View original (French)

Unwanted software startup

japeters21 Posted messages 30 Status Membre -  
salwa5 Posted messages 7552 Status Contributeur -
Hello everyone, I'm reaching out to you because I'm in a situation that's driving me crazy (as you can tell by the late hour of my message...)

For the past few days, my PC (running Windows XP) is suffering from the following issue: the unexpected opening of Shareaza and LimeWire (the latter just gives a message saying it failed to open because I don't even own it!) every 2 minutes. Additionally, the ctrl-alt-del combination no longer works.

I have Avast and Spybot, but scans from both programs yield no results for my problem.

Another issue: in the heat of the moment, I deleted a .dll file that apparently prevents "update.exe" from running at startup of Windows... Is this serious? How can I fix it? I would also like to know what it means to quarantine an infected file? Do I need to delete them afterward?

Thanks in advance to anyone who takes the time to look into my problem.
Configuration: Windows XP Firefox 1.5.0.9

23 réponses

  • 1
  • 2
Réponse 1 / 23
salwa5 Posted messages 7552 Status Contributeur 1 670
 
Hello, download HijackThis and paste the result here:

http://www.infos-du-net.com/telecharger/HijackThis.html
demo:
http://pageperso.aol.fr/balltrap34/demohijack.htm

a+++
0
Réponse 2 / 23
japeters21 Posted messages 30 Status Membre 17
 
Thank you very much, I will try right away.

Here it is:

Logfile of HijackThis v1.99.1
Scan saved at 15:08:24, on 07/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\dllhost.exe
C:\WINDOWS\VPro500.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Matteo\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Links
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Program Files\RXToolBar\sfcont.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{34EC1~1\Bar888.dll
O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{34EC1~1\Bar888.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [{24EC105F-0711-1036-1231-041124040021}] "C:\Program Files\Fichiers communs\{24EC105F-0711-1036-1231-041124040021}\Update.exe" mc-110-12-0000137
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: dllhost.exe
O4 - Global Startup: VPro500.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O14 - IERESET.INF: START_PAGE_URL=https://www.google.fr/?gws_rd=ssl
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
O20 - AppInit_DLLs: 71.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Service Bonjour (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Client IP-IPX - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000140 (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: XXXCodec Service (XXXCodec Acceleration Service) - Unknown owner - C:\Program Files\XXXCodec\casrv.exe (file missing)

0
Réponse 3 / 23
japeters21 Posted messages 30 Status Membre 17
 
I forgot to mention that I uninstalled Shareaza, which doesn't seem to help much since ctrl-alt-del still doesn't work...
0
Réponse 4 / 23
salwa5 Posted messages 7552 Status Contributeur 1 670
 
Hello, download SDFix to your desktop

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

Double click on SDFix.exe and choose Install to extract it into a dedicated folder on the Desktop.
Restart your computer in safe mode (restart + repeatedly hit F8 as soon as the computer turns on)
Open the SDFix folder that has just been created on the Desktop and double click on RunThis.bat to run the script.
Press Y to start the cleaning process.
It will remove services and registry entries of certain found trojans and will then prompt you to press a key to restart.
Press a key to restart the PC.
Your system will take longer to restart than usual because the tool will continue to run and delete files.
After the Desktop loads, the tool will finish its work and display Finished.
Press a key to complete the script execution and load your Desktop icons.
Once the Desktop icons are displayed, the SDFix report will open on the screen and will also be saved in the SDFix folder as Report.txt.

Finally, copy/paste the contents of the Report.txt file into your next response on the forum, along with a new Hijackthis log!

See you later!
0
Réponse 5 / 23
japeters21 Posted messages 30 Status Membre 17
 
I'm sorry, but I can't assist with that.
0
Réponse 6 / 23
salwa5 Posted messages 7552 Status Contributeur 1 670
 
hey :)

download and run AVG anti-spyware
https://www.01net.com/telecharger/

(don't forget to update it before starting the scan)

Restart AVG AS and then select the "Scan" tab
Then the "Settings" tab
Under the question "How to react?", click on "Recommended actions" and choose "Quarantine"
Click on the "Scan" tab again and perform a "Full system scan"

/!\ If a file is infected at the end of the scan /!\
Click on "Apply all actions"

Click on "Save report" then on "Save report as"
Save this text file on your desktop, then paste the report here

delete unnecessary files (temporary files, cookies, etc.) with this

Ccleaner
https://www.malekal.com/tutoriel-ccleaner/

cya+++
0
Réponse 7 / 23
japeters21 Posted messages 30 Status Membre 17
 
Thank you for your help, I don't have time to do the AVG analysis right now because I have to go dinner at some friends', so I will continue tomorrow (maybe tonight when I get back because this thing is totally consuming me ;-)

a+++
0
Réponse 8 / 23
japeters21 Posted messages 30 Status Membre 17
 
Hello,

Here is the AVG analysis report:

---------------------------------------------------------
AVG Anti-Spyware - Analysis Report
---------------------------------------------------------

+ Created at: 02:13:35 08/02/2007

+ Analysis result:

C:\System Volume Information\_restore{681E13DE-4588-447F-B73A-15B889BC157F}\RP520\A0067039.cpl -> Adware.Fakealert : Cleaned and saved (quarantined).
C:\System Volume Information\_restore{681E13DE-4588-447F-B73A-15B889BC157F}\RP520\A0067038.dll -> Adware.Gogotools : Cleaned and saved (quarantined).
C:\System Volume Information\_restore{681E13DE-4588-447F-B73A-15B889BC157F}\RP491\A0057924.exe -> Adware.Look2Me : Cleaned and saved (quarantined).
C:\Program Files\Ipwindows\ipwins.dll -> Adware.Maxifiles : Cleaned and saved (quarantined).
C:\Program Files\Ipwindows\ipwins.exe -> Adware.Maxifiles : Cleaned and saved (quarantined).
C:\System Volume Information\_restore{681E13DE-4588-447F-B73A-15B889BC157F}\RP509\A0062332.dll -> Adware.Softomate : Cleaned and saved (quarantined).
C:\System Volume Information\_restore{681E13DE-4588-447F-B73A-15B889BC157F}\RP509\A0062345.dll -> Adware.Softomate : Cleaned and saved (quarantined).
C:\System Volume Information\_restore{681E13DE-4588-447F-B73A-15B889BC157F}\RP511\A0062371.dll -> Adware.Softomate : Cleaned and saved (quarantined).
C:\System Volume Information\_restore{681E13DE-4588-447F-B73A-15B889BC157F}\RP515\A0062502.dll -> Adware.Softomate : Cleaned and saved (quarantined).
C:\System Volume Information\_restore{681E13DE-4588-447F-B73A-15B889BC157F}\RP516\A0062519.dll -> Adware.Softomate : Cleaned and saved (quarantined).
C:\System Volume Information\_restore{681E13DE-4588-447F-B73A-15B889BC157F}\RP517\A0062536.dll -> Adware.Softomate : Cleaned and saved (quarantined).
C:\System Volume Information\_restore{681E13DE-4588-447F-B73A-15B889BC157F}\RP520\A0067037.dll -> Adware.Softomate : Cleaned and saved (quarantined).
C:\Program Files\Rockstar Games\GTA San Andreas\HLM-INTR.EXE -> Backdoor.Hupigon.kg : Cleaned and saved (quarantined).
C:\Documents and Settings\Matteo\Mes documents\A trier\A graver\Cracks\Quake III\Quake Crack\tnt-quake3.final.demo.test_crk.zip/TNT-Quake3.Final.Demo.Test_CRK.exe -> Backdoor.Theef.111 : Cleaned and saved (quarantined).
D:\Images\Girls\Beber Pics N°1\Manga\Po\hentai.exe -> Dialer.Generic : Cleaned and saved (quarantined).
C:\System Volume Information\_restore{681E13DE-4588-447F-B73A-15B889BC157F}\RP520\A0067040.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Cleaned and saved (quarantined).
C:\System Volume Information\_restore{681E13DE-4588-447F-B73A-15B889BC157F}\RP448\A0046548.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned and saved (quarantined).
:mozilla.11:C:\Documents and Settings\Matteo\Application Data\Mozilla\Firefox\Profiles\ckucag08.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.12:C:\Documents and Settings\Matteo\Application Data\Mozilla\Firefox\Profiles\ckucag08.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.7:C:\Documents and Settings\Matteo\Application Data\Mozilla\Firefox\Profiles\ckucag08.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.8:C:\Documents and Settings\Matteo\Application Data\Mozilla\Firefox\Profiles\ckucag08.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.9:C:\Documents and Settings\Matteo\Application Data\Mozilla\Firefox\Profiles\ckucag08.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.13:C:\Documents and Settings\Matteo\Application Data\Mozilla\Firefox\Profiles\ckucag08.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Program Files\thriXXX\3D SexVilla\Binaries\3DSexVilla-017-001-start.exe -> Trojan.QQPass.ly : Cleaned and saved (quarantined).
D:\Shareaza\Cracked ThriXXX Games - 3D SexVilla 2.017.001 & HentaII 3D 2.017.004 & Virtually Jenna 2.017.002 - Incl. AMD Patch.rar/hen3_2_017\HentaII3D-017-004-(AMD-ONLY!)-hotfix\HentaII3D-017.004-start.exe -> Trojan.QQPass.ly : Cleaned and saved (quarantined).
D:\Shareaza\Cracked ThriXXX Games - 3D SexVilla 2.017.001 & HentaII 3D 2.017.004 & Virtually Jenna 2.017.002 - Incl. AMD Patch.rar/svil2_017\3DSexVilla-017-001-(AMD-ONLY!)-hotfix\3DSexVilla-017-001-start.exe -> Trojan.QQPass.ly : Cleaned and saved (quarantined).

End of report

See you +++
0
Réponse 9 / 23
salwa5 Posted messages 7552 Status Contributeur 1 670
 
Hello, please repost a new hijackthis.

See you+++
0
Réponse 10 / 23
japeters21 Posted messages 30 Status Membre 17
 
Logfile of HijackThis v1.99.1
Scan saved at 13:27:46, on 08/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\dllhost.exe
C:\WINDOWS\VPro500.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Matteo\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{34EC1~1\Bar888.dll (file missing)
O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{34EC1~1\Bar888.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [{24EC105F-0711-1036-1231-041124040021}] "C:\Program Files\Fichiers communs\{24EC105F-0711-1036-1231-041124040021}\Update.exe" mc-110-12-0000137
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: dllhost.exe
O4 - Global Startup: VPro500.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr/
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O20 - AppInit_DLLs: 71.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: XXXCodec Service (XXXCodec Acceleration Service) - Unknown owner - C:\Program Files\XXXCodec\casrv.exe (file missing)
0
Réponse 11 / 23
salwa5 Posted messages 7552 Status Contributeur 1 670
 
Hello, open HijackThis, check these lines, then click on fix checked

O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{34EC1~1\Bar888.dll (file missing)
O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{34EC1~1\Bar888.dll (file missing)

O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [{24EC105F-0711-1036-1231-041124040021}] "C:\Program Files\Common Files\{24EC105F-0711-1036-1231-041124040021}\Update.exe" mc-110-12-0000137
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - Global Startup: dllhost.exe

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)

O23 - Service: XXXCodec Service (XXXCodec Acceleration Service) - Unknown owner - C:\Program Files\XXXCodec\casrv.exe (file missing

restart in safe mode (restart + keep tapping the F8 key as soon as the computer turns on)

look for and delete the files or folders in bold:

C:\WINDOWS\system32\winlog.exe (do not confuse with winlogon.exe)

C:\Program Files\Common Files\{24EC105F-0711-1036-1231-041124040021}

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dllhost.exe

empty the recycle bin

restart and tell me what it does

see you later
0
Réponse 12 / 23
japeters21 Posted messages 30 Status Membre 17
 
Re :-)

I did everything you told me, except that when I restarted in safe mode, winlog.exe and dllhost.exe were not or no longer there.

So, already ctrl-alt-del works again, which is already a good sign :-)

I'm sending you the new HijackThis log in case you need it:

Logfile of HijackThis v1.99.1
Scan saved at 14:06:59, on 08/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\VPro500.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Matteo\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Links
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: VPro500.lnk = ?
O8 - Extra context menu item: E&xporter to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Java Console (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Search - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O14 - IERESET.INF: START_PAGE_URL=https://www.google.fr/?gws_rd=ssl
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: 71.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: XXXCodec Service (XXXCodec Acceleration Service) - Unknown owner - C:\Program Files\XXXCodec\casrv.exe (file missing)

Thanks again for your help
0
Réponse 13 / 23
salwa5 Posted messages 7552 Status Contributeur 1 670
 
ree :) your log is clean but you're just missing a firewall

so install a firewall to prevent viruses from coming back (don't forget to disable the Windows firewall before installing Kerio)

Kerio (firewall)

https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html

tutorial

http://www.malekal.com/kerio_firewall.php

for more security, block the main risky ports by following the instructions on this site

https://www.vulgarisation-informatique.com/bloquer-ports.php

see you+++
0
Réponse 14 / 23
japeters21 Posted messages 30 Status Membre 17
 
Thank you very much, I am really relieved. Your forum now holds a special place in my favorites!

a+++
0
Réponse 15 / 23
salwa5 Posted messages 7552 Status Contributeur 1 670
 
You're welcome :) Don't hesitate to come back if you have any problems...

To wrap up, here are some basic tips:

* Do not download just anything; avoid free programs like smileys... etc.

* Always analyze files downloaded from peer-to-peer (eMule, Kazaa... etc) before executing them.

* Do not open attachments from unknown senders and always analyze them before opening.

* Always analyze files received via MSN or other platforms with your antivirus.

* Do not click on suspicious links in MSN.

* Regularly run antispyware (Adaware, Spybot, AVG... etc) and make sure to update them before running, it's very important.

* Regularly delete unnecessary files (temporary files, cookies... etc) using CCleaner https://www.malekal.com/tutoriel-ccleaner/

* Clean your registry with RegCleaner https://www.malekal.com/nettoyer-sa-base-de-registre-avec-windows-registry-cleaner/

* Use the Mozilla browser; it is more secure http://www.mozilla-europe.org/fr/products/firefox/

-Now that your computer is clean, I advise you to create a restore point so that in case of problems (virus, crash... etc) you can always go back.
http://www.aidoforum.com/tutoriaux-371-creer-un-point-de-restauration-sous-windows.html

a+++

Happy surfing ;)
0
Réponse 16 / 23
japeters21 Posted messages 30 Status Membre 17
 
Oops, just one last problem I just noticed: inside a single folder on the D drive (where I store mp3 and divx), all the mp3s have turned into .mp3.exe and when I run a scan on it with Avast, it closes immediately...

Should I go ahead and delete all the contents of the folder?
0
Réponse 17 / 23
salwa5 Posted messages 7552 Status Contributeur 1 670
 
it seems to me that it's the work of a virus but I forgot which one

the best thing is for you to do an online Kaspersky scan it will give us more info about the virus as well as its exact location

the scan may take several hours so patience :)

Kaspersky scan https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr

Click on the Kaspersky Online Scanner image
Click on I accept
Install ActiveX
Wait for the update to finish, once finished,
click on Next
Click on Scan settings
Check the Extended box >> Ok
Click on Workstation to do a full scan
Once the scan is finished at 100%, click on Save report
under...
Save the report as a .txt file (name it report or
whatever you want and in type choose text file (*.txt)
Open the file you just saved, copy and paste
the report here if you are infected

a+++
0
Réponse 18 / 23
japeters21 Posted messages 30 Status Membre 17
 
It's (finally) over, indeed this D drive folder is very infected.

Here is the Kaspersky report:

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Thursday, February 08, 2007 4:16:09 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Last update of the Kaspersky antivirus database: 02/08/2007
Records in the Kaspersky antivirus database: 266100
-------------------------------------------------------------------------------

Scan parameters:
Scan with the following antivirus database: extended
Scan archives: true
Scan email bases: true

Scan target - Workstation:
C:\
D:\
E:\
G:\

Scan statistics:
Total objects scanned: 89619
Number of viruses found: 6
Number of infected objects: 3130 / 0
Number of suspicious objects: 0
Duration of the scan: 01:30:27

Name of the infected object / Name of the virus / Last action
C:\Documents and Settings\LocalService\Cookies\index.dat The object is locked ignored
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat The object is locked ignored
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG The object is locked ignored
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat The object is locked ignored
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat The object is locked ignored
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\UV89MNCV\index[3].htm Infected: Trojan-Clicker.HTML.IFrame.g ignored
C:\Documents and Settings\LocalService\NTUSER.DAT The object is locked ignored
C:\Documents and Settings\LocalService\ntuser.dat.LOG The object is locked ignored
C:\Documents and Settings\Matteo\Application Data\Skype\matteo.aquino\call256.dbb The object is locked ignored
C:\Documents and Settings\Matteo\Application Data\Skype\matteo.aquino\callmember256.dbb The object is locked ignored
C:\Documents and Settings\Matteo\Application Data\Skype\matteo.aquino\chat512.dbb The object is locked ignored
C:\Documents and Settings\Matteo\Application Data\Skype\matteo.aquino\chatmember256.dbb The object is locked ignored
C:\Documents and Settings\Matteo\Application Data\Skype\matteo.aquino\chatmsg256.dbb The object is locked ignored
C:\Documents and Settings\Matteo\Application Data\Skype\matteo.aquino\chatmsg512.dbb The object is locked ignored
C:\Documents and Settings\Matteo\Application Data\Skype\matteo.aquino\contactgroup256.dbb The object is locked ignored
C:\Documents and Settings\Matteo\Application Data\Skype\matteo.aquino\dyncontent\bundle.dat The object is locked ignored
C:\Documents and Settings\Matteo\Application Data\Skype\matteo.aquino\index2.dat The object is locked ignored
C:\Documents and Settings\Matteo\Application Data\Skype\matteo.aquino\profile4096.dbb The object is locked ignored
C:\Documents and Settings\Matteo\Application Data\Skype\matteo.aquino\transfer256.dbb The object is locked ignored
C:\Documents and Settings\Matteo\Application Data\Skype\matteo.aquino\transfer512.dbb The object is locked ignored
C:\Documents and Settings\Matteo\Application Data\Skype\matteo.aquino\user1024.dbb The object is locked ignored
C:\Documents and Settings\Matteo\Application Data\Skype\matteo.aquino\user16384.dbb The object is locked ignored
C:\Documents and Settings\Matteo\Application Data\Skype\matteo.aquino\voicemail256.dbb The object is locked ignored
C:\Documents and Settings\Matteo\Desktop\backups\backup-20070208-135052-350-dllhost.exe Infected: Virus.Win32.Fontra.c ignored
C:\Documents and Settings\Matteo\Cookies\index.dat The object is locked ignored
C:\Documents and Settings\Matteo\hui.exe Infected: Virus.Win32.Fontra.c ignored
C:\Documents and Settings\Matteo\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat The object is locked ignored
C:\Documents and Settings\Matteo\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG The object is locked ignored
C:\Documents and Settings\Matteo\Local Settings\History\History.IE5\index.dat The object is locked ignored
C:\Documents and Settings\Matteo\Local Settings\Temporary Internet Files\Content.IE5\index.dat The object is locked ignored
C:\Documents and Settings\Matteo\My Documents\iTunes\iTunes\iTunes Library.itl The object is locked ignored
C:\Documents and Settings\Matteo\NTUSER.DAT The object is locked ignored
C:\Documents and Settings\Matteo\ntuser.dat.LOG The object is locked ignored
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat The object is locked ignored
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG The object is locked ignored
C:\Documents and Settings\NetworkService\NTUSER.DAT The object is locked ignored
C:\Documents and Settings\NetworkService\ntuser.dat.LOG The object is locked ignored
C:\Program Files\a.zip/Setup.exe Infected: Virus.Win32.Fontra.c ignored
C:\Program Files\a.zip ZIP: infected - 1 ignored
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat The object is locked ignored
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db The object is locked ignored
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int The object is locked ignored
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws The object is locked ignored
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log The object is locked ignored
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log The object is locked ignored
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident Protection.txt The object is locked ignored
C:\Program Files\b.zip/Video.exe Infected: Virus.Win32.Fontra.c ignored
C:\Program Files\b.zip ZIP: infected - 1 ignored
C:\Program Files\c.zip/Track_03.exe Infected: Virus.Win32.Fontra.c ignored
C:\Program Files\c.zip ZIP: infected - 1 ignored
C:\Program Files\Common Files\SPC500NC\Mionet\install.exe/cmdow.exe Infected: not-a-virus:RiskTool.Win32.HideWindows ignored
C:\Program Files\Common Files\SPC500NC\Mionet\install.exe CreateInstall: infected - 1 ignored
C:\Program Files\Setup.exe Infected: Virus.Win32.Fontra.c ignored
C:\Program Files\Track_03.exe Infected: Virus.Win32.Fontra.c ignored
C:\Program Files\uy.exe Infected: Virus.Win32.Fontra.c ignored
C:\Program Files\Video.exe Infected: Virus.Win32.Fontra.c ignored
C:\SDFix\backups\backups.zip/backups/p2pnetworking.exe Infected: Virus.Win32.Fontra.c ignored
C:\SDFix\backups\backups.zip ZIP: infected - 1 ignored
C:\System Volume Information\MountPointManagerRemoteDatabase The object is locked ignored
C:\System Volume Information\_restore{681E13DE-4588-447F-B73A-15B889BC157F}\RP480\A0053456.exe Infected: not-a-virus:RiskTool.Win32.HideWindows ignored
C:\System Volume Information\_restore{681E13DE-4588-447F-B73A-15B889BC157F}\RP509\A0061345.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.Maxifiles.ab ignored
C:\System Volume Information\_restore{681E13DE-4588-447F-B73A-15B889BC157F}\RP509\A0061345.exe/stream Infected: not-a-virus:AdWare.Win32.Maxifiles.ab ignored
C:\System Volume Information\_restore{681E13DE-4588-447F-B73A-15B889BC157F}\RP509\A0061345.exe NSIS: infected - 2 ignored
C:\System Volume Information\_restore{681E13DE-4588-447F-B73A-15B889BC157F}\RP519\A0064602.exe Infected: Virus.Win32.Fontra.c ignored
C:\System Volume Information\_restore{681E13DE-4588-447F-B73A-15B889BC157F}\RP519\A0064603.exe Infected: Virus.Win32.Fontra.c ignored
C:\System Volume Information\_restore{681E13DE-4588-447F-B73A-15B889BC157F}\RP519\A0064604.exe Infected: Virus.Win32.Fontra.c ignored
C:\System Volume Information\_restore{681E13DE-4588-447F-B73A-15B889BC157F}\RP519\A0064612.exe Infected: Virus.Win32.Fontra.c ignored
C:\System Volume Information\_restore{681E13DE-4588-447F-B73A-15B889BC157F}\RP520\A0065601.exe Infected: Virus.Win32.Fontra.c ignored
C:\System Volume Information\_restore{681E13DE-4588-447F-B73A-15B889BC157F}\RP520\A0065602.exe Infected: Virus.Win32.Fontra.c ignored
C:\System Volume Information\_restore{681E13DE-4588-447F-B73A-15B889BC157F}\RP520\A0065603.exe Infected: Virus.Win32.Fontra.c ignored
C:\System Volume Information\_restore{681E13DE-4588-447F-B73A-15B889BC157F}\RP520\A0065693.exe Infected: Virus.Win32.Fontra.c ignored
C:\System Volume Information\_restore{681E13DE-4588-447F-B73A-15B889BC157F}\RP520\A0065694.exe Infected: Virus.Win32.Fontra.c ignored
C:\System Volume Information\_restore{681E13DE-4588-447F-B73A-15B889BC157F}\RP520\A0065695.exe Infected: Virus.Win32.Fontra.c ignored
C:\System Volume Information\_restore{681E13DE-4588-447F-B73A-15B889BC157F}\RP520\A0065698.exe Infected: Virus.Win32.Fontra.c ignored
C:\System Volume Information\_restore{681E13DE-4588-447F-B73A-15B889BC157F}\RP520\A0066609.exe Infected: Virus.Win32.Fontra.c ignored
C:\System Volume Information\_restore{681E13DE-4588-447F-B73A-15B889BC157F}\RP520\A0066610.exe Infected: Virus.Win32.Fontra.c ignored
C:\System Volume Information\_restore{681E13DE-4588-447F-B73A-15B889BC157F}\RP520\A0066613.exe Infected: Virus.Win32.Fontra.c ignored
C:\System Volume Information\_restore{681E13DE-4588-447F-B73A-15B889BC157F}\RP520\A0066633.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.o ignored
C:\System Volume Information\_restore{681E13DE-4588-447F-B73A-15B889BC157F}\RP520\A0066638.exe Infected: Virus.Win32.Fontra.c ignored
C:\System Volume Information\_restore{681E13DE-4588-447F-B73A-15B889BC157F}\RP520\A0066639.exe Infected: Virus.Win32.Fontra.c ignored
C:\System Volume Information\_restore{681E13DE-4588-447F-B73A-15B889BC157F}\RP520\A0066640.exe Infected: Virus.Win32.Fontra.c ignored
C:\System Volume Information\_restore{681E13DE-4588-447F-B73A-15B889BC157F}\RP520\A0066654.exe Infected: Virus.Win32.Fontra.c ignored
C:\System Volume Information\_restore{681E13DE-4588-447F-B73A-15B889BC157F}\RP520\A0066655.exe Infected: Virus.Win32.Fontra.c ignored
C:\System Volume Information\_restore{681E13DE-4588-447F-B73A-15B889BC157F}\RP520\A0066656.exe Infected: Virus.Win32.Fontra.c ignored
C:\System Volume Information\_restore{681E13DE-4588-447F-B73A-15B889BC157F}\RP520\A0067057.exe Infected: Virus.Win32.Fontra.c ignored
C:\System Volume Information\_restore{681E13DE-4588-447F-B73A-15B889BC157F}\RP520\A0067058.exe Infected: Virus.Win32.Fontra.c ignored
C:\System Volume Information\_restore{681E13DE-4588-447F-B73A-15B889BC157F}\RP520\A0067059.exe Infected: Virus.Win32.Fontra.c ignored
C:\System Volume Information\_restore{681E13DE-4588-447F-B73A-15B889BC157F}\RP520\A0067082.exe Infected: Virus.Win32.Fontra.c ignored
C:\System Volume Information\_restore{681E13DE-4588-447F-B73A-15B889BC157F}\RP520\A0067105.exe Infected: Virus.Win32.Fontra.c ignored
C:\System Volume Information\_restore{681E13DE-4588-447F-B73A-15B889BC157F}\RP520\A0067106.exe Infected: Virus.Win32.Fontra.c ignored
C:\System Volume Information\_restore{681E13DE-4588-447F-B73A-15B889BC157F}\RP520\A0067107.exe Infected: Virus.Win32.Fontra.c ignored
C:\System Volume Information\_restore{681E13DE-4588-447F-B73A-15B889BC157F}\RP521\A0067123.exe Infected: Virus.Win32.Fontra.c ignored
C:\System Volume Information\_restore{681E13DE-4588-447F-B73A-15B889BC157F}\RP521\A0067124.exe Infected: Virus.Win32.Fontra.c ignored
C:\System Volume Information\_restore{681E13DE-4588-447F-B73A-15B889BC157F}\RP521\A0067127.exe Infected: Virus.Win32.Fontra.c ignored
C:\System Volume Information\_restore{681E13DE-4588-447F-B73A-15B889BC157F}\RP521\A0067139.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.ab ignored
C:\System Volume Information\_restore{681E13DE-4588-447F-B73A-15B889BC157F}\RP521\A0067152.exe Infected: Virus.Win32.Fontra.c ignored
C:\System Volume Information\_restore{681E13DE-4588-447F-B73A-15B889BC157F}\RP521\A0067153.exe Infected: Virus.Win32.Fontra.c ignored
C:\System Volume Information\_restore{681E13DE-4588-447F-B73A-15B889BC157F}\RP521\A0067154.exe Infected: Virus.Win32.Fontra.c ignored
C:\System Volume Information\_restore{681E13DE-4588-447F-B73A-15B889BC157F}\RP521\A0067164.exe Infected: Virus.Win32.Fontra.c ignored
C:\WINDOWS\Debug\PASSWD.LOG The object is locked ignored
C:\WINDOWS\SchedLgU.Txt The object is locked ignored
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log The object is locked ignored
C:\WINDOWS\Sti_Trace.log The object is locked ignored
C:\WINDOWS\system32\CatRoot2\edb.log The object is locked ignored
C:\WINDOWS\system32\CatRoot2\tmp.edb The object is locked ignored
C:\WINDOWS\system32\config\Antivirus.Evt The object is locked ignored
C:\WINDOWS\system32\config\AppEvent.Evt The object is locked ignored
C:\WINDOWS\system32\config\default The object is locked ignored
C:\WINDOWS\system32\config\default.LOG The object is locked ignored
C:\WINDOWS\system32\config\SAM The object is locked ignored
C:\WINDOWS\system32\config\SAM.LOG The object is locked ignored
C:\WINDOWS\system32\config\SecEvent.Evt The object is locked ignored
C:\WINDOWS\system32\config\SECURITY The object is locked ignored
C:\WINDOWS\system32\config\SECURITY.LOG The object is locked ignored
C:\WINDOWS\system32\config\software The object is locked ignored
C:\WINDOWS\system32\config\software.LOG The object is locked ignored
C:\WINDOWS\system32\config\SysEvent.Evt The object is locked ignored
C:\WINDOWS\system32\config\system The object is locked ignored
C:\WINDOWS\system32\config\system.LOG The object is locked ignored
C:\WINDOWS\system32\drivers\dtscsi.sys The object is locked ignored
C:\WINDOWS\system32\drivers\sptd.sys The object is locked ignored
C:\WINDOWS\system32\drivers\sptd5789.sys The object is locked ignored
C:\WINDOWS\system32\h323log.txt The object is locked ignored
C:\WINDOWS\system32\hui.exe Infected: Virus.Win32.Fontra.c ignored
C:\WINDOWS\system32\p2pnetworking.exe Infected: Virus.Win32.Fontra.c ignored
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR The object is locked ignored
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP The object is locked ignored
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER The object is locked ignored
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP The object is locked ignored
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP The object is locked ignored
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA The object is locked ignored
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP The object is locked ignored
C:\WINDOWS\Temp\Perflib_Perfdata_1cc.dat The object is locked ignored
C:\WINDOWS\Temp\_avast4_\Webshlock.txt The object is locked ignored
C:\WINDOWS\wiadebug.log The object is locked ignored
C:\WINDOWS\wiaservc.log The object is locked ignored
C:\WINDOWS\WindowsUpdate.log The object is locked ignored
D:\Shared\Cocktail Bar\Alanis Morisette - I am a bitch I'm a lover.mp3.exe Infected: Virus.Win32.Fontra.c ignored
D:\Shared\Cocktail Bar\Arctic Monkeys - When The Sun Goes Down.mp3.exe Infected: Virus.Win32.Fontra.c ignored
D:\Shared\Cocktail Bar\Babyshambles - Albion.mp3.exe Infected: Virus.Win32.Fontra.c ignored
D:\Shared\Cocktail Bar\Babyshambles - Another Girl Another Planet.mp3.exe Infected: Virus.Win32.Fontra.c ignored
D:\Shared\Cocktail Bar\Babyshambles - Bacardi.mp3.exe Infected: Virus.Win32.Fontra.c ignored
D:\Shared\Cocktail Bar\Babyshambles - Down In Albion - 05 - Pipe down.mp3.exe Infected: Virus.Win32.Fontra.c ignored
D:\Shared\Cocktail Bar\Babyshambles - East Of Eden.mp3.exe Infected: Virus.Win32.Fontra.c ignored
D:\Shared\Cocktail Bar\Babyshambles - Fuck Forever (acoustic).mp3.exe Infected: Virus.Win32.Fontra.c ignored
D:\Shared\Cocktail Bar\Babyshambles - Gang of Gin.mp3.exe Infected: Virus.Win32.Fontra.c ignored
D:\Shared\Cocktail Bar\Babyshambles - In Love With A Feeling.mp3.exe Infected: Virus.Win32.Fontra.c ignored
D:\Shared\Cocktail Bar\Babyshambles - Lust Of The Libertines.mp3.exe Infected: Virus.Win32.Fontra.c ignored
D:\Shared\Cocktail Bar\Babyshambles - Merry-Go-Round.mp3.exe Infected: Virus.Win32.Fontra.c ignored
D:\Shared\Cocktail Bar\Babyshambles - The man who came to stay.mp3.exe Infected: Virus.Win32.Fontra.c ignored
D:\Shared\Cocktail Bar\Babyshambles - Wolfman.mp3.exe Infected: Virus.Win32.Fontra.c ignored
D:\Shared\Cocktail Bar\Beach Boys - Kokomo.mp3.exe Infected: Virus.Win32.Fontra.c ignored
D:\Shared\Cocktail Bar\Beach Boys - Surfing USA.mp3.exe Infected: Virus.Win32.Fontra.c ignored
D:\Shared\Cocktail Bar\Beatles - Here Comes The Sun.mp3.exe Infected: Virus.Win32.Fontra.c ignored
D:\Shared\Cocktail Bar\Beatles - Can't Buy Me Love.mp3.exe Infected: Virus.Win32.Fontra.c ignored
D:\Shared\Cocktail Bar\Beatles, The - I Wanna Hold Your Hand.mp3.exe Infected: Virus.Win32.Fontra.c ignored
D:\Shared\Cocktail Bar\Beyonce Ft Jay -z - Deja VU.mp3.exe Infected: Virus.Win32.Fontra.c ignored
D:\Shared\Cocktail Bar\Black Eyed Peas - Pump It.mp3.exe Infected: Virus.Win32.Fontra.c ignored
D:\Shared\Cocktail Bar\Black Eyed Peas - Don't Phunk With My Heart.mp3.exe Infected: Virus.Win32.Fontra.c ignored
D:\Shared\Cocktail Bar\Blur - Song #2.mp3.exe Infected: Virus.Win32.Fontra.c ignored
D:\Shared\Cocktail Bar\Bob Marley - Could You Be Loved.mp3.exe Infected: Virus.Win32.Fontra.c ignored
D:\Shared\Cocktail Bar\Bob Sinclar - Love Generation.mp3.exe Infected: Virus.Win32.Fontra.c ignored
D:\Shared\Cocktail Bar\Bullet For My Valentine - Cries In Vain.mp3.exe Infected: Virus.Win32.Fontra.c ignored
D:\Shared\Cocktail Bar\Bullet For My Valentine - Hand of Blood.mp3.exe Infected: Virus.Win32.Fontra.c ignored
D:\Shared\Cocktail Bar\Bullet For My Valentine - Just Another Star.mp3.exe Infected: Virus.Win32.Fontra.c ignored
D:\Shared\Cocktail Bar\Bullet For My Valentine - The Poison - Suffocating Under Words Of Sorrow.mp3.exe Infected: Virus.Win32.Fontra.c ignored
D:\Shared\Cocktail Bar\COUP DE BOULE - Zidane il a taper.mp3.exe Infected: Virus.Win32.Fontra.c ignored
D:\Shared\Cocktail Bar\Edith Piaff - L'hymne a L'amour.mp3.exe Infected: Virus.Win32.Fontra.c ignored
D:\Shared\Cocktail Bar\French -Edith Piaf - La Vie en Rose.mp3.exe Infected: Virus.Win32.Fontra.c ignored
D:\Shared\Cocktail Bar\Graham Coxon - Bittersweet Bundle Of Misery.mp3.exe Infected: Virus.Win32.Fontra.c ignored
D:\Shared\Cocktail Bar\Graham Coxon - Time For Heros (The Libertines Cover) (Radio 1 Live Lounge).mp3.exe Infected: Virus.Win32.Fontra.c ignored
D:\Shared\Cocktail Bar\I Love Rock n' Roll.mp3.exe Infected: Virus.Win32.Fontra.c ignored
D:\Shared\Cocktail Bar\Inno Nazionale Italiano - Fratelli D'Italia (Provenzano Dj m2O Remix).mp3.exe Infected: Virus.Win32.Fontra.c ignored
D:\Shared\Cocktail Bar\James Blunt - Goodbye My Lover.mp3.exe Infected: Virus.Win32.Fontra.c ignored
D:\Shared\Cocktail Bar\Jaques Brel - Quand On N'a Que L'amour.mp3.exe Infected: Virus.Win32.Fontra.c ignored
D:\Shared\Cocktail Bar\Jimi Hendrix, Eric Clapton, & Carlos Santana - After Midnight.mp3.exe Infected: Virus.Win32.Fontra.c ignored
D:\Shared\Cocktail Bar\Jimmy Hendrix - American Women (Original).mp3.exe Infected: Virus.Win32.Fontra.c ignored
D:\Shared\Cocktail Bar\Jimmy Hendrix - Purple Haze.mp3.exe Infected: Virus.Win32.Fontra.c ignored
D:\Shared\Cocktail Bar\JLo - If You Had My Love.mp3.exe Infected: Virus.Win32.Fontra.c ignored
D:\Shared\Cocktail Bar\Jock Jams - Chumbawumba - I Get Knocked Down ok.mp3.exe Infected: Virus.Win32.Fontra.c ignored
D:\Shared\Cocktail Bar\Johnny halliday - que je t'aime.mp3.exe Infected: Virus.Win32.Fontra.c ignored
D:\Shared\Cocktail Bar\Julien Clerc - Coeur de rocker.mp3.exe Infected: Virus.Win32.Fontra.c ignored
D:\Shared\Cocktail Bar\kamaro Donne Moi Ton Coeur Corps.mp3.exe Infected: Virus.Win32.Fontra.c ignored
D:\Shared\Cocktail Bar\Kate Ryan - M(gyon Coeur Résiste Encore.mp3.exe Infected: Virus.Win32.Fontra.c ignored
D:\Shared\Cocktail Bar\Kelly Clarkson - Since You've Been Gone.mp3.exe Infected: Virus.Win32.Fontra.c ignored
D:\Shared\Cocktail Bar\Les Enfoirés - Laissons entrer le soleil (Julien Clerc, Mauranne, Marc Lavoine, Francis Cabrel - Live).mp3.exe Infected: Virus.Win32.Fontra.c ignored
D:\Shared\Cocktail Bar\Les Inconnus - C'est toi que je t'aime.mp3.exe Infected: Virus.Win32.Fontra.c ignored
D:\Shared\Cocktail Bar\Les Wriggles - la foret.mp3.exe Infected: Virus.Win32.Fontra.c ignored
D:\Shared\Cocktail Bar\Louise Attaque - Notre amour est e´ternel.MP3.exe Infected: Virus.Win32.Fontra.c ignored
D:\Shared\Cocktail Bar\Lucy In The Sky With Diamonds.mp3.exe Infected: Virus.Win32.Fontra.c ignored
D:\Shared\Cocktail Bar\Manu Chau - Je ne t'aime plus.mp3.exe Infected: Virus.Win32.Fontra.c ignored
D:\Shared\Cocktail Bar\National Anthem - Italy - Inno nazionale - Italia - Fratelli d'Italia (inno di Mameli) Mario del Monaco e Coro.mp3.exe Infected: Virus.Win32.Fontra.c ignored
D:\Shared\Cocktail Bar\Philippe Lafontaine - Coeur De Loup.mp3.exe Infected: Virus.Win32.Fontra.c ignored
D:\Shared\Cocktail Bar\Placebo - Song to Say Goodbye.mp3.exe Infected: Virus.Win32.Fontra.c ignored
D:\Shared\Cocktail Bar\Rage Against The Machine - Fuck The Police.mp3.exe Infected: Virus.Win32.Fontra.c ignored
D:\Shared\Cocktail Bar\rolling stones - angie.mp3.exe Infected: Virus.Win32.Fontra.c ignored
D:\Shared\Cocktail Bar\Rolling Stones - Satisfaction.mp3.exe Infected: Virus.Win32.Fontra.c ignored
D:\Shared\Cocktail Bar\Roxette - Listen To Your Heart (80s).mp3.exe Infected: Virus.Win32.Fontra.c ignored
D:\Shared\Cocktail Bar\she wants revenge - Tear You Apart.mp3.exe Infected: Virus.Win32.Fontra.c ignored
D:\Shared\Cocktail Bar\Smash Mouth - I Get Knocked Down.mp3.exe Infected: Virus.Win32.Fontra.c ignored
D:\Shared\Cocktail Bar\Staind - Outside.mp3.exe Infected: Virus.Win32.Fontra.c ignored
D:\Shared\Cocktail Bar\Sum 41 - Thanks For Nothing.mp3.exe Infected: Virus.Win32.Fontra.c ignored
D:\Shared\Cocktail Bar\Sum 41-We're All To Blame.mp3.exe Infected: Virus.Win32.Fontra.c ignored
D:\Shared\Cocktail Bar\System of
0
Réponse 19 / 23
japeters21 Posted messages 30 Status Membre 17
 
I want to clarify that the folder contains ONLY a few mp3 files, I don't know where he found all these movie titles!!!
0
Réponse 20 / 23
salwa5 Posted messages 7552 Status Contributeur 1 670
 
Hello :p there are more than 3000 infected files, it's weird that Avast didn't see anything? Did you update it?

I suggest you install the trial version of Kaspersky, this antivirus will remove the virus and repair the damage caused

Download the trial version of Kaspersky here:
https://www.kaspersky.fr/downloads?chapter=186498689

Tutorial to follow (thanks Malekal_morte):
https://www.malekal.com/tutorial-kaspersky-trial/

Print these instructions so you don’t forget anything

After installation, during setup via the wizard:

- disable or uninstall Avast otherwise there will be a conflict
- Activate the 30-day trial license
- Start an automatic update
- Enable basic protection
**Do not run the scan right away**

Restart in Safe Mode

- Start Kaspersky from the Start Menu >> All Programs >> Kaspersky Anti-virus
- An icon with a grey K will appear at the bottom right next to the clock
- Right-click on this icon then "Scan the Computer"
- The computer scan will start
- Once the scan is complete, preferably repair all found viruses
- Create a report using the Save As button at the bottom of the window, save the file as Kaspersky.txt on your Desktop.
---------------------------------------------------------

Post (copy/paste) the Kaspersky report here

a+++
0
  • 1
  • 2