VIRUS COMMAND SERVICE CORIACE - HIJACKTHIS
Forum Sécurité - Virus : VIRUS COMMAND SERVICE CORIACE - HIJACKTHIS
VIRUS COMMAND SERVICE CORIACE - HIJACKTHIS
Après avoir passé Spybot et advare lr problème persiste.
Quelqu'un peut-il m'aider, j'ai passé hijackthis, voici le rapport: MERCI PAR AVANCE
Logfile of HijackThis v1.99.1
Scan saved at 18:07:12, on 24/04/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\MMTray.exe
C:\WINDOWS\System32\MMTray2k.exe
C:\WINDOWS\System32\MMTrayLSI.exe
C:\WINDOWS\System32\qttask.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\eDonkey2000\eDonkey2000.exe
C:\WINDOWS\CheckS02.exe
C:\WINDOWS\ms06593619592.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\wisptis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\XXX\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about :blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://home.free.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\\NVCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [MMTray] MMTray.exe
O4 - HKLM\..\Run: [MMTray2K] MMTray2k.exe
O4 - HKLM\..\Run: [MMTrayLSI] MMTrayLSI.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\System32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [SearchUpgrader] C:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [navapp] C:\Program Files\NavExcel\NavHelper\v2.0.4d\navapp.exe
O4 - HKLM\..\Run: [eDonkey2000] C:\Program Files\eDonkey2000\eDonkey2000.exe -t
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\CheckS02.exe
O4 - HKLM\..\Run: [ms06593619592] C:\WINDOWS\ms06593619592.exe
O4 - HKLM\..\Run: [w1b99b54.dll] RUNDLL32.EXE w1b99b54.dll,I2 00049d5a01b99b54
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Ebates. - file://C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\ebatestmmm\ebmmC0.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_01\bin\npjpi141_01.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_01\bin\npjpi141_01.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Ebates - {F2B441CC-E026-47fb-BDC3-A07750FA3D2C} - file://C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\ebatestmmm\ebmmC0.htm (file missing) (HKCU)
O10 - Broken Internet access because of LSP provider 'c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/ [...] anager.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/window [...] 4780002137
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ [...] loader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Nls - C:\WINDOWS\system32\dn8q01l5e.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Windows Log - Unknown owner - C:\WINDOWS\system32\nvsvcd.exe (file missing)
Bonsoir
Prière d'imprimer ces instructions, ou de les coller dans un fichier texte, pour lecture durant ce fix.
@@ Télécharge
Look2Me-Destroyer.exe sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=7
Ewido
http://www.ewido.net/en/download/
Tu l'installes et tu le mets à jour.
CCleaner.
http://www.filehippo.com/download_ccleaner.html
Installe le dans un répertoire dédié.
@@ Ferme toutes les fenêtres actives avant de passer à l'étape suivante.
* Double-clique Look2Me-Destroyer.exe afin de lancer l'outil.
* Coche Run this program as a task
* Un message s'affichera, te disant ceci : "Look2Me-Destroyer will close and re-open in approximately 1 minute". Clique OK
* Il se relancera après la minute, puis clique sur le bouton Scan for L2M; les icônes de ton Bureau vont disparaître : c'est normal.
* Lorsque le scan termine, clique sur le bouton Remove L2M
* Un message Done Scanning apparaîtra, clique OK.
* Un nouveau message s'affichera : Done removing infected files! Look2Me-Destroyer will now shutdown your computer; clique OK.
* Ton PC va maintenant s'éteindre.
@@ Redémarre en mode sans echec. Attention, tu n'as pas accès à internet dans ce mode, note bien ce que tu as à faire.
Démarre l'ordinateur.
Une fois le chargement du BIOS terminé, il y a un écran noir. Appuye sur la touche F8 jusqu'à l'affichage du menu des options avancées de Windows.
En utilisant les touches du curseur, sélectionne Mode sans échec et appuye sur Entrée.
@@ Lance le nettoyage avec CCleaner
@@ Lance Ewido. Fais un scan en mode complet.
Sauvegardes le rapport.
@@ Démarre ton PC normalement.
@@ Colle le rapport généré, situé ici : C:\Look2Me-Destroyer.txt , ainsi qu'un nouveau rapport HijackThis! et le rapport d'Ewido dans ta prochaine réponse.
Sinon, accessoirement, tu peux éditer ton premier post pour mettre ton titre en minuscule.
Merci ;-)
Merci pour ces renseignements, j'ai fais comme tu as dis, voici le résultat:
Rapport ewido
ewido anti-malware - Rapport de scan
---------------------------------------------------------
+ Créé le: 17:36:02, 25/04/2006
+ Somme de contrôle: 40480824
+ Résultats du scan:
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Nettoyer et sauvegarder
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTbarISTbar -> Adware.HotBar : Nettoyer et sauvegarder
C:\Documents and Settings\All Users\Documents\Sys33.exe -> Backdoor.Agobot.aaf : Nettoyer et sauvegarder
C:\Documents and Settings\XXX\Local Settings\Application Data\Microsoft\Internet Explorer\V0.34.dat -> Trojan.Dialer.fy : Nettoyer et sauvegarder
C:\Documents and Settings\XXX\Local Settings\Application Data\Microsoft\Internet Explorer\V0.39.dat -> Downloader.Small.bdl : Nettoyer et sauvegarder
C:\Documents and Settings\XXX\Local Settings\Temp\!update.exe -> Downloader.PurityScan.w : Nettoyer et sauvegarder
C:\Documents and Settings\XXX\Local Settings\Temp\0exmodul32.exe -> Proxy.Horst.an : Nettoyer et sauvegarder
C:\Documents and Settings\XXX\Local Settings\Temp\11exmodul32.exe -> Proxy.Horst.an : Nettoyer et sauvegarder
C:\Documents and Settings\XXX\Local Settings\Temp\12exmodul32.exe -> Proxy.Horst.an : Nettoyer et sauvegarder
C:\Documents and Settings\XXX\Local Settings\Temp\14exmodul32.exe -> Proxy.Horst.an : Nettoyer et sauvegarder
C:\Documents and Settings\XXX\Local Settings\Temp\15exmodul32.exe -> Proxy.Horst.an : Nettoyer et sauvegarder
C:\Documents and Settings\XXX\Local Settings\Temp\17exmodul32.exe -> Proxy.Horst.an : Nettoyer et sauvegarder
C:\Documents and Settings\XXX\Local Settings\Temp\18exmodul32.exe -> Proxy.Horst.an : Nettoyer et sauvegarder
C:\Documents and Settings\XXX\Local Settings\Temp\19exmodul32.exe -> Proxy.Horst.an : Nettoyer et sauvegarder
C:\Documents and Settings\XXX\Local Settings\Temp\22exmodul32.exe -> Proxy.Horst.an : Nettoyer et sauvegarder
C:\Documents and Settings\XXX\Local Settings\Temp\23exmodul32.exe -> Proxy.Horst.an : Nettoyer et sauvegarder
C:\Documents and Settings\XXX\Local Settings\Temp\29exmodul32.exe -> Proxy.Horst.an : Nettoyer et sauvegarder
C:\Documents and Settings\XXX\Local Settings\Temp\30exmodul32.exe -> Proxy.Horst.an : Nettoyer et sauvegarder
C:\Documents and Settings\XXX\Local Settings\Temp\32exmodul32.exe -> Proxy.Horst.an : Nettoyer et sauvegarder
C:\Documents and Settings\XXX\Local Settings\Temp\34exmodul32.exe -> Proxy.Horst.an : Nettoyer et sauvegarder
C:\Documents and Settings\XXX\Local Settings\Temp\3exmodul32.exe -> Proxy.Horst.an : Nettoyer et sauvegarder
C:\Documents and Settings\XXX\Local Settings\Temp\40exmodul32.exe -> Proxy.Horst.an : Nettoyer et sauvegarder
C:\Documents and Settings\XXX\Local Settings\Temp\41exmodul32.exe -> Proxy.Horst.an : Nettoyer et sauvegarder
C:\Documents and Settings\XXX\Local Settings\Temp\45exmodul32.exe -> Proxy.Horst.an : Nettoyer et sauvegarder
C:\Documents and Settings\XXX\Local Settings\Temp\60exmodul32.exe -> Proxy.Horst.an : Nettoyer et sauvegarder
C:\Documents and Settings\XXX\Local Settings\Temp\62exmodul32.exe -> Proxy.Horst.an : Nettoyer et sauvegarder
C:\Documents and Settings\XXX\Local Settings\Temp\64exmodul32.exe -> Proxy.Horst.an : Nettoyer et sauvegarder
C:\Documents and Settings\XXX\Local Settings\Temp\65exmodul32.exe -> Proxy.Horst.an : Nettoyer et sauvegarder
C:\Documents and Settings\XXX\Local Settings\Temp\67exmodul32.exe -> Proxy.Horst.an : Nettoyer et sauvegarder
C:\Documents and Settings\XXX\Local Settings\Temp\68exmodul32.exe -> Proxy.Horst.an : Nettoyer et sauvegarder
C:\Documents and Settings\XXX\Local Settings\Temp\74exmodul32.exe -> Proxy.Horst.an : Nettoyer et sauvegarder
C:\Documents and Settings\XXX\Local Settings\Temp\7exmodul32.exe -> Proxy.Horst.an : Nettoyer et sauvegarder
C:\Documents and Settings\XXX\Local Settings\Temp\81exmodul32.exe -> Proxy.Horst.an : Nettoyer et sauvegarder
C:\Documents and Settings\XXX\Local Settings\Temp\82exmodul32.exe -> Proxy.Horst.an : Nettoyer et sauvegarder
C:\Documents and Settings\XXX\Local Settings\Temp\8exmodul32.exe -> Proxy.Horst.an : Nettoyer et sauvegarder
C:\Documents and Settings\XXX\Local Settings\Temp\91exmodul32.exe -> Proxy.Horst.an : Nettoyer et sauvegarder
C:\Documents and Settings\XXX\Local Settings\Temp\93exmodul32.exe -> Proxy.Horst.an : Nettoyer et sauvegarder
C:\Documents and Settings\XXX\Local Settings\Temp\96exmodul32.exe -> Proxy.Horst.an : Nettoyer et sauvegarder
C:\Documents and Settings\XXX\Local Settings\Temp\97exmodul32.exe -> Proxy.Horst.an : Nettoyer et sauvegarder
C:\Documents and Settings\XXX\Local Settings\Temp\99exmodul32.exe -> Proxy.Horst.an : Nettoyer et sauvegarder
C:\Documents and Settings\XXX\Local Settings\Temp\echo.exe -> Dropper.Small.qn : Nettoyer et sauvegarder
C:\Documents and Settings\XXX\Local Settings\Temp\euniverse.exe -> Trojan.Keenval.a : Nettoyer et sauvegarder
C:\Documents and Settings\XXX\Local Settings\Temp\i50.tmp -> Adware.SurfSide : Nettoyer et sauvegarder
C:\Documents and Settings\XXX\Local Settings\Temp\MONEY1.exe -> Downloader.Adload.t : Nettoyer et sauvegarder
C:\Documents and Settings\XXX\Local Settings\Temp\mshtml2.exe -> Adware.MediaTickets : Nettoyer et sauvegarder
C:\Documents and Settings\XXX\Local Settings\Temp\mshtml3.exe -> Downloader.PurityScan.au : Nettoyer et sauvegarder
C:\Documents and Settings\XXX\Local Settings\Temp\nst38.tmp\new_net.exe -> Adware.NewDotNet : Nettoyer et sauvegarder
C:\Documents and Settings\XXX\Local Settings\Temp\temp.fr348E -> Trojan.Agent.ic : Nettoyer et sauvegarder
C:\Documents and Settings\XXX\Local Settings\Temp\temp.fr3D40\NavHelper\v2.0.4d\navapp.exe -> Adware.NavExcel : Nettoyer et sauvegarder
C:\Documents and Settings\XXX\Local Settings\Temp\temp.fr3D40\NavHelper\v2.0.4d\NHelper.dll -> Adware.NavExcel : Nettoyer et sauvegarder
C:\Documents and Settings\XXX\Local Settings\Temp\temp.fr3D40\NavHelper\v2.0.4d\NHUninstaller.exe -> Adware.NavExcel : Nettoyer et sauvegarder
C:\Documents and Settings\XXX\Local Settings\Temp\temp.fr3D40\NavHelper\v2.0.4d\NHUpdater.exe -> Adware.NavExcel : Nettoyer et sauvegarder
C:\Documents and Settings\XXX\Local Settings\Temp\temp.fr53C7\NavHelper\v2.0.4d\navapp.exe -> Adware.NavExcel : Nettoyer et sauvegarder
C:\Documents and Settings\XXX\Local Settings\Temp\temp.fr53C7\NavHelper\v2.0.4d\NHelper.dll -> Adware.NavExcel : Nettoyer et sauvegarder
C:\Documents and Settings\XXX\Local Settings\Temp\temp.fr53C7\NavHelper\v2.0.4d\NHUninstaller.exe -> Adware.NavExcel : Nettoyer et sauvegarder
C:\Documents and Settings\XXX\Local Settings\Temp\temp.fr53C7\NavHelper\v2.0.4d\NHUpdater.exe -> Adware.NavExcel : Nettoyer et sauvegarder
C:\Documents and Settings\XXX\Local Settings\Temp\temp.frE7A5 -> Adware.Look2Me : Nettoyer et sauvegarder
C:\Documents and Settings\XXX\Local Settings\Temp\Transpd.dll -> Adware.Agent : Nettoyer et sauvegarder
C:\Documents and Settings\XXX\Local Settings\Temp\u31.tmp -> Adware.SurfSide : Nettoyer et sauvegarder
C:\Program Files\Ѕymantec\logonui.exe -> Downloader.PurityScan.w : Nettoyer et sauvegarder
C:\WINDOWS\CheckS02.exe -> Trojan.VB.tg : Nettoyer et sauvegarder
C:\WINDOWS\LastGood\whInstaller.exe -> Adware.WebHancer : Nettoyer et sauvegarder
C:\WINDOWS\ms06593619592.exe -> Downloader.VB.tw : Nettoyer et sauvegarder
C:\WINDOWS\NDNuninstall6_22.exe -> Adware.NewDotNet : Nettoyer et sauvegarder
C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Nettoyer et sauvegarder
C:\WINDOWS\sms112x.exe -> Downloader.VB.tw : Nettoyer et sauvegarder
C:\WINDOWS\system\lsvchost.exe -> Backdoor.Robobot.c : Nettoyer et sauvegarder
C:\WINDOWS\system32\CCCCDVC.DLL -> Adware.Look2Me : Nettoyer et sauvegarder
C:\WINDOWS\unin101.exe -> Trojan.VB.tg : Nettoyer et sauvegarder
C:\WINDOWS\uni_eh.exe -> Trojan.VB.tg : Nettoyer et sauvegarder
::Fin du rapport
Rapport look2me
Look2Me-Destroyer V1.0.12
Scanning for infected files.....
Scan started at 25/04/2006 16:17:19
Infected! C:\WINDOWS\system32\hrl0053me.dll
Infected! C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP450\A0065780.dll
Infected! C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP451\A0065812.dll
Infected! C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP451\A0065827.dll
Infected! C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP451\A0065859.dll
Infected! C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP451\A0065883.dll
Infected! C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP451\A0065898.dll
Infected! C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP453\A0066902.dll
Infected! C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP453\A0066912.dll
Infected! C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP453\A0066921.dll
Infected! C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP453\A0066937.dll
Infected! C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP453\A0066948.dll
Infected! C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP453\A0066952.dll
Infected! C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP455\A0066965.dll
Infected! C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP455\A0067970.dll
Infected! C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP455\A0067975.dll
Infected! C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP456\A0067988.dll
Infected! C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP456\A0068022.dll
Infected! C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP458\A0069022.dll
Infected! C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP458\A0070026.dll
Infected! C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP458\A0071026.dll
Infected! C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP458\A0071041.dll
Infected! C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP458\A0071052.dll
Infected! C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP460\A0071255.dll
Infected! C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP460\A0071298.dll
Infected! C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP460\A0072301.dll
Infected! C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP460\A0074297.dll
Infected! C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP460\A0074311.dll
Infected! C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP460\A0075315.dll
Infected! C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP460\A0076315.dll
Infected! C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0077316.dll
Infected! C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0077322.dll
Infected! C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0078325.dll
Infected! C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0079326.dll
Infected! C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0080326.dll
Infected! C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082334.dll
Infected! C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082335.dll
Infected! C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082336.dll
Infected! C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082337.dll
Infected! C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082338.dll
Infected! C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082339.dll
Infected! C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082340.dll
Infected! C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082341.dll
Infected! C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082342.dll
Infected! C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082343.dll
Infected! C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082344.dll
Infected! C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082345.dll
Infected! C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082347.dll
Infected! C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082348.dll
Infected! C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082349.dll
Infected! C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082350.dll
Infected! C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082351.dll
Infected! C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082352.dll
Infected! C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082353.dll
Infected! C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082354.dll
Infected! C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082356.dll
Infected! C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082365.dll
Infected! C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082370.dll
Infected! C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082372.dll
Infected! C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082373.dll
Infected! C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082374.dll
Infected! C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082376.dll
Infected! C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082377.dll
Infected! C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082378.dll
Infected! C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082379.dll
Infected! C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082386.dll
Infected! C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082392.dll
Infected! C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP462\A0083396.dll
Infected! C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP462\A0083397.dll
Infected! C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP462\A0083398.dll
Infected! C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP462\A0083399.dll
Infected! C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP462\A0083406.dll
Infected! C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP462\A0083416.dll
Infected! C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP462\A0083431.dll
Infected! C:\WINDOWS\system32\hrl0053me.dll
Infected! C:\WINDOWS\system32\kmdsl1.dll
Infected! C:\WINDOWS\system32\l8r00i9me8.dll
Infected! C:\WINDOWS\System32\guard.tmp
Attempting to delete infected files...
Attempting to delete: C:\WINDOWS\system32\hrl0053me.dll
C:\WINDOWS\system32\hrl0053me.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP450\A0065780.dll
C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP450\A0065780.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP451\A0065812.dll
C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP451\A0065812.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP451\A0065827.dll
C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP451\A0065827.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP451\A0065859.dll
C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP451\A0065859.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP451\A0065883.dll
C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP451\A0065883.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP451\A0065898.dll
C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP451\A0065898.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP453\A0066902.dll
C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP453\A0066902.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP453\A0066912.dll
C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP453\A0066912.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP453\A0066921.dll
C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP453\A0066921.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP453\A0066937.dll
C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP453\A0066937.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP453\A0066948.dll
C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP453\A0066948.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP453\A0066952.dll
C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP453\A0066952.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP455\A0066965.dll
C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP455\A0066965.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP455\A0067970.dll
C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP455\A0067970.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP455\A0067975.dll
C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP455\A0067975.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP456\A0067988.dll
C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP456\A0067988.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP456\A0068022.dll
C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP456\A0068022.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP458\A0069022.dll
C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP458\A0069022.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP458\A0070026.dll
C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP458\A0070026.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP458\A0071026.dll
C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP458\A0071026.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP458\A0071041.dll
C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP458\A0071041.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP458\A0071052.dll
C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP458\A0071052.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP460\A0071255.dll
C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP460\A0071255.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP460\A0071298.dll
C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP460\A0071298.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP460\A0072301.dll
C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP460\A0072301.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP460\A0074297.dll
C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP460\A0074297.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP460\A0074311.dll
C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP460\A0074311.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP460\A0075315.dll
C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP460\A0075315.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP460\A0076315.dll
C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP460\A0076315.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0077316.dll
C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0077316.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0077322.dll
C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0077322.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0078325.dll
C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0078325.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0079326.dll
C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0079326.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0080326.dll
C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0080326.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082334.dll
C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082334.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082335.dll
C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082335.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082336.dll
C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082336.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082337.dll
C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082337.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082338.dll
C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082338.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082339.dll
C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082339.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082340.dll
C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082340.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082341.dll
C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082341.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082342.dll
C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082342.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082343.dll
C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082343.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082344.dll
C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082344.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082345.dll
C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082345.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082347.dll
C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082347.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082348.dll
C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082348.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082349.dll
C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082349.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082350.dll
C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082350.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082351.dll
C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082351.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082352.dll
C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082352.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082353.dll
C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082353.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082354.dll
C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082354.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082356.dll
C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082356.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082365.dll
C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082365.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082370.dll
C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082370.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082372.dll
C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082372.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082373.dll
C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082373.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082374.dll
C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082374.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082376.dll
C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082376.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082377.dll
C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082377.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082378.dll
C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082378.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082379.dll
C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082379.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082386.dll
C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082386.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082392.dll
C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP461\A0082392.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP462\A0083396.dll
C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP462\A0083396.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP462\A0083397.dll
C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP462\A0083397.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP462\A0083398.dll
C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP462\A0083398.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP462\A0083399.dll
C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP462\A0083399.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP462\A0083406.dll
C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP462\A0083406.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP462\A0083416.dll
C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP462\A0083416.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP462\A0083431.dll
C:\System Volume Information\_restore{4B73AA4F-4957-431B-8F68-8048887E746A}\RP462\A0083431.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\hrl0053me.dll
C:\WINDOWS\system32\hrl0053me.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\kmdsl1.dll
C:\WINDOWS\system32\kmdsl1.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\l8r00i9me8.dll
C:\WINDOWS\system32\l8r00i9me8.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\System32\guard.tmp
C:\WINDOWS\System32\guard.tmp Deleted successfully!
Making registry repairs.
Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\BITS
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{FB0E5066-2204-4FCC-9FBD-BCF528BDD397}"
HKCR\Clsid\{FB0E5066-2204-4FCC-9FBD-BCF528BDD397}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{1B6CB078-BD5E-4399-88FB-C050E5241877}"
HKCR\Clsid\{1B6CB078-BD5E-4399-88FB-C050E5241877}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{0D8403AD-2FF4-4EFB-AE63-A7919974146F}"
HKCR\Clsid\{0D8403AD-2FF4-4EFB-AE63-A7919974146F}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{250DF572-746F-4A2E-A19E-E578910C1ACF}"
HKCR\Clsid\{250DF572-746F-4A2E-A19E-E578910C1ACF}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{D69C3CDF-ACD5-479F-B6C8-D4F8D33525F8}"
HKCR\Clsid\{D69C3CDF-ACD5-479F-B6C8-D4F8D33525F8}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{9602DE21-6E0F-4A88-9E1C-8F1C7DB1E38F}"
HKCR\Clsid\{9602DE21-6E0F-4A88-9E1C-8F1C7DB1E38F}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{DDCA762D-73B3-406A-B1E6-5384B68DB2D1}"
HKCR\Clsid\{DDCA762D-73B3-406A-B1E6-5384B68DB2D1}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{F7AF0859-3610-437D-A00B-3094A311DD16}"
HKCR\Clsid\{F7AF0859-3610-437D-A00B-3094A311DD16}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{D77013FE-4A0A-4EBA-87BF-DB1D06DD30A4}"
HKCR\Clsid\{D77013FE-4A0A-4EBA-87BF-DB1D06DD30A4}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{8CCBAFE1-D317-4DA0-B2EB-216321A67F67}"
HKCR\Clsid\{8CCBAFE1-D317-4DA0-B2EB-216321A67F67}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{64227FE6-5B97-479C-81DA-13A86FA5505E}"
HKCR\Clsid\{64227FE6-5B97-479C-81DA-13A86FA5505E}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{4361195C-4443-47E2-9821-86453367171F}"
HKCR\Clsid\{4361195C-4443-47E2-9821-86453367171F}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{4B73166D-588C-4B12-89C3-DF71080CE381}"
HKCR\Clsid\{4B73166D-588C-4B12-89C3-DF71080CE381}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{DFD84FBF-43CF-4BEA-9517-B02D93779152}"
HKCR\Clsid\{DFD84FBF-43CF-4BEA-9517-B02D93779152}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{88BDFD1D-EC31-4617-A35F-6D47D0309086}"
HKCR\Clsid\{88BDFD1D-EC31-4617-A35F-6D47D0309086}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{BF97318F-1835-4B45-9F07-F0114557AEF4}"
HKCR\Clsid\{BF97318F-1835-4B45-9F07-F0114557AEF4}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{ECADA927-0609-44EA-B946-B9E9F80BDAAC}"
HKCR\Clsid\{ECADA927-0609-44EA-B946-B9E9F80BDAAC}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{C7CE1379-BFAA-4D90-A530-E9F377E0D223}"
HKCR\Clsid\{C7CE1379-BFAA-4D90-A530-E9F377E0D223}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{08D6B3CC-E8E4-4A04-B029-F9F2F7A2B5EC}"
HKCR\Clsid\{08D6B3CC-E8E4-4A04-B029-F9F2F7A2B5EC}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{BB5C24FB-A721-4B59-808D-D79FE88E2AA9}"
HKCR\Clsid\{BB5C24FB-A721-4B59-808D-D79FE88E2AA9}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{BB07A570-7027-465F-AA44-B5016B20DFB7}"
HKCR\Clsid\{BB07A570-7027-465F-AA44-B5016B20DFB7}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{4059E979-2E4E-4055-A5FB-0F0E385B50FB}"
HKCR\Clsid\{4059E979-2E4E-4055-A5FB-0F0E385B50FB}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{6870B6E9-75AA-49BC-A9BB-3CD9621C0101}"
HKCR\Clsid\{6870B6E9-75AA-49BC-A9BB-3CD9621C0101}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{24E87B20-96A5-431F-A4B0-49BD0C512484}"
HKCR\Clsid\{24E87B20-96A5-431F-A4B0-49BD0C512484}
Restoring Windows certificates.
Replaced hosts file with default windows hosts file
Restoring SeDebugPrivilege for Administrateurs - Succeeded
Dernier rapport hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 18:07:14, on 25/04/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\MMTray.exe
C:\WINDOWS\System32\MMTray2k.exe
C:\WINDOWS\System32\MMTrayLSI.exe
C:\WINDOWS\System32\qttask.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\eDonkey2000\eDonkey2000.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\wisptis.exe
C:\Documents and Settings\XXX\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://home.free.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\\NVCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [MMTray] MMTray.exe
O4 - HKLM\..\Run: [MMTray2K] MMTray2k.exe
O4 - HKLM\..\Run: [MMTrayLSI] MMTrayLSI.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\System32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [SearchUpgrader] C:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [navapp] C:\Program Files\NavExcel\NavHelper\v2.0.4d\navapp.exe
O4 - HKLM\..\Run: [eDonkey2000] C:\Program Files\eDonkey2000\eDonkey2000.exe -t
O4 - HKLM\..\Run: [w1b99b54.dll] RUNDLL32.EXE w1b99b54.dll,I2 00049d5a01b99b54
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Ebates. - file://C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\ebatestmmm\ebmmC0.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_01\bin\npjpi141_01.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_01\bin\npjpi141_01.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Ebates - {F2B441CC-E026-47fb-BDC3-A07750FA3D2C} - file://C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\ebatestmmm\ebmmC0.htm (file missing) (HKCU)
O10 - Broken Internet access because of LSP provider 'c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/ [...] anager.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/window [...] 4780002137
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ [...] loader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Windows Log - Unknown owner - C:\WINDOWS\system32\nvsvcd.exe (file missing)
MERCI DE ME TENIR AU COURANT
A+
Il y a 2162 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
