to delete infected files...
Attempting to delete: C:\WINDOWS\system32\mv84l9lq1.dll
C:\WINDOWS\system32\mv84l9lq1.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP444\A0147985.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP444\A0147985.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP444\A0147986.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP444\A0147986.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP444\A0147987.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP444\A0147987.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP444\A0149894.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP444\A0149894.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP444\A0149902.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP444\A0149902.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP446\A0150017.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP446\A0150017.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP446\A0150025.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP446\A0150025.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP446\A0150071.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP446\A0150071.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP446\A0150079.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP446\A0150079.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP447\A0150155.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP447\A0150155.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP447\A0152086.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP447\A0152086.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP447\A0152102.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP447\A0152102.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP447\A0152109.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP447\A0152109.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP447\A0153111.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP447\A0153111.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP447\A0155117.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP447\A0155117.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0155124.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0155124.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0155128.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0155128.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0155129.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0155129.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0155130.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0155130.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0155132.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0155132.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0155133.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0155133.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0155134.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0155134.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0156285.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0156285.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0156291.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0156291.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0156306.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0156306.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0156316.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0156316.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0156317.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0156317.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0156318.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0156318.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0156319.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0156319.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0156320.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0156320.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0156325.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0156325.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0156694.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0156694.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0156782.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0156782.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0156827.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0156827.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0156844.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0156844.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0156871.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0156871.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0156872.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0156872.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0156873.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0156873.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0156874.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0156874.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0156875.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0156875.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0156876.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0156876.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0156877.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0156877.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0156887.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0156887.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0156934.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0156934.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0157935.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0157935.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0157947.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0157947.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0157948.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0157948.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0157953.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0157953.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0157960.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0157960.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0157970.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0157970.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0157978.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0157978.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0157993.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0157993.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0158003.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0158003.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP450\A0159050.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP450\A0159050.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP450\A0159051.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP450\A0159051.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP450\A0159061.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP450\A0159061.dll could not be deleted!
Attempting to delete: C:\WINDOWS\system32\en0ol1d31.dll
C:\WINDOWS\system32\en0ol1d31.dll could not be deleted!
Attempting to delete: C:\WINDOWS\system32\enj2l11o1.dll
C:\WINDOWS\system32\enj2l11o1.dll could not be deleted!
Attempting to delete: C:\WINDOWS\system32\fpp2037oe.dll
C:\WINDOWS\system32\fpp2037oe.dll could not be deleted!
Attempting to delete: C:\WINDOWS\system32\k644lghq164e.dll
C:\WINDOWS\system32\k644lghq164e.dll could not be deleted!
Making registry repairs.
Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Controls Folder
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{5DD74430-9BB2-4CD0-9A58-8AE1D62968A9}"
HKCR\Clsid\{5DD74430-9BB2-4CD0-9A58-8AE1D62968A9}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{2149D2C0-1832-4074-A0D8-7E96D1EBE47C}"
HKCR\Clsid\{2149D2C0-1832-4074-A0D8-7E96D1EBE47C}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{7DA75D0F-70D4-4AC7-A264-07FBF74C9E93}"
HKCR\Clsid\{7DA75D0F-70D4-4AC7-A264-07FBF74C9E93}
Restoring Windows certificates.
Replaced hosts file with default windows hosts file
Restoring SeDebugPrivilege for Administrateurs - Succeeded
SDFix: Version 1.30
-------------------
Scan run on:
18/10/2006
Time:
18:12
Microsoft Windows XP [version 5.1.2600]
Running from: C:\Documents and Settings\XXXXX\Bureau\SDFix
Stage One...
Checking Services...
Name:
-----
Windows Log
Path:
----
C:\WINDOWS\system32\nvsvcd.exe
Windows Log ... deleted
Repairing Registry...
Restoring Default Hosts File...
Stage One Complete
Rebooting!
Stage Two...
Registry Cleaning Finished...
Checking For Malware Files:
--------------------------
C:\WINDOWS\drsmartload2.dat
Backing Up and Removing any Files Found...
Final Check:
Services:
---------
Files:
------
*Any removed Files are saved in the SDFix\backups Folder*
*FINISHED*
Look2Me-Destroyer V1.0.12
Scanning for infected files.....
Scan started at 18/10/2006 18:23:02
Infected! C:\WINDOWS\system32\mv84l9lq1.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP444\A0147985.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP444\A0147986.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP444\A0147987.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP444\A0149894.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP444\A0149902.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP446\A0150017.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP446\A0150025.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP446\A0150071.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP446\A0150079.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP447\A0150155.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP447\A0152086.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP447\A0152102.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP447\A0152109.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP447\A0153111.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP447\A0155117.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0155124.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0155128.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0155129.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0155130.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0155132.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0155133.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0155134.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0156285.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0156291.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0156306.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0156316.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0156317.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0156318.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0156319.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0156320.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0156325.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0156694.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0156782.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0156827.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0156844.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0156871.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0156872.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0156873.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0156874.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0156875.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0156876.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0156877.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0156887.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0156934.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0157935.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0157947.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0157948.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0157953.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0157960.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0157970.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0157978.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0157993.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0158003.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP450\A0159050.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP450\A0159051.dll
Infected! C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP450\A0159061.dll
Infected! C:\WINDOWS\system32\en0ol1d31.dll
Infected! C:\WINDOWS\system32\enj2l11o1.dll
Infected! C:\WINDOWS\system32\fpp2037oe.dll
Infected! C:\WINDOWS\system32\k644lghq164e.dll
Attempting to delete infected files...
Attempting to delete: C:\WINDOWS\system32\mv84l9lq1.dll
C:\WINDOWS\system32\mv84l9lq1.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP444\A0147985.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP444\A0147985.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP444\A0147986.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP444\A0147986.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP444\A0147987.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP444\A0147987.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP444\A0149894.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP444\A0149894.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP444\A0149902.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP444\A0149902.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP446\A0150017.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP446\A0150017.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP446\A0150025.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP446\A0150025.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP446\A0150071.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP446\A0150071.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP446\A0150079.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP446\A0150079.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP447\A0150155.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP447\A0150155.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP447\A0152086.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP447\A0152086.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP447\A0152102.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP447\A0152102.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP447\A0152109.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP447\A0152109.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP447\A0153111.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP447\A0153111.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP447\A0155117.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP447\A0155117.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0155124.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0155124.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0155128.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0155128.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0155129.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0155129.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0155130.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0155130.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0155132.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0155132.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0155133.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0155133.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0155134.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0155134.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0156285.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0156285.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0156291.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0156291.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0156306.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0156306.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0156316.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0156316.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0156317.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0156317.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0156318.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0156318.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0156319.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0156319.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0156320.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0156320.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0156325.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0156325.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0156694.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0156694.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0156782.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP448\A0156782.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0156827.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0156827.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0156844.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0156844.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0156871.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0156871.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0156872.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0156872.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0156873.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0156873.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0156874.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0156874.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0156875.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0156875.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0156876.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0156876.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0156877.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0156877.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0156887.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0156887.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0156934.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0156934.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0157935.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0157935.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0157947.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0157947.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0157948.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0157948.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0157953.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0157953.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0157960.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0157960.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0157970.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0157970.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0157978.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0157978.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0157993.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0157993.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0158003.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP449\A0158003.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP450\A0159050.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP450\A0159050.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP450\A0159051.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP450\A0159051.dll could not be deleted!
Attempting to delete: C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP450\A0159061.dll
C:\System Volume Information\_restore{EF8840D8-CD6E-452D-898E-7A365E62FD93}\RP450\A0159061.dll could not be deleted!
Attempting to delete: C:\WINDOWS\system32\en0ol1d31.dll
C:\WINDOWS\system32\en0ol1d31.dll could not be deleted!
Attempting to delete: C:\WINDOWS\system32\enj2l11o1.dll
C:\WINDOWS\system32\enj2l11o1.dll could not be deleted!
Attempting to delete: C:\WINDOWS\system32\fpp2037oe.dll
C:\WINDOWS\system32\fpp2037oe.dll could not be deleted!
Attempting to delete: C:\WINDOWS\system32\k644lghq164e.dll
C:\WINDOWS\system32\k644lghq164e.dll could not be deleted!
Making registry repairs.
Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Controls Folder
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{5DD74430-9BB2-4CD0-9A58-8AE1D62968A9}"
HKCR\Clsid\{5DD74430-9BB2-4CD0-9A58-8AE1D62968A9}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{2149D2C0-1832-4074-A0D8-7E96D1EBE47C}"
HKCR\Clsid\{2149D2C0-1832-4074-A0D8-7E96D1EBE47C}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{7DA75D0F-70D4-4AC7-A264-07FBF74C9E93}"
HKCR\Clsid\{7DA75D0F-70D4-4AC7-A264-07FBF74C9E93}
Restoring Windows certificates.
Replaced hosts file with default windows hosts file
Restoring SeDebugPrivilege for Administrateurs - Succeeded
YopMa7e0
Messages postés
156
Date d'inscription
mardi 17 octobre 2006
Statut
Membre
Dernière intervention
9 février 2016
6
>
YopMa7e0
Messages postés
156
Date d'inscription
mardi 17 octobre 2006
Statut
Membre
Dernière intervention
9 février 2016
18 oct. 2006 à 18:36
18 oct. 2006 à 18:36
Et voici le Hijackthis :
Logfile of HijackThis v1.99.1
Scan saved at 18:35:55, on 18/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\PACKSE~1\backweb\361343\Program\SERVIC~1.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
C:\Program Files\Pack Securite\backweb\361343\Program\fspex.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Pack Securite\Anti-Virus\FSGK32.EXE
C:\Program Files\Pack Securite\backweb\361343\program\fsbwsys.exe
C:\Program Files\Pack Securite\Anti-Virus\fssm32.exe
C:\Program Files\Pack Securite\Common\FSMA32.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Pack Securite\Common\FSMB32.EXE
C:\Program Files\Pack Securite\Common\FCH32.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Pack Securite\Common\FAMEH32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Pack Securite\Anti-Virus\fsrw.exe
C:\Program Files\Pack Securite\FSPC\fspc.exe
C:\Program Files\Pack Securite\Anti-Virus\fsav32.exe
C:\Program Files\Philips\Sound Agent 2\mc500cpl.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Pack Securite\Common\FSM32.EXE
C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe
C:\Program Files\Pack Securite\FSGUI\ispnews.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\PROGRA~1\PACKSE~1\ANTI-S~1\fsaw.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Pack Securite\FSGUI\fsguidll.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Kit ADSL\Wizard\Agent_WiFi.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Mes Docs\Logiciels marchants\cleanup.exe
C:\DOCUME~1\vignes\LOCALS~1\Temp\is-5HOP5.tmp\is-MTA3F.tmp
D:\Mes Docs\Logiciels marchants\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: {1A03F196-9617-4CA0-842B-A83CEECB022B} - - (no file)
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file)
O4 - HKLM\..\Run: [QveCtl2Tray] C:\Program Files\Philips\Sound Agent 2\mc500cpl.exe
O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Pack Securite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Pack Securite\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Pack Securite\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Pack Securite\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [TVAgent WiFi] C:\Program Files\Kit ADSL\Wizard\Agent_WiFi.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [shell] "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Barre d'état système d'ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\Pack Securite\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: Ouvrir l'image dans &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1036\phdintl.dll/phdContext.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Filtre Web - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Filtre Web - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Securite\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Securite\Anti-Spyware\ieshield.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Pack Securite (BackWeb Plug-in - 361343) - Unknown owner - C:\PROGRA~1\PACKSE~1\backweb\361343\Program\SERVIC~1.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Pack Securite\backweb\361343\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\Pack Securite\FSPC\fshttps\fshttps.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Pack Securite\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: NTBOOTMGR (NTBOOT) - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntuser.exe
O23 - Service: NTLOAD - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntsrv.exe (file missing)
O23 - Service: NTSVCMGR - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntsrv.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)
Logfile of HijackThis v1.99.1
Scan saved at 18:35:55, on 18/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\PACKSE~1\backweb\361343\Program\SERVIC~1.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
C:\Program Files\Pack Securite\backweb\361343\Program\fspex.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Pack Securite\Anti-Virus\FSGK32.EXE
C:\Program Files\Pack Securite\backweb\361343\program\fsbwsys.exe
C:\Program Files\Pack Securite\Anti-Virus\fssm32.exe
C:\Program Files\Pack Securite\Common\FSMA32.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Pack Securite\Common\FSMB32.EXE
C:\Program Files\Pack Securite\Common\FCH32.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Pack Securite\Common\FAMEH32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Pack Securite\Anti-Virus\fsrw.exe
C:\Program Files\Pack Securite\FSPC\fspc.exe
C:\Program Files\Pack Securite\Anti-Virus\fsav32.exe
C:\Program Files\Philips\Sound Agent 2\mc500cpl.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Pack Securite\Common\FSM32.EXE
C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe
C:\Program Files\Pack Securite\FSGUI\ispnews.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\PROGRA~1\PACKSE~1\ANTI-S~1\fsaw.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Pack Securite\FSGUI\fsguidll.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Kit ADSL\Wizard\Agent_WiFi.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Mes Docs\Logiciels marchants\cleanup.exe
C:\DOCUME~1\vignes\LOCALS~1\Temp\is-5HOP5.tmp\is-MTA3F.tmp
D:\Mes Docs\Logiciels marchants\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: {1A03F196-9617-4CA0-842B-A83CEECB022B} - - (no file)
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file)
O4 - HKLM\..\Run: [QveCtl2Tray] C:\Program Files\Philips\Sound Agent 2\mc500cpl.exe
O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Pack Securite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Pack Securite\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Pack Securite\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Pack Securite\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [TVAgent WiFi] C:\Program Files\Kit ADSL\Wizard\Agent_WiFi.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [shell] "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Barre d'état système d'ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\Pack Securite\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: Ouvrir l'image dans &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1036\phdintl.dll/phdContext.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Filtre Web - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Filtre Web - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Securite\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Securite\Anti-Spyware\ieshield.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Pack Securite (BackWeb Plug-in - 361343) - Unknown owner - C:\PROGRA~1\PACKSE~1\backweb\361343\Program\SERVIC~1.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Pack Securite\backweb\361343\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\Pack Securite\FSPC\fshttps\fshttps.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Pack Securite\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: NTBOOTMGR (NTBOOT) - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntuser.exe
O23 - Service: NTLOAD - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntsrv.exe (file missing)
O23 - Service: NTSVCMGR - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntsrv.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)
did71
Messages postés
2187
Date d'inscription
vendredi 24 mars 2006
Statut
Contributeur sécurité
Dernière intervention
30 janvier 2010
36
18 oct. 2006 à 21:18
18 oct. 2006 à 21:18
Bonsoir,
relance hijackthis, coche les lignes citées ci dessous et fix checked (toutes fenêtres IE fermées) :
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R3 - URLSearchHook: {1A03F196-9617-4CA0-842B-A83CEECB022B} - - (no file)
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file)
comment se comporte le PC?
a+
relance hijackthis, coche les lignes citées ci dessous et fix checked (toutes fenêtres IE fermées) :
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R3 - URLSearchHook: {1A03F196-9617-4CA0-842B-A83CEECB022B} - - (no file)
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file)
comment se comporte le PC?
a+
YopMa7e0
Messages postés
156
Date d'inscription
mardi 17 octobre 2006
Statut
Membre
Dernière intervention
9 février 2016
6
18 oct. 2006 à 21:22
18 oct. 2006 à 21:22
Perfectum merci bien ^^.
//////////Possibilitée de supprimer le Topic\\\\\\\\\\
//////////Possibilitée de supprimer le Topic\\\\\\\\\\
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
did71
Messages postés
2187
Date d'inscription
vendredi 24 mars 2006
Statut
Contributeur sécurité
Dernière intervention
30 janvier 2010
36
18 oct. 2006 à 21:27
18 oct. 2006 à 21:27
ok, content d'avoir pu t'aider!
bon surf!
a+
bon surf!
a+
