about blank m empeche d aller sur myspaceRésolu/Fermé

Question

Bonjour à tous
about blank m empeche d aller sur myspace
se site n'est plus accessible chez moi et je ne sai pas pour quoi 
www.myspace.com , dans la bar de recherche s'ecrit a la place about : blank

j'ai instaler HijackThis
mais je ne sais pas se qu il faut suprimer 
voici le rapor
un tres tres grand merci à tout ceux qui me réponderont





Logfile of HijackThis v1.99.1
Scan saved at 11:19:57, on 15/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\WINDOWS\system32\svchost.exe
C:\DOCUME~1\YANNIS~1\LOCALS~1\Temp\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\Yannis Le roi\Bureau\HijackThis.exe

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE	oolbar.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,I:\WINDOWS\system32\userinit.exe,
O1 - Hosts: 65.54.239.80 messenger.hotmail.com
O1 - Hosts: 65.54.239.80 dp.msnmessenger.akadns.net
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll (file missing)
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE	oolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [vssms32] C:\WINDOWS\system32\vssms32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [WindowsServicesStartup] C:\DOCUME~1\YANNIS~1\LOCALS~1\Temp\svchost.exe 1
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [j9241838] rundll32 C:\WINDOWS\system32\j9241838.dll sook
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\axxxljyv.dll",realset
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] C:\Program Files\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [NudgeMania] C:\Program Files\NudgeMania\NudgeMania.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Unknown owner - C:\Program Files\Digidesign\Drivers\MMERefresh.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - I:\WINDOWS\system32\mnmsrvc.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - I:\WINDOWS\system32\sessmgr.exe (file missing)
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

ben69 · Answer

et si dans la barre d'adresse tu tape https://myspace.com/ à la place de outblanc, il se passe quoi???

cooldogg · Answer

sa charge et rien ne se passe et sa me met 



Délai d'attente dépassé
 Le serveur à l'adresse www.myspace.com met trop de temps à répondre.

        


        
        


    *   Le site est peut-être temporairement indisponible ou surchargé. Réessayez plus
          tard ;

    *   Si vous n'arrivez à naviguer sur aucun site, vérifiez la connexion
          au réseau de votre ordinateur ;

    *   Si votre ordinateur ou votre réseau est protégé par un pare-feu ou un proxy,
          assurez-vous que Firefox a l'autorisation d'accéder au Web.




      


ou sinon j ai une page blanche qui s affiche avec mon adresse qui c'est changé en about : blank

Nilou17 · Answer

Salut ! :-)

Il n'y a pas qu'about:blank dans ton PC. :-S

Je te propose un nettoyage des bestioles qu'il y'a ton PC, ça marche ? :-D

Si oui, suis la méthode préliminaire de désinfection.
Copie/colle les rapports dans ta prochaine réponse !!!

Je te donnerai d'autres manips à effectuer (si besoin est).

A+

** Nils **

cooldogg · Answer

lol merci de me rassurer ^^
je vais bientôt terminer normalment

cooldogg · Answer

mon probleme persiste
voici 

Logfile of HijackThis v1.99.1
Scan saved at 16:00:25, on 15/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\vssms32.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Yannis Le roi\Bureau\HijackThis.exe

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE	oolbar.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,I:\WINDOWS\system32\userinit.exe,
O1 - Hosts: 65.54.239.80 messenger.hotmail.com
O1 - Hosts: 65.54.239.80 dp.msnmessenger.akadns.net
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE	oolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [vssms32] C:\WINDOWS\system32\vssms32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [WindowsServicesStartup] C:\DOCUME~1\YANNIS~1\LOCALS~1\Temp\svchost.exe 1
O4 - HKLM\..\Run: [j9241838] rundll32 C:\WINDOWS\system32\j9241838.dll sook
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\axxxljyv.dll",realset
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] C:\Program Files\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [NudgeMania] C:\Program Files\NudgeMania\NudgeMania.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Unknown owner - C:\Program Files\Digidesign\Drivers\MMERefresh.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - I:\WINDOWS\system32\mnmsrvc.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - I:\WINDOWS\system32\sessmgr.exe (file missing)
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

Brandon · Answer

est-tu en réseau cher toi? as tu acces a d'autres pages internet?

cooldogg · Answer

le seul site qui m'est reffusé est myspace
tous les autres fonctionne sinon
"est-tu en réseau cher toi" sa j'ai pas compris

cooldogg · Answer

j'ai Internet Explorer et  Mozilla Firefox
mais j'utilise que Mozilla Firefox
mais sa me met about blank avec les 2 quand j essay d aller sur myspace

Nilou17 · Answer

Re. :-)

On va commencer par ceci :

* Télécharge VundoFix.exe (par Atribune) sur ton Bureau. 
http://www.atribune.org/ccount/click.php?id=4 

* Double-clique VundoFix.exe afin de le lancer. 
* Lorsque l'outil se lance à nouveau, clique sur le bouton Scan for Vundo 
* Clique sur le bouton Scan for Vundo. 
* Lorsque le scan est complété, clique sur le bouton Remove Vundo 
* Une invite te demandera si tu veux supprimer les fichiers, clique sur YES 
* Après avoir cliqué sur YES, le Bureau disparaîtra un moment lors de la suppression des fichiers. 
* Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown"). Clique sur OK. 
* Démarre ton PC à nouveau. 
* Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse. 

Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. 
Si tel est le cas, l'outil se lancera au prochain redémarrage.
Il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo". 


Surtout, n'hésite pas si tu as un problème dans la manip' ! ;-)

A+

** Nils **

cooldogg · Answer

merci  pour ton aide
le probleme n'est tjs pas réglé



VundoFix V6.5.0

Checking Java version...

Java version is 1.5.0.11

Scan started at 12:43:21 16/06/2007

Listing files found while scanning....

C:\windows\system32\aaebjysw.dll
C:\windows\system32\abensduw.dll
C:\windows\system32\aidcpfgo.dll
C:\windows\system32\axsgpsts.ini
C:\windows\system32\aynbqbpc.dll
C:\windows\system32\ayxmimws.ini
C:\windows\system32\bfsqvrke.dll
C:\windows\system32\bhwktkqd.ini
C:\windows\system32\bigriayi.ini
C:\windows\system32\biwbywou.dll
C:\windows\system32\bmcdrwpq.dll
C:\windows\system32\brxbrcrg.dll
C:\windows\system32\clteqdad.dll
C:\windows\system32\cmcbruwv.dll
C:\windows\system32\cnmthqoh.dll
C:\windows\system32\codpimjp.ini
C:\windows\system32\cpycjhie.dll
C:\windows\system32\ddeeg.bak1
C:\windows\system32\ddeeg.bak2
C:\windows\system32\ddeeg.ini
C:\windows\system32\ddeeg.ini2
C:\windows\system32\ddeeg.tmp
C:\windows\system32\diphqihu.exe
C:\WINDOWS\system32\diwmiwtt.dll
C:\windows\system32\dnsvrhhl.dll
C:\windows\system32\dqktkwhb.dll
C:\windows\system32\dviieiyh.dll
C:\windows\system32\eanrcpbk.dll
C:\windows\system32\eppbhcuu.dll
C:\windows\system32\eutdxbyv.dll
C:\windows\system32\exvbddnj.exe
C:\windows\system32\fhlfkelh.dll
C:\windows\system32\fibmcomu.dll
C:\windows\system32\fisnlyvx.dll
C:\windows\system32\fmfnqfxb.dll
C:\windows\system32\fqdomowv.dll
C:\windows\system32\fsjmpgag.dll
C:\windows\system32\fwhcbedn.dll
C:\WINDOWS\system32\gebyvvt.dll
C:\WINDOWS\system32\geebx.dll
C:\WINDOWS\system32\geedd.dll
C:\windows\system32\ghxajtmc.dll
C:\windows\system32\gkdwanbt.dll
C:\windows\system32\gkqwvbaw.dll
C:\windows\system32\glbfbkxv.dll
C:\windows\system32\gsyikorg.dll
C:\windows\system32\hhexlnjv.ini
C:\windows\system32\hjfjggvn.dll
C:\windows\system32\hmxdhygm.dll
C:\windows\system32\hstemfvm.ini
C:\WINDOWS\system32\hvrcibrc.dll
C:\windows\system32\hyieiivd.ini
C:\windows\system32\ifxujahp.dll
C:\windows\system32\iokwjagb.dll
C:\windows\system32\iucwtmyl.dll
C:\windows\system32\ivrvsipt.dll
C:\windows\system32\iyairgib.dll
C:\windows\system32\javfaoum.dll
C:\WINDOWS\system32\jdlvlvhc.dll
C:\windows\system32\jibcxnfk.dll
C:\windows\system32\jjmidiqs.dll
C:\windows\system32\jmfhjsje.dll
C:\windows\system32\jokfphdm.ini
C:\windows\system32\kdplbtcs.dll
C:\windows\system32\kfmwoyvt.dll
C:\windows\system32\kfnxcbij.ini
C:\windows\system32\kpmmxftr.exe
C:\windows\system32\kuvjbbyf.dll
C:\windows\system32\kwpkqogy.dll
C:\windows\system32\laabbvph.exe
C:\windows\system32\lfeehtyg.dll
C:\windows\system32\lffnxdoo.dll
C:\windows\system32\lntginno.dll
C:\windows\system32\mbaesfrx.dll
C:\windows\system32\mdhpfkoj.dll
C:\windows\system32\mfchyfpn.dll
C:\windows\system32\mrhkfkhs.dll
C:\windows\system32\mvfmetsh.dll
C:\windows\system32
agciowq.dll
C:\windows\system32
avihodo.ini
C:\windows\system32
ijvbdno.ini
C:\windows\system32
kitbbwd.dll
C:\windows\system32
qceuxkv.dll
C:\windows\system32\odohivan.dll
C:\windows\system32\oenmpmap.dll
C:\windows\system32\ogfpcdia.ini
C:\windows\system32\ondbvjin.dll
C:\windows\system32\oyavxqwm.dll
C:\WINDOWS\system32\pdodhtos.dll
C:\windows\system32\phajuxfi.ini
C:\windows\system32\pjmipdoc.dll
C:\windows\system32\pohbfmht.ini
C:\windows\system32\pqtss.ini
C:\windows\system32\putrnkgd.dll
C:\windows\system32\pxwelbsu.exe
C:\windows\system32\qfwwyodw.dll
C:\windows\system32\qhoebvli.exe
C:\windows\system32\qleaompo.dll
C:\windows\system32\qmpfchsu.dll
C:\windows\system32\qojipsha.dll
C:\windows\system32\qpvuvpay.dll
C:\windows\system32\qpwrdcmb.ini
C:\windows\system32\qtcumyjk.dll
C:\windows\system32\quygxynd.dll
C:\windows\system32dfxarus.dll
C:\windows\system32gwlvugt.exe
C:\windows\system32kdlsjix.dll
C:\windows\system32puxwtlf.exe
C:\windows\system32\sajlxlou.dll
C:\windows\system32\savouaiw.dll
C:\windows\system32\sctblpdk.ini
C:\windows\system32\sfwbkhkc.dll
C:\windows\system32\shkfkhrm.ini
C:\windows\system32\spsuqwys.dll
C:\windows\system32\sqidimjj.ini
C:\windows\system32\srvhjfis.dll
C:\windows\system32\sstqp.dll
C:\windows\system32\stspgsxa.dll
C:\windows\system32\swmimxya.dll
C:\windows\system32\sxhneuxi.exe
C:\windows\system32	aixtdsr.dll
C:\windows\system32	hmfbhop.dll
C:\windows\system32	ixthpvd.dll
C:\windows\system32	mdyjnwn.dll
C:\windows\system32	nnxkvif.dll
C:\windows\system32	uxlrrtw.dll
C:\windows\system32\ujccivfb.exe
C:\windows\system32\umocmbif.ini
C:\windows\system32\vjnlxehh.dll
C:\windows\system32\vqhttjjw.dll
C:\windows\system32\vsatcidu.dll
C:\windows\system32\vwomodqf.ini
C:\windows\system32\vwrgxncu.dll
C:\windows\system32\vwurbcmc.ini
C:\windows\system32\vyrwjxbt.dll
C:\windows\system32\wdoywwfq.ini
C:\windows\system32\wjjtthqv.ini
C:\windows\system32\wtumunrj.exe
C:\windows\system32\wudsneba.ini
C:\windows\system32\xbeeg.bak1
C:\windows\system32\xbeeg.bak2
C:\windows\system32\xbeeg.ini
C:\windows\system32\xcpwxqet.dll
C:\windows\system32\xjyjmery.ini
C:\windows\system32\xkcdjprm.exe
C:\windows\system32\xkqecfam.dll
C:\windows\system32\xmyxbipe.exe
C:\windows\system32\xvylnsif.ini
C:\windows\system32\yajjhfhk.exe
C:\windows\system32\yapvuvpq.ini
C:\windows\system32\yauehpiv.dll
C:\windows\system32\yinagmbi.dll
C:\windows\system32\yjgpbvtb.dll
C:\windows\system32\ymwktobn.exe
C:\windows\system32\yremjyjx.dll
C:\windows\system32\yuifuxca.dll
C:\windows\system32\yuxmbhpd.dll
C:\WINDOWS\system32\yxrgvcdy.dll

Beginning removal...

 Attempting to delete C:\windows\system32\aaebjysw.dll
C:\windows\system32\aaebjysw.dll Has been deleted!

 Attempting to delete C:\windows\system32\abensduw.dll
C:\windows\system32\abensduw.dll Has been deleted!

 Attempting to delete C:\windows\system32\aidcpfgo.dll
C:\windows\system32\aidcpfgo.dll Has been deleted!

 Attempting to delete C:\windows\system32\axsgpsts.ini
C:\windows\system32\axsgpsts.ini Has been deleted!

 Attempting to delete C:\windows\system32\aynbqbpc.dll
C:\windows\system32\aynbqbpc.dll Has been deleted!

 Attempting to delete C:\windows\system32\ayxmimws.ini
C:\windows\system32\ayxmimws.ini Has been deleted!

 Attempting to delete C:\windows\system32\bfsqvrke.dll
C:\windows\system32\bfsqvrke.dll Has been deleted!

 Attempting to delete C:\windows\system32\bhwktkqd.ini
C:\windows\system32\bhwktkqd.ini Has been deleted!

 Attempting to delete C:\windows\system32\bigriayi.ini
C:\windows\system32\bigriayi.ini Has been deleted!

 Attempting to delete C:\windows\system32\biwbywou.dll
C:\windows\system32\biwbywou.dll Has been deleted!

 Attempting to delete C:\windows\system32\bmcdrwpq.dll
C:\windows\system32\bmcdrwpq.dll Has been deleted!

 Attempting to delete C:\windows\system32\brxbrcrg.dll
C:\windows\system32\brxbrcrg.dll Has been deleted!

 Attempting to delete C:\windows\system32\clteqdad.dll
C:\windows\system32\clteqdad.dll Has been deleted!

 Attempting to delete C:\windows\system32\cmcbruwv.dll
C:\windows\system32\cmcbruwv.dll Has been deleted!

 Attempting to delete C:\windows\system32\cnmthqoh.dll
C:\windows\system32\cnmthqoh.dll Has been deleted!

 Attempting to delete C:\windows\system32\codpimjp.ini
C:\windows\system32\codpimjp.ini Has been deleted!

 Attempting to delete C:\windows\system32\cpycjhie.dll
C:\windows\system32\cpycjhie.dll Has been deleted!

 Attempting to delete C:\windows\system32\ddeeg.bak1
C:\windows\system32\ddeeg.bak1 Has been deleted!

 Attempting to delete C:\windows\system32\ddeeg.bak2
C:\windows\system32\ddeeg.bak2 Has been deleted!

 Attempting to delete C:\windows\system32\ddeeg.ini
C:\windows\system32\ddeeg.ini Has been deleted!

 Attempting to delete C:\windows\system32\ddeeg.ini2
C:\windows\system32\ddeeg.ini2 Has been deleted!

 Attempting to delete C:\windows\system32\ddeeg.tmp
C:\windows\system32\ddeeg.tmp Has been deleted!

 Attempting to delete C:\windows\system32\diphqihu.exe
C:\windows\system32\diphqihu.exe Has been deleted!

 Attempting to delete C:\WINDOWS\system32\diwmiwtt.dll
C:\WINDOWS\system32\diwmiwtt.dll Has been deleted!

 Attempting to delete C:\windows\system32\dnsvrhhl.dll
C:\windows\system32\dnsvrhhl.dll Has been deleted!

 Attempting to delete C:\windows\system32\dqktkwhb.dll
C:\windows\system32\dqktkwhb.dll Has been deleted!

 Attempting to delete C:\windows\system32\dviieiyh.dll
C:\windows\system32\dviieiyh.dll Has been deleted!

 Attempting to delete C:\windows\system32\eanrcpbk.dll
C:\windows\system32\eanrcpbk.dll Has been deleted!

 Attempting to delete C:\windows\system32\eppbhcuu.dll
C:\windows\system32\eppbhcuu.dll Has been deleted!

 Attempting to delete C:\windows\system32\eutdxbyv.dll
C:\windows\system32\eutdxbyv.dll Has been deleted!

 Attempting to delete C:\windows\system32\exvbddnj.exe
C:\windows\system32\exvbddnj.exe Has been deleted!

 Attempting to delete C:\windows\system32\fhlfkelh.dll
C:\windows\system32\fhlfkelh.dll Has been deleted!

 Attempting to delete C:\windows\system32\fibmcomu.dll
C:\windows\system32\fibmcomu.dll Has been deleted!

 Attempting to delete C:\windows\system32\fisnlyvx.dll
C:\windows\system32\fisnlyvx.dll Has been deleted!

 Attempting to delete C:\windows\system32\fmfnqfxb.dll
C:\windows\system32\fmfnqfxb.dll Has been deleted!

 Attempting to delete C:\windows\system32\fqdomowv.dll
C:\windows\system32\fqdomowv.dll Has been deleted!

 Attempting to delete C:\windows\system32\fsjmpgag.dll
C:\windows\system32\fsjmpgag.dll Has been deleted!

 Attempting to delete C:\windows\system32\fwhcbedn.dll
C:\windows\system32\fwhcbedn.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\gebyvvt.dll
C:\WINDOWS\system32\gebyvvt.dll Could not be deleted.

 Attempting to delete C:\WINDOWS\system32\geebx.dll
C:\WINDOWS\system32\geebx.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\geedd.dll
C:\WINDOWS\system32\geedd.dll Has been deleted!

 Attempting to delete C:\windows\system32\ghxajtmc.dll
C:\windows\system32\ghxajtmc.dll Has been deleted!

 Attempting to delete C:\windows\system32\gkdwanbt.dll
C:\windows\system32\gkdwanbt.dll Has been deleted!

 Attempting to delete C:\windows\system32\gkqwvbaw.dll
C:\windows\system32\gkqwvbaw.dll Has been deleted!

 Attempting to delete C:\windows\system32\glbfbkxv.dll
C:\windows\system32\glbfbkxv.dll Has been deleted!

 Attempting to delete C:\windows\system32\gsyikorg.dll
C:\windows\system32\gsyikorg.dll Has been deleted!

 Attempting to delete C:\windows\system32\hhexlnjv.ini
C:\windows\system32\hhexlnjv.ini Has been deleted!

 Attempting to delete C:\windows\system32\hjfjggvn.dll
C:\windows\system32\hjfjggvn.dll Has been deleted!

 Attempting to delete C:\windows\system32\hmxdhygm.dll
C:\windows\system32\hmxdhygm.dll Has been deleted!

 Attempting to delete C:\windows\system32\hstemfvm.ini
C:\windows\system32\hstemfvm.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32\hvrcibrc.dll
C:\WINDOWS\system32\hvrcibrc.dll Has been deleted!

 Attempting to delete C:\windows\system32\hyieiivd.ini
C:\windows\system32\hyieiivd.ini Has been deleted!

 Attempting to delete C:\windows\system32\ifxujahp.dll
C:\windows\system32\ifxujahp.dll Has been deleted!

 Attempting to delete C:\windows\system32\iokwjagb.dll
C:\windows\system32\iokwjagb.dll Has been deleted!

 Attempting to delete C:\windows\system32\iucwtmyl.dll
C:\windows\system32\iucwtmyl.dll Has been deleted!

 Attempting to delete C:\windows\system32\ivrvsipt.dll
C:\windows\system32\ivrvsipt.dll Has been deleted!

 Attempting to delete C:\windows\system32\iyairgib.dll
C:\windows\system32\iyairgib.dll Has been deleted!

 Attempting to delete C:\windows\system32\javfaoum.dll
C:\windows\system32\javfaoum.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\jdlvlvhc.dll
C:\WINDOWS\system32\jdlvlvhc.dll Has been deleted!

 Attempting to delete C:\windows\system32\jibcxnfk.dll
C:\windows\system32\jibcxnfk.dll Has been deleted!

 Attempting to delete C:\windows\system32\jjmidiqs.dll
C:\windows\system32\jjmidiqs.dll Has been deleted!

 Attempting to delete C:\windows\system32\jmfhjsje.dll
C:\windows\system32\jmfhjsje.dll Has been deleted!

 Attempting to delete C:\windows\system32\jokfphdm.ini
C:\windows\system32\jokfphdm.ini Has been deleted!

 Attempting to delete C:\windows\system32\kdplbtcs.dll
C:\windows\system32\kdplbtcs.dll Has been deleted!

 Attempting to delete C:\windows\system32\kfmwoyvt.dll
C:\windows\system32\kfmwoyvt.dll Has been deleted!

 Attempting to delete C:\windows\system32\kfnxcbij.ini
C:\windows\system32\kfnxcbij.ini Has been deleted!

 Attempting to delete C:\windows\system32\kpmmxftr.exe
C:\windows\system32\kpmmxftr.exe Has been deleted!

 Attempting to delete C:\windows\system32\kuvjbbyf.dll
C:\windows\system32\kuvjbbyf.dll Has been deleted!

 Attempting to delete C:\windows\system32\kwpkqogy.dll
C:\windows\system32\kwpkqogy.dll Has been deleted!

 Attempting to delete C:\windows\system32\laabbvph.exe
C:\windows\system32\laabbvph.exe Has been deleted!

 Attempting to delete C:\windows\system32\lfeehtyg.dll
C:\windows\system32\lfeehtyg.dll Has been deleted!

 Attempting to delete C:\windows\system32\lffnxdoo.dll
C:\windows\system32\lffnxdoo.dll Has been deleted!

 Attempting to delete C:\windows\system32\lntginno.dll
C:\windows\system32\lntginno.dll Has been deleted!

 Attempting to delete C:\windows\system32\mbaesfrx.dll
C:\windows\system32\mbaesfrx.dll Has been deleted!

 Attempting to delete C:\windows\system32\mdhpfkoj.dll
C:\windows\system32\mdhpfkoj.dll Has been deleted!

 Attempting to delete C:\windows\system32\mfchyfpn.dll
C:\windows\system32\mfchyfpn.dll Has been deleted!

 Attempting to delete C:\windows\system32\mrhkfkhs.dll
C:\windows\system32\mrhkfkhs.dll Has been deleted!

 Attempting to delete C:\windows\system32\mvfmetsh.dll
C:\windows\system32\mvfmetsh.dll Has been deleted!

 Attempting to delete C:\windows\system32
agciowq.dll
C:\windows\system32
agciowq.dll Has been deleted!

 Attempting to delete C:\windows\system32
avihodo.ini
C:\windows\system32
avihodo.ini Has been deleted!

 Attempting to delete C:\windows\system32
ijvbdno.ini
C:\windows\system32
ijvbdno.ini Has been deleted!

 Attempting to delete C:\windows\system32
kitbbwd.dll
C:\windows\system32
kitbbwd.dll Has been deleted!

 Attempting to delete C:\windows\system32
qceuxkv.dll
C:\windows\system32
qceuxkv.dll Has been deleted!

 Attempting to delete C:\windows\system32\odohivan.dll
C:\windows\system32\odohivan.dll Has been deleted!

 Attempting to delete C:\windows\system32\oenmpmap.dll
C:\windows\system32\oenmpmap.dll Has been deleted!

 Attempting to delete C:\windows\system32\ogfpcdia.ini
C:\windows\system32\ogfpcdia.ini Has been deleted!

 Attempting to delete C:\windows\system32\ondbvjin.dll
C:\windows\system32\ondbvjin.dll Has been deleted!

 Attempting to delete C:\windows\system32\oyavxqwm.dll
C:\windows\system32\oyavxqwm.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\pdodhtos.dll
C:\WINDOWS\system32\pdodhtos.dll Has been deleted!

 Attempting to delete C:\windows\system32\phajuxfi.ini
C:\windows\system32\phajuxfi.ini Has been deleted!

 Attempting to delete C:\windows\system32\pjmipdoc.dll
C:\windows\system32\pjmipdoc.dll Has been deleted!

 Attempting to delete C:\windows\system32\pohbfmht.ini
C:\windows\system32\pohbfmht.ini Has been deleted!

 Attempting to delete C:\windows\system32\pqtss.ini
C:\windows\system32\pqtss.ini Has been deleted!

 Attempting to delete C:\windows\system32\putrnkgd.dll
C:\windows\system32\putrnkgd.dll Has been deleted!

 Attempting to delete C:\windows\system32\pxwelbsu.exe
C:\windows\system32\pxwelbsu.exe Has been deleted!

 Attempting to delete C:\windows\system32\qfwwyodw.dll
C:\windows\system32\qfwwyodw.dll Has been deleted!

 Attempting to delete C:\windows\system32\qhoebvli.exe
C:\windows\system32\qhoebvli.exe Has been deleted!

 Attempting to delete C:\windows\system32\qleaompo.dll
C:\windows\system32\qleaompo.dll Has been deleted!

 Attempting to delete C:\windows\system32\qmpfchsu.dll
C:\windows\system32\qmpfchsu.dll Has been deleted!

 Attempting to delete C:\windows\system32\qojipsha.dll
C:\windows\system32\qojipsha.dll Has been deleted!

 Attempting to delete C:\windows\system32\qpvuvpay.dll
C:\windows\system32\qpvuvpay.dll Has been deleted!

 Attempting to delete C:\windows\system32\qpwrdcmb.ini
C:\windows\system32\qpwrdcmb.ini Has been deleted!

 Attempting to delete C:\windows\system32\qtcumyjk.dll
C:\windows\system32\qtcumyjk.dll Has been deleted!

 Attempting to delete C:\windows\system32\quygxynd.dll
C:\windows\system32\quygxynd.dll Has been deleted!

 Attempting to delete C:\windows\system32dfxarus.dll
C:\windows\system32dfxarus.dll Has been deleted!

 Attempting to delete C:\windows\system32gwlvugt.exe
C:\windows\system32gwlvugt.exe Has been deleted!

 Attempting to delete C:\windows\system32kdlsjix.dll
C:\windows\system32kdlsjix.dll Has been deleted!

 Attempting to delete C:\windows\system32puxwtlf.exe
C:\windows\system32puxwtlf.exe Has been deleted!

 Attempting to delete C:\windows\system32\sajlxlou.dll
C:\windows\system32\sajlxlou.dll Has been deleted!

 Attempting to delete C:\windows\system32\savouaiw.dll
C:\windows\system32\savouaiw.dll Has been deleted!

 Attempting to delete C:\windows\system32\sctblpdk.ini
C:\windows\system32\sctblpdk.ini Has been deleted!

 Attempting to delete C:\windows\system32\sfwbkhkc.dll
C:\windows\system32\sfwbkhkc.dll Has been deleted!

 Attempting to delete C:\windows\system32\shkfkhrm.ini
C:\windows\system32\shkfkhrm.ini Has been deleted!

 Attempting to delete C:\windows\system32\spsuqwys.dll
C:\windows\system32\spsuqwys.dll Has been deleted!

 Attempting to delete C:\windows\system32\sqidimjj.ini
C:\windows\system32\sqidimjj.ini Has been deleted!

 Attempting to delete C:\windows\system32\srvhjfis.dll
C:\windows\system32\srvhjfis.dll Has been deleted!

 Attempting to delete C:\windows\system32\sstqp.dll
C:\windows\system32\sstqp.dll Has been deleted!

 Attempting to delete C:\windows\system32\stspgsxa.dll
C:\windows\system32\stspgsxa.dll Has been deleted!

 Attempting to delete C:\windows\system32\swmimxya.dll
C:\windows\system32\swmimxya.dll Has been deleted!

 Attempting to delete C:\windows\system32\sxhneuxi.exe
C:\windows\system32\sxhneuxi.exe Has been deleted!

 Attempting to delete C:\windows\system32	aixtdsr.dll
C:\windows\system32	aixtdsr.dll Has been deleted!

 Attempting to delete C:\windows\system32	hmfbhop.dll
C:\windows\system32	hmfbhop.dll Has been deleted!

 Attempting to delete C:\windows\system32	ixthpvd.dll
C:\windows\system32	ixthpvd.dll Has been deleted!

 Attempting to delete C:\windows\system32	mdyjnwn.dll
C:\windows\system32	mdyjnwn.dll Has been deleted!

 Attempting to delete C:\windows\system32	nnxkvif.dll
C:\windows\system32	nnxkvif.dll Has been deleted!

 Attempting to delete C:\windows\system32	uxlrrtw.dll
C:\windows\system32	uxlrrtw.dll Has been deleted!

 Attempting to delete C:\windows\system32\ujccivfb.exe
C:\windows\system32\ujccivfb.exe Has been deleted!

 Attempting to delete C:\windows\system32\umocmbif.ini
C:\windows\system32\umocmbif.ini Has been deleted!

 Attempting to delete C:\windows\system32\vjnlxehh.dll
C:\windows\system32\vjnlxehh.dll Has been deleted!

 Attempting to delete C:\windows\system32\vqhttjjw.dll
C:\windows\system32\vqhttjjw.dll Has been deleted!

 Attempting to delete C:\windows\system32\vsatcidu.dll
C:\windows\system32\vsatcidu.dll Has been deleted!

 Attempting to delete C:\windows\system32\vwomodqf.ini
C:\windows\system32\vwomodqf.ini Has been deleted!

 Attempting to delete C:\windows\system32\vwrgxncu.dll
C:\windows\system32\vwrgxncu.dll Has been deleted!

 Attempting to delete C:\windows\system32\vwurbcmc.ini
C:\windows\system32\vwurbcmc.ini Has been deleted!

 Attempting to delete C:\windows\system32\vyrwjxbt.dll
C:\windows\system32\vyrwjxbt.dll Has been deleted!

 Attempting to delete C:\windows\system32\wdoywwfq.ini
C:\windows\system32\wdoywwfq.ini Has been deleted!

 Attempting to delete C:\windows\system32\wjjtthqv.ini
C:\windows\system32\wjjtthqv.ini Has been deleted!

 Attempting to delete C:\windows\system32\wtumunrj.exe
C:\windows\system32\wtumunrj.exe Has been deleted!

 Attempting to delete C:\windows\system32\wudsneba.ini
C:\windows\system32\wudsneba.ini Has been deleted!

 Attempting to delete C:\windows\system32\xbeeg.bak1
C:\windows\system32\xbeeg.bak1 Has been deleted!

 Attempting to delete C:\windows\system32\xbeeg.bak2
C:\windows\system32\xbeeg.bak2 Has been deleted!

 Attempting to delete C:\windows\system32\xbeeg.ini
C:\windows\system32\xbeeg.ini Has been deleted!

 Attempting to delete C:\windows\system32\xcpwxqet.dll
C:\windows\system32\xcpwxqet.dll Has been deleted!

 Attempting to delete C:\windows\system32\xjyjmery.ini
C:\windows\system32\xjyjmery.ini Has been deleted!

 Attempting to delete C:\windows\system32\xkcdjprm.exe
C:\windows\system32\xkcdjprm.exe Has been deleted!

 Attempting to delete C:\windows\system32\xkqecfam.dll
C:\windows\system32\xkqecfam.dll Has been deleted!

 Attempting to delete C:\windows\system32\xmyxbipe.exe
C:\windows\system32\xmyxbipe.exe Has been deleted!

 Attempting to delete C:\windows\system32\xvylnsif.ini
C:\windows\system32\xvylnsif.ini Has been deleted!

 Attempting to delete C:\windows\system32\yajjhfhk.exe
C:\windows\system32\yajjhfhk.exe Has been deleted!

 Attempting to delete C:\windows\system32\yapvuvpq.ini
C:\windows\system32\yapvuvpq.ini Has been deleted!

 Attempting to delete C:\windows\system32\yauehpiv.dll
C:\windows\system32\yauehpiv.dll Has been deleted!

 Attempting to delete C:\windows\system32\yinagmbi.dll
C:\windows\system32\yinagmbi.dll Has been deleted!

 Attempting to delete C:\windows\system32\yjgpbvtb.dll
C:\windows\system32\yjgpbvtb.dll Has been deleted!

 Attempting to delete C:\windows\system32\ymwktobn.exe
C:\windows\system32\ymwktobn.exe Has been deleted!

 Attempting to delete C:\windows\system32\yremjyjx.dll
C:\windows\system32\yremjyjx.dll Has been deleted!

 Attempting to delete C:\windows\system32\yuifuxca.dll
C:\windows\system32\yuifuxca.dll Has been deleted!

 Attempting to delete C:\windows\system32\yuxmbhpd.dll
C:\windows\system32\yuxmbhpd.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\yxrgvcdy.dll
C:\WINDOWS\system32\yxrgvcdy.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.0

Checking Java version...

Java version is 1.5.0.11

Scan started at 12:49:07 16/06/2007

Listing files found while scanning....

C:\windows\system32\gebyvvt.dll

Beginning removal...

 Attempting to delete C:\windows\system32\gebyvvt.dll
C:\windows\system32\gebyvvt.dll Has been deleted!

Performing Repairs to the registry.
Done!













Logfile of HijackThis v1.99.1
Scan saved at 13:00:29, on 16/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\vssms32.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\Yannis Le roi\Bureau\HijackThis.exe

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE	oolbar.dll (file missing)
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,I:\WINDOWS\system32\userinit.exe,
O1 - Hosts: 65.54.239.80 messenger.hotmail.com
O1 - Hosts: 65.54.239.80 dp.msnmessenger.akadns.net
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1	oolbar.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5537898B-F1C3-48D3-B188-FAA2B59D0025} - C:\WINDOWS\system32\geebx.dll (file missing)
O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\system32\irieeijy.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {B31ACBA2-FC94-4B24-A17C-5A29EA5F67F9} - (no file)
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O2 - BHO: (no name) - {E084BC41-142C-4675-AD8E-9EB1BDB4518A} - (no file)
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE	oolbar.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [vssms32] C:\WINDOWS\system32\vssms32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [j9241838] rundll32 C:\WINDOWS\system32\j9241838.dll sook
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\hnugmvjj.dll",realset
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] C:\Program Files\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [NudgeMania] C:\Program Files\NudgeMania\NudgeMania.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: ddaya - C:\WINDOWS\system32\ddaya.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Unknown owner - C:\Program Files\Digidesign\Drivers\MMERefresh.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - I:\WINDOWS\system32\mnmsrvc.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - I:\WINDOWS\system32\sessmgr.exe (file missing)
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

Nilou17 · Answer

Salut ! :-)

Impressionnant, le nombre de fichiers supprimés par VundoFix ! :-o

* Peux-tu renommer HijackThis en abcd.exe et relancer un scan, stp ?
* Passe un coup d'AVG Anti-spyware et copie/colle le résultat (accompagné d'HijackThis)

A+

** Nils **

cooldogg · Answer

*
Logfile of HijackThis v1.99.1
Scan saved at 15:05:19, on 16/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\vssms32.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Image-Line\FL Studio 6\FL.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Yannis Le roi\Bureau\abcd.exe.exe

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE	oolbar.dll (file missing)
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,I:\WINDOWS\system32\userinit.exe,
O1 - Hosts: 65.54.239.80 messenger.hotmail.com
O1 - Hosts: 65.54.239.80 dp.msnmessenger.akadns.net
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1	oolbar.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5537898B-F1C3-48D3-B188-FAA2B59D0025} - C:\WINDOWS\system32\geebx.dll (file missing)
O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\system32\irieeijy.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {B31ACBA2-FC94-4B24-A17C-5A29EA5F67F9} - (no file)
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O2 - BHO: (no name) - {E084BC41-142C-4675-AD8E-9EB1BDB4518A} - (no file)
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE	oolbar.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [vssms32] C:\WINDOWS\system32\vssms32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [j9241838] rundll32 C:\WINDOWS\system32\j9241838.dll sook
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\hnugmvjj.dll",realset
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] C:\Program Files\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NudgeMania] C:\Program Files\NudgeMania\NudgeMania.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: ddaya - C:\WINDOWS\system32\ddaya.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Unknown owner - C:\Program Files\Digidesign\Drivers\MMERefresh.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - I:\WINDOWS\system32\mnmsrvc.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - I:\WINDOWS\system32\sessmgr.exe (file missing)
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

cooldogg · Answer

Passe un coup d'AVG Anti-spyware
c'est fait par contre jvois pas se qu il faut que je copie cole

Nilou17 · Answer

OK. Tu as fait le scan avec AVG, c'est le principal. ;-)

Peux-tu relancer VundoFix une seconde fois, stp ?
Je te remets la manipulation à effectuer ci-dessous :

* Double-clique sur VundoFix.exe afin de le lancer. 
* Lorsque l'outil se lance à nouveau, clique sur le bouton Scan for Vundo 
* Clique sur le bouton Scan for Vundo. 
* Lorsque le scan est complété, clique sur le bouton Remove Vundo 
* Une invite te demandera si tu veux supprimer les fichiers, clique sur YES 
* Après avoir cliqué sur YES, le Bureau disparaîtra un moment lors de la suppression des fichiers. 
* Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown"). Clique sur OK. 
* Démarre ton PC à nouveau. 
* Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse. 


Après, je te donnerai une autre manipulation. ;-)

A+


** Nils **

afideg · Answer

Bonjour cooldogg, Nihoul & TLM Voici ce que j'avais voulu poster ( empêché à cause du serveur CCM !) 1°- Dans un premier temps fais ceci : Télécharge hostXper < http://www.funkytoad.com/content/view/13/31/ > "Exécuter " > En haut dans "Editing tools" -clique sur "Restore microsoft's host file" 2°- De même pour Norton ( il reste des traces ! ): http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20050414110429924?Open&src=&docid=20040413131641928&nsf=SUPPORT%5CINTER%5Cnisintl.nsf&view=833aab0c51f1b15a88256da6006a0505&dtype=&prod=&ver=&osv=&osv_lvl= L’outil de désinstallation Norton 3°- Relance VundoFix 2 fois de suite, et ensuite ComboFix ( ==> Télécharger la Beta < http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe > Double clique combofix.exe et suis les invites. Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse avec un nouveau HijackThis. 4°- J'en oubliais même le plus important : Télécharge cet antivirus ANTIVIR ici : https://www.01net.com/telecharger/windows/Securite/antivirus-antitrojan/fiches/13198.html Avec son tuto ici : < http://speedweb1.free.fr/frames2.php?page=tuto5 > à compléter par ce mode d'emploi en français d'antivir presque à jour : < http://tutopat.hostonet.org/viewtopic.php?t=2417 > qui prend en compte la case Rootkit. Et lance son analyse maintenant . Ceci uniquement pour info, suite à la demande d'aide par Nils. Bonne chance Al.

cooldogg · Answer

Salut a tous
je n'ai pas encore fait se qui est dit dans le post 15
car depuis hier 21h j arrive a acceder a myspace et ojd encore
j'ai pu y aller toutes la journée
si le probleme revien j'apliqueré tou cela
mais j'esper qu il ne reviendra plus
merci ! à bientôt tous le monde

Nilou17 · Answer

Salut !

si le probleme revien j'apliqueré tou cela 
Pourtant, il reste encore pas mal de saletés à virer.

Ceci dit, c'est tant mieux pour toi que l'accès à MySpace soit à nouveau disponible.
Mais il vaudrait mieux que tu fasses ce qui a été dit plus haut (et comme ça, être vraiment débarrassé).

C'est comme tu le souhaites ... :-))

A+

** Nils **

afideg · Answer

Bonsoir Ni.houl

Salut 

Si tu aimes vivre dans les infections, c'est ton choix, c'est ton droit.

Regarde ici pour te convaincre de l'état VISIBLE de ton PC :

C:\WINDOWS\system32\vssms32.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,I:\WINDOWS\system32\userinit.exe,
O1 - Hosts: 65.54.239.80 messenger.hotmail.com
O1 - Hosts: 65.54.239.80 dp.msnmessenger.akadns.net
Pour les 2 lignes 01 voir ici :
http://www.laboratoire-microsoft.org/n/22193/ 
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O4 - HKLM\..\Run: [vssms32] C:\WINDOWS\system32\vssms32.exe
une référence d'un des malwares http://www.sophos.fr/security/analyses/trojbdooryp.html 
O4 - HKLM\..\Run: [WindowsServicesStartup] C:\DOCUME~1\YANNIS~1\LOCALS~1\Temp\svchost.exe 1
à lire  https://www.broadcom.com/support/security-center                                                                              

O4 - HKLM\..\Run: [j9241838] rundll32 C:\WINDOWS\system32\j9241838.dll sook
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\axxxljyv.dll",realset
La nouvelle variante:
O4 - HKLM\..\Run: [j9241838] rundll32 C:\WINDOWS\system32\j9241838.dll sook
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\axxxljyv.dll",realset
Il est difficile de le supprimer manuellement sans avoir passé au préalable vundofix.

O4 - HKCU\..\Run: [NudgeMania] C:\Program Files\NudgeMania\NudgeMania.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe


O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - I:\WINDOWS\system32\sessmgr.exe (file missing)  
Qui prend le contrôle de ton PC ??
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - I:\WINDOWS\system32\mnmsrvc.exe (file missing)
C'est quoi cette partition I ??

Al.

<Pour un mot, un homme est réputé sage ; pour un mot, un homme est jugé sot>

cooldogg · Answer

ok les mec
encore merci
je vais fair tous ça demain
++

About blank m empeche d aller sur myspace

19 réponses

Discussions similaires

Newsletters