Infectée par Cmd service ou look2me !
Lynoa
Messages postés
4
Statut
Membre
-
Séb08 Messages postés 18169 Date d'inscription Statut Contributeur Dernière intervention -
Séb08 Messages postés 18169 Date d'inscription Statut Contributeur Dernière intervention -
Bonjour !
Il y a quelqes semaines j'ai été infectés par plusiers spyware, que j'ai réussi (dumoins je pense) a supprimer à l'aide de Spybot, ad-aware, ewido et Hijackthis. Malheureusement Look2me (ou Command service je crois que c'est le meme) persiste toujors, j'ai regardé sur pas mal de form, des personnes ayant a peu pres le meme mais je n'arrive toujors pas à m'en sortir. Quelqu'un sait comment faire ? Merci d'avance !
Il y a quelqes semaines j'ai été infectés par plusiers spyware, que j'ai réussi (dumoins je pense) a supprimer à l'aide de Spybot, ad-aware, ewido et Hijackthis. Malheureusement Look2me (ou Command service je crois que c'est le meme) persiste toujors, j'ai regardé sur pas mal de form, des personnes ayant a peu pres le meme mais je n'arrive toujors pas à m'en sortir. Quelqu'un sait comment faire ? Merci d'avance !
7 réponses
slt,
Télécharge Look2Me-Destroyer.exe sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=7
* Ferme toutes les fenêtres actives avant de passer à l'étape suivante.
* Double-clique Look2Me-Destroyer.exe afin de lancer l'outil.
* Coche Run this program as a task
* Un message s'affichera, te disant ceci : "Look2Me-Destroyer will close and re-open in approximately 10 seconds". Clique OK
* Il se relancera après les 10 secondes, puis clique sur le bouton Scan for L2M; les icônes de ton Bureau vont disparaître : c'est normal.
* Lorsque le scan termine, clique sur le bouton Remove L2M
* Un message Done Scanning apparaîtra, clique OK.
* Un nouveau message s'affichera : Done removing infected files! Look2Me-Destroyer will now shutdown your computer; clique OK.
* Ton PC va maintenant s'éteindre.
* Démarre ton PC normalement.
* Colle le rapport généré, situé ici : C:\Look2Me-Destroyer.txt , ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.
#Si Look2Me-Destroyer ne se relance pas automatiquement après les 10 secondes, redémarre et essaie à nouveau.
##Si tu reçois un message de ton parefeu que l'outil tente d'accéder à l'internet : accepte.
###Si un message runtime error '339' s'affiche : télécharge MSWINSCK.OCX du lien ci-bas, et place-le dans le dossier C:\Windows\System32.
http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX
A+
Télécharge Look2Me-Destroyer.exe sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=7
* Ferme toutes les fenêtres actives avant de passer à l'étape suivante.
* Double-clique Look2Me-Destroyer.exe afin de lancer l'outil.
* Coche Run this program as a task
* Un message s'affichera, te disant ceci : "Look2Me-Destroyer will close and re-open in approximately 10 seconds". Clique OK
* Il se relancera après les 10 secondes, puis clique sur le bouton Scan for L2M; les icônes de ton Bureau vont disparaître : c'est normal.
* Lorsque le scan termine, clique sur le bouton Remove L2M
* Un message Done Scanning apparaîtra, clique OK.
* Un nouveau message s'affichera : Done removing infected files! Look2Me-Destroyer will now shutdown your computer; clique OK.
* Ton PC va maintenant s'éteindre.
* Démarre ton PC normalement.
* Colle le rapport généré, situé ici : C:\Look2Me-Destroyer.txt , ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.
#Si Look2Me-Destroyer ne se relance pas automatiquement après les 10 secondes, redémarre et essaie à nouveau.
##Si tu reçois un message de ton parefeu que l'outil tente d'accéder à l'internet : accepte.
###Si un message runtime error '339' s'affiche : télécharge MSWINSCK.OCX du lien ci-bas, et place-le dans le dossier C:\Windows\System32.
http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX
A+
Mets nous aussi un petit log Hijack pour vérif :
télécharge HijackThis (version francaise) ici:
http://telechargement.zebulon.fr/160-Patch-fran%C3%A7ais-pour-HijackThis.html
Dézippe le dans un dossier prévu à cet effet.
Par exemple C:\hijackthis < Enregistre le bien dans c : !
Démo (merci à Balltrap) :
instalation hijackthis
http://pageperso.aol.fr/balltrap34/Hijenr.gif
Lance le puis:
clique sur "faire un scan et sauvegarder le log" (cf démo)
faire un copier coller du log entier sur le forum
Démo : (merci à balltrap34 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/demohijack.htm
bonne soirée.
A+
télécharge HijackThis (version francaise) ici:
http://telechargement.zebulon.fr/160-Patch-fran%C3%A7ais-pour-HijackThis.html
Dézippe le dans un dossier prévu à cet effet.
Par exemple C:\hijackthis < Enregistre le bien dans c : !
Démo (merci à Balltrap) :
instalation hijackthis
http://pageperso.aol.fr/balltrap34/Hijenr.gif
Lance le puis:
clique sur "faire un scan et sauvegarder le log" (cf démo)
faire un copier coller du log entier sur le forum
Démo : (merci à balltrap34 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/demohijack.htm
bonne soirée.
A+
Voilà j'ai fais le scann avec L2M destroyer. Voici les log de L2M destroyer et de HijackThis apresle scan :
L2M destroyer :
Look2Me-Destroyer V1.0.12
Scanning for infected files.....
Scan started at 19/09/2006 17:44:10
Infected! C:\WINDOWS\system32\t6r80g9ue6.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0022057.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0024060.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0025062.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0026081.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0026113.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0026114.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0027136.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0027143.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0027163.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0027167.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0027172.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0028177.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0028181.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0029211.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0029233.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0029265.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0029271.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0029281.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP89\A0029299.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP89\A0029311.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP89\A0029320.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP89\A0029322.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP90\A0029353.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP90\A0029359.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP90\A0029373.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP90\A0029381.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP90\A0029389.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP90\A0029397.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP90\A0029401.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP90\A0029409.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP91\A0031401.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0031416.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0031417.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0031418.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0031419.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0031420.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0031421.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0031422.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0031423.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0031424.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0031425.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032401.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032411.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032412.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032417.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032421.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032430.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032434.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032455.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032456.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032457.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032458.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032459.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032460.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032461.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032462.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032463.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032464.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032467.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032472.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP93\A0032483.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP93\A0032485.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP93\A0032490.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP93\A0033488.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP93\A0033492.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP93\A0033496.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP94\A0033567.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP94\A0033571.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP94\A0033599.dll
Infected! C:\WINDOWS\system32\dn2801fue.dll
Infected! C:\WINDOWS\system32\n22u0cf9ef2.dll
Infected! C:\WINDOWS\system32\t6r80g9ue6.dll
Infected! C:\WINDOWS\System32\guard.tmp
Attempting to delete infected files...
Attempting to delete: C:\WINDOWS\system32\t6r80g9ue6.dll
C:\WINDOWS\system32\t6r80g9ue6.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0022057.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0022057.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0024060.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0024060.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0025062.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0025062.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0026081.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0026081.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0026113.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0026113.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0026114.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0026114.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0027136.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0027136.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0027143.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0027143.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0027163.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0027163.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0027167.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0027167.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0027172.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0027172.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0028177.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0028177.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0028181.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0028181.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0029211.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0029211.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0029233.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0029233.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0029265.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0029265.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0029271.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0029271.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0029281.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0029281.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP89\A0029299.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP89\A0029299.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP89\A0029311.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP89\A0029311.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP89\A0029320.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP89\A0029320.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP89\A0029322.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP89\A0029322.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP90\A0029353.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP90\A0029353.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP90\A0029359.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP90\A0029359.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP90\A0029373.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP90\A0029373.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP90\A0029381.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP90\A0029381.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP90\A0029389.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP90\A0029389.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP90\A0029397.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP90\A0029397.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP90\A0029401.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP90\A0029401.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP90\A0029409.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP90\A0029409.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP91\A0031401.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP91\A0031401.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0031416.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0031416.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0031417.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0031417.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0031418.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0031418.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0031419.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0031419.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0031420.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0031420.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0031421.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0031421.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0031422.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0031422.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0031423.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0031423.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0031424.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0031424.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0031425.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0031425.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032401.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032401.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032411.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032411.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032412.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032412.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032417.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032417.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032421.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032421.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032430.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032430.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032434.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032434.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032455.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032455.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032456.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032456.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032457.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032457.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032458.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032458.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032459.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032459.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032460.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032460.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032461.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032461.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032462.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032462.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032463.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032463.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032464.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032464.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032467.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032467.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032472.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032472.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP93\A0032483.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP93\A0032483.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP93\A0032485.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP93\A0032485.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP93\A0032490.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP93\A0032490.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP93\A0033488.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP93\A0033488.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP93\A0033492.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP93\A0033492.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP93\A0033496.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP93\A0033496.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP94\A0033567.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP94\A0033567.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP94\A0033571.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP94\A0033571.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP94\A0033599.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP94\A0033599.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\dn2801fue.dll
C:\WINDOWS\system32\dn2801fue.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\n22u0cf9ef2.dll
C:\WINDOWS\system32\n22u0cf9ef2.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\t6r80g9ue6.dll
C:\WINDOWS\system32\t6r80g9ue6.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\System32\guard.tmp
C:\WINDOWS\System32\guard.tmp Deleted successfully!
Making registry repairs.
Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Explorer
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{495D5C9F-E34F-4F7E-A9A7-11B4A8481EA6}"
HKCR\Clsid\{495D5C9F-E34F-4F7E-A9A7-11B4A8481EA6}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{552986C4-3FD4-418A-A470-1DB74EFC13C9}"
HKCR\Clsid\{552986C4-3FD4-418A-A470-1DB74EFC13C9}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{9B3BC1D5-957B-478B-B52B-80FB9562770F}"
HKCR\Clsid\{9B3BC1D5-957B-478B-B52B-80FB9562770F}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{2AA678EA-15FF-4BE6-B31D-ED15270FD185}"
HKCR\Clsid\{2AA678EA-15FF-4BE6-B31D-ED15270FD185}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{EB8CC0CE-993F-4F37-8B62-A53E090B2448}"
HKCR\Clsid\{EB8CC0CE-993F-4F37-8B62-A53E090B2448}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{A792149D-AA22-467C-8EBA-B5ACA4C1EBE5}"
HKCR\Clsid\{A792149D-AA22-467C-8EBA-B5ACA4C1EBE5}
Restoring Windows certificates.
Replaced hosts file with default windows hosts file
HijackThis :
Logfile of HijackThis v1.99.1
Scan saved at 18:10:34, on 19/09/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
F:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.fra.chello.fr/ssi/welcome/welcome.php?url=home&src=ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par chello broadband n.v.
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.chello.fr:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [!ewido] "F:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\RunServices: [Microsoft Service Drivers] schvhost.exe
O4 - HKLM\..\RunServices: [Configuration win32] cnfgldx32.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunServices: [Microsoft Service Drivers] schvhost.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O14 - IERESET.INF: START_PAGE_URL=http://home.fra.chello.fr/ssi/welcome/welcome.php?url=home&src=ie
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: SysTray - {E61B5E20-DE35-11CF-9C87-1579005127ED} - C:\WINDOWS\System32\msc.cpl (file missing)
O21 - SSODL: msp.cpl - {E21B5E20-DE35-11CF-9C87-157900512701} - C:\WINDOWS\System32\msp.cpl (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - F:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: sql-smss - Unknown owner - C:\WINDOWS\sql-smss.exe (file missing)
Voila pour les logs :)
L2M destroyer :
Look2Me-Destroyer V1.0.12
Scanning for infected files.....
Scan started at 19/09/2006 17:44:10
Infected! C:\WINDOWS\system32\t6r80g9ue6.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0022057.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0024060.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0025062.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0026081.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0026113.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0026114.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0027136.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0027143.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0027163.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0027167.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0027172.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0028177.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0028181.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0029211.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0029233.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0029265.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0029271.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0029281.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP89\A0029299.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP89\A0029311.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP89\A0029320.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP89\A0029322.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP90\A0029353.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP90\A0029359.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP90\A0029373.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP90\A0029381.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP90\A0029389.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP90\A0029397.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP90\A0029401.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP90\A0029409.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP91\A0031401.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0031416.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0031417.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0031418.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0031419.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0031420.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0031421.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0031422.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0031423.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0031424.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0031425.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032401.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032411.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032412.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032417.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032421.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032430.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032434.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032455.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032456.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032457.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032458.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032459.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032460.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032461.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032462.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032463.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032464.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032467.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032472.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP93\A0032483.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP93\A0032485.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP93\A0032490.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP93\A0033488.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP93\A0033492.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP93\A0033496.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP94\A0033567.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP94\A0033571.dll
Infected! C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP94\A0033599.dll
Infected! C:\WINDOWS\system32\dn2801fue.dll
Infected! C:\WINDOWS\system32\n22u0cf9ef2.dll
Infected! C:\WINDOWS\system32\t6r80g9ue6.dll
Infected! C:\WINDOWS\System32\guard.tmp
Attempting to delete infected files...
Attempting to delete: C:\WINDOWS\system32\t6r80g9ue6.dll
C:\WINDOWS\system32\t6r80g9ue6.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0022057.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0022057.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0024060.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0024060.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0025062.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0025062.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0026081.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0026081.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0026113.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0026113.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0026114.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0026114.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0027136.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0027136.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0027143.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0027143.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0027163.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0027163.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0027167.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0027167.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0027172.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0027172.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0028177.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0028177.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0028181.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0028181.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0029211.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0029211.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0029233.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0029233.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0029265.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0029265.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0029271.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0029271.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0029281.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP88\A0029281.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP89\A0029299.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP89\A0029299.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP89\A0029311.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP89\A0029311.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP89\A0029320.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP89\A0029320.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP89\A0029322.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP89\A0029322.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP90\A0029353.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP90\A0029353.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP90\A0029359.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP90\A0029359.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP90\A0029373.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP90\A0029373.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP90\A0029381.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP90\A0029381.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP90\A0029389.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP90\A0029389.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP90\A0029397.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP90\A0029397.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP90\A0029401.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP90\A0029401.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP90\A0029409.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP90\A0029409.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP91\A0031401.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP91\A0031401.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0031416.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0031416.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0031417.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0031417.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0031418.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0031418.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0031419.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0031419.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0031420.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0031420.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0031421.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0031421.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0031422.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0031422.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0031423.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0031423.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0031424.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0031424.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0031425.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0031425.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032401.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032401.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032411.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032411.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032412.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032412.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032417.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032417.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032421.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032421.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032430.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032430.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032434.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032434.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032455.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032455.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032456.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032456.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032457.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032457.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032458.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032458.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032459.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032459.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032460.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032460.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032461.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032461.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032462.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032462.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032463.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032463.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032464.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032464.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032467.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032467.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032472.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP92\A0032472.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP93\A0032483.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP93\A0032483.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP93\A0032485.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP93\A0032485.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP93\A0032490.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP93\A0032490.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP93\A0033488.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP93\A0033488.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP93\A0033492.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP93\A0033492.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP93\A0033496.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP93\A0033496.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP94\A0033567.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP94\A0033567.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP94\A0033571.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP94\A0033571.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP94\A0033599.dll
C:\System Volume Information\_restore{1A1AD4E5-F1AB-41D1-AA68-2C9762525777}\RP94\A0033599.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\dn2801fue.dll
C:\WINDOWS\system32\dn2801fue.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\n22u0cf9ef2.dll
C:\WINDOWS\system32\n22u0cf9ef2.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\t6r80g9ue6.dll
C:\WINDOWS\system32\t6r80g9ue6.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\System32\guard.tmp
C:\WINDOWS\System32\guard.tmp Deleted successfully!
Making registry repairs.
Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Explorer
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{495D5C9F-E34F-4F7E-A9A7-11B4A8481EA6}"
HKCR\Clsid\{495D5C9F-E34F-4F7E-A9A7-11B4A8481EA6}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{552986C4-3FD4-418A-A470-1DB74EFC13C9}"
HKCR\Clsid\{552986C4-3FD4-418A-A470-1DB74EFC13C9}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{9B3BC1D5-957B-478B-B52B-80FB9562770F}"
HKCR\Clsid\{9B3BC1D5-957B-478B-B52B-80FB9562770F}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{2AA678EA-15FF-4BE6-B31D-ED15270FD185}"
HKCR\Clsid\{2AA678EA-15FF-4BE6-B31D-ED15270FD185}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{EB8CC0CE-993F-4F37-8B62-A53E090B2448}"
HKCR\Clsid\{EB8CC0CE-993F-4F37-8B62-A53E090B2448}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{A792149D-AA22-467C-8EBA-B5ACA4C1EBE5}"
HKCR\Clsid\{A792149D-AA22-467C-8EBA-B5ACA4C1EBE5}
Restoring Windows certificates.
Replaced hosts file with default windows hosts file
HijackThis :
Logfile of HijackThis v1.99.1
Scan saved at 18:10:34, on 19/09/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
F:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.fra.chello.fr/ssi/welcome/welcome.php?url=home&src=ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par chello broadband n.v.
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.chello.fr:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [!ewido] "F:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\RunServices: [Microsoft Service Drivers] schvhost.exe
O4 - HKLM\..\RunServices: [Configuration win32] cnfgldx32.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunServices: [Microsoft Service Drivers] schvhost.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O14 - IERESET.INF: START_PAGE_URL=http://home.fra.chello.fr/ssi/welcome/welcome.php?url=home&src=ie
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: SysTray - {E61B5E20-DE35-11CF-9C87-1579005127ED} - C:\WINDOWS\System32\msc.cpl (file missing)
O21 - SSODL: msp.cpl - {E21B5E20-DE35-11CF-9C87-157900512701} - C:\WINDOWS\System32\msp.cpl (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - F:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: sql-smss - Unknown owner - C:\WINDOWS\sql-smss.exe (file missing)
Voila pour les logs :)
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Ok !
Relance hijack clique sur "do a scan only" et coche ces lignes :
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par chello broadband n.v.
O14 - IERESET.INF: START_PAGE_URL=http://home.fra.chello.fr/ssi/welcome/welcome.php?url=home&src=ie
O21 - SSODL: SysTray - {E61B5E20-DE35-11CF-9C87-1579005127ED} - C:\WINDOWS\System32\msc.cpl (file missing)
O21 - SSODL: msp.cpl - {E21B5E20-DE35-11CF-9C87-157900512701} - C:\WINDOWS\System32\msp.cpl (file missing)
O23 - Service: sql-smss - Unknown owner - C:\WINDOWS\sql-smss.exe (file missing)
et ensuite sur "fix checked".
Dis moi ou en sont tes probs s'il t'en reste.
A+
Relance hijack clique sur "do a scan only" et coche ces lignes :
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par chello broadband n.v.
O14 - IERESET.INF: START_PAGE_URL=http://home.fra.chello.fr/ssi/welcome/welcome.php?url=home&src=ie
O21 - SSODL: SysTray - {E61B5E20-DE35-11CF-9C87-1579005127ED} - C:\WINDOWS\System32\msc.cpl (file missing)
O21 - SSODL: msp.cpl - {E21B5E20-DE35-11CF-9C87-157900512701} - C:\WINDOWS\System32\msp.cpl (file missing)
O23 - Service: sql-smss - Unknown owner - C:\WINDOWS\sql-smss.exe (file missing)
et ensuite sur "fix checked".
Dis moi ou en sont tes probs s'il t'en reste.
A+
J'ai bien retiré les lignes que tu m'as dis sur Hijack, aparament je n'ai plus de popup de fenetres !!! ^_^ Je pense que look2me a enfin disparu merci beaucoup :)
Par contre mon pc est très ralenti, Hijack m'a demandé de redémarer et j'ai mis environ 15min a le demarrer et a povoir ouvrir une page internet. Mais je ne sais pas si celà provient d'un virus / spyware ou demon pc lui même ^_^
En tot cas merci beaucoup de l'aide :)
Par contre mon pc est très ralenti, Hijack m'a demandé de redémarer et j'ai mis environ 15min a le demarrer et a povoir ouvrir une page internet. Mais je ne sais pas si celà provient d'un virus / spyware ou demon pc lui même ^_^
En tot cas merci beaucoup de l'aide :)
