H.P

merci, ce .dll appartient a un émulateur unix installé sur certains postes dans l'entreprise, c'est 200% sur. (le programme c'est reflection x) mon collegue va le scanner mais ca risque rien merci en tout cas

Bon d'après ce site : http://www.hijackthis.de dans lequel j'ai posté mon log hijackthis, il y a trois fichiers à effacer, ce que je fais de ce pas cf : http://www.hijackthis.de/logfiles/9ae11811...478295d129.html

erf, Antivir qui se remet à sonner il à trouver un trojan, que j'ai effacé 10/10/2006,18:01:44 [WARNING] Is the Trojan horse TR/Dldr.DollarRev.D! C:\nwnmff_e25.exe [INFO] The file will be deleted. 11/10/2006,09:36:08 [WARNING] Is the Trojan horse TR/Dldr.Small.ajc.2! C:\System Volume Information\_restore{9B08B945-5FE8-4A8D-B5D0-31B3BB497D7F}\RP192\A0008310.exe [INFO] The file will be deleted. la il y a 2 trojans, celui d'hier soir en haut dont j'ai parlé hier, et celui de ce matin la.. le pc est allumé mais personne ne travaille dessus pour le moment.. ca devient lourd ce truc, à moins que ce ne soit pas un troyen..

Hé bien figures toi que ce matin, à ma grande surprise, l'analyse antivir n'a rien détecté!! Il semblerait donc que les problèmes soient finis! Bon comme je suis un mec cool je te mets quand même un log HijackThis : Logfile of HijackThis v1.99.1 Scan saved at 09:06:06, on 11/10/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\Program Files\Reflection\rtsserv.exe C:\Program Files\Cerus\Landpark\IP Clients\LpServiceIPClient.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\program files\dell\traytool.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\ewido anti-spyware 4.0\ewido.exe C:\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O3 - Toolbar: (no name) - {44BE0690-5429-47f0-85BB-3FFD8020233E} - (no file) O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [ToolExe] c:\program files\dell\traytool.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Startup: liaison.bat O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Landpark IP Client.lnk = C:\Program Files\Cerus\Landpark\IP Clients\LpIPClient.exe O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .rx: C:\Program Files\Internet Explorer\Plugins\iewrqxrx.dll O12 - Plugin for .rxc: C:\Program Files\Internet Explorer\Plugins\iewrqxrx.dll O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{A05C9C67-3EBD-47D1-B577-E06B302F04D3}: NameServer = 194.2.0.20,194.2.0.50 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\UGFzY2Fs\command.exe (file missing) O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing) O23 - Service: Reflection TimeSync - WRQ, Inc. - C:\Program Files\Reflection\rtsserv.exe O23 - Service: Landpark Network IP Client (Service2) - Cerus Informatique - C:\Program Files\Cerus\Landpark\IP Clients\LpServiceIPClient.exe merci d'avance

Bonjour tout le monde d'abord Voila apres une journée passé avec ce problème (Look2me), il semblerait que j'ai réussi à l'éradiquer, seulement comme j'ai pu le lire ailleurs, un spyware arrive rarement seul, et la apparement c'est le gros lot puisque en ce moment meme, j'entend le pc sonner (scan ewido et antivir configuré d'apres votre tuto qui se mets à sonner me disant qu'il y a un .exe néfaste dans c:/ .. et ewido qui détecte des spywares encore..) bref je récapitule tout. J'ai suivi la procédure dite propre pour nettoyer le pc. Voici les logs du scan antivirus effectué en mode sans echec: AntiVir PersonalEdition Classic Report file date: mardi 10 octobre 2006 16:36 Scanning for 495093 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-WURGE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: Pascal Computer name: INFO_ADONIX Version information: AVSCAN.EXE : 7.0.0.47 200744 21/08/2006 10:06:56 AVSCAN.DLL : 7.0.0.45 41000 07/09/2006 10:56:33 LUKE.DLL : 7.0.0.47 118824 07/09/2006 10:32:33 LUKERES.DLL : 7.0.0.47 9256 07/09/2006 10:56:33 ANTIVIR0.VDF : 6.35.0.1 7371264 31/05/2006 10:35:27 ANTIVIR1.VDF : 6.36.0.9 1424384 06/09/2006 07:12:24 ANTIVIR2.VDF : 6.36.0.10 2048 06/09/2006 07:12:26 ANTIVIR3.VDF : 6.36.0.11 2048 06/09/2006 07:12:28 AVEWIN32.DLL : 7.2.0.14 1827328 04/09/2006 14:23:26 AVPREF.DLL : 7.0.0.2 23592 24/07/2006 12:36:04 AVREP.DLL : 6.36.0.3 794664 06/09/2006 08:04:08 AVRPBASE.DLL : 7.0.0.0 2162728 30/03/2006 08:43:31 AVPACK32.DLL : 7.2.0.0 368680 21/07/2006 06:00:28 AVREG.DLL : 6.31.0.90 27688 28/07/2005 10:06:36 NETNT.DLL : 6.32.0.0 6696 27/09/2005 07:56:49 NETNW.DLL : 7.0.0.0 9768 24/07/2006 12:35:55 RCIMAGE.DLL : 7.0.0.74 1642536 01/08/2006 11:22:57 RCTEXT.DLL : 7.0.0.107 77864 07/09/2006 10:56:32 Configuration settings for the scan: Jobname.......................: Local Drives Configuration file............: C:\Program Files\AntiVir PersonalEdition Classic\alldrives.avp Boot sectors..................: C,D,A,B,F,E Scan memory...................: 1 Process scan..................: 1 Scan all files................: 1 Scan archives.................: 1 Recursion depth...............: 20 Smart extensions..............: 1 Skipped archive types.........: 1000,1001,1002,1003,1004,1005, Macro heuristic...............: 1 File heuristic................: 2 Primary action................: 1 Secondary action..............: 0 Start of the scan: mardi 10 octobre 2006 16:36 The scan of running processes will be started 6 Processes were scanned Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Boot sector 'D:\' [NOTE] No virus was found! Boot sector 'A:\' [NOTE] In the drive 'A:\' no data medium is inserted! Boot sector 'B:\' [NOTE] No virus was found! Boot sector 'F:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( 20 files ). Starting the file scan: C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\NetworkService\NTUSER.DAT [WARNING] The file could not be opened! C:\Documents and Settings\NetworkService\ntuser.dat.LOG [WARNING] The file could not be opened! C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat [WARNING] The file could not be opened! C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG [WARNING] The file could not be opened! C:\Documents and Settings\Pascal\NTUSER.DAT [WARNING] The file could not be opened! C:\Documents and Settings\Pascal\ntuser.dat.LOG [WARNING] The file could not be opened! C:\Documents and Settings\Pascal\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat [WARNING] The file could not be opened! C:\Documents and Settings\Pascal\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG [WARNING] The file could not be opened! C:\Program Files\Network Monitor\netmon.exe [DETECTION] Contains signature of the SPR/NetMon.A program [INFO] The file was deleted! C:\Program Files\Reflection\rdocfra.dll [DETECTION] Contains suspicious code HEUR/Crypted [INFO] The file was deleted! C:\WINDOWS\system32\FV20.DLL [WARNING] The file could not be opened! C:\WINDOWS\system32\hr6m05j1e.dll [WARNING] The file could not be opened! C:\WINDOWS\system32\lvn6095se.dll [WARNING] The file could not be opened! C:\WINDOWS\system32\config\default [WARNING] The file could not be opened! C:\WINDOWS\system32\config\default.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SAM [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SAM.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SECURITY [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SECURITY.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\software [WARNING] The file could not be opened! C:\WINDOWS\system32\config\software.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\system [WARNING] The file could not be opened! C:\WINDOWS\system32\config\system.LOG [WARNING] The file could not be opened! The path A:\ could not be found! Le périphérique n'est pas prêt. The path E:\ could not be found! Le périphérique n'est pas prêt. End of the scan: mardi 10 octobre 2006 17:21 Used time: 45:03 min The scan has been done completely. 3084 Scanning directories 202363 Files were scanned 2 viruses and/or unwanted programs were found 2 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 7362 Archives were scanned 22 Warnings 18 Notes Suivi par un log HijackThis: Logfile of HijackThis v1.99.1 Scan saved at 17:32:55, on 10/10/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\Program Files\Reflection\rtsserv.exe C:\Program Files\Cerus\Landpark\IP Clients\LpServiceIPClient.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\WINDOWS\system32\wuauclt.exe C:\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O3 - Toolbar: (no name) - {44BE0690-5429-47f0-85BB-3FFD8020233E} - (no file) O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [ToolExe] c:\program files\dell\traytool.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Startup: liaison.bat O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Landpark IP Client.lnk = C:\Program Files\Cerus\Landpark\IP Clients\LpIPClient.exe O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .rx: C:\Program Files\Internet Explorer\Plugins\iewrqxrx.dll O12 - Plugin for .rxc: C:\Program Files\Internet Explorer\Plugins\iewrqxrx.dll O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{A05C9C67-3EBD-47D1-B577-E06B302F04D3}: NameServer = 194.2.0.20,194.2.0.50 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: H323TSP - C:\WINDOWS\system32\FV20.DLL O20 - Winlogon Notify: SideBySide - C:\WINDOWS\system32\lvn6095se.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\UGFzY2Fs\command.exe (file missing) O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing) O23 - Service: Reflection TimeSync - WRQ, Inc. - C:\Program Files\Reflection\rtsserv.exe O23 - Service: Landpark Network IP Client (Service2) - Cerus Informatique - C:\Program Files\Cerus\Landpark\IP Clients\LpServiceIPClient.exe Ceci fait j'ai entamé la procédure de Look2Me-Destroyer, dont voici le log: Look2Me-Destroyer V1.0.12 Scanning for infected files..... Scan started at 10/10/2006 17:41:05 Infected! C:\WINDOWS\system32\FV20.DLL Infected! C:\WINDOWS\system32\lvn6095se.dll Infected! C:\System Volume Information\_restore{9B08B945-5FE8-4A8D-B5D0-31B3BB497D7F}\RP192\A0009585.dll Infected! C:\System Volume Information\_restore{9B08B945-5FE8-4A8D-B5D0-31B3BB497D7F}\RP192\A0009588.dll Infected! C:\System Volume Information\_restore{9B08B945-5FE8-4A8D-B5D0-31B3BB497D7F}\RP192\A0009589.dll Infected! C:\System Volume Information\_restore{9B08B945-5FE8-4A8D-B5D0-31B3BB497D7F}\RP192\A0009590.dll Infected! C:\System Volume Information\_restore{9B08B945-5FE8-4A8D-B5D0-31B3BB497D7F}\RP192\A0009591.dll Infected! C:\System Volume Information\_restore{9B08B945-5FE8-4A8D-B5D0-31B3BB497D7F}\RP192\A0009592.dll Infected! C:\System Volume Information\_restore{9B08B945-5FE8-4A8D-B5D0-31B3BB497D7F}\RP192\A0009593.dll Infected! C:\System Volume Information\_restore{9B08B945-5FE8-4A8D-B5D0-31B3BB497D7F}\RP192\A0009596.dll Infected! C:\System Volume Information\_restore{9B08B945-5FE8-4A8D-B5D0-31B3BB497D7F}\RP192\A0009605.dll Infected! C:\System Volume Information\_restore{9B08B945-5FE8-4A8D-B5D0-31B3BB497D7F}\RP192\A0010610.dll Infected! C:\System Volume Information\_restore{9B08B945-5FE8-4A8D-B5D0-31B3BB497D7F}\RP192\A0011608.dll Infected! C:\System Volume Information\_restore{9B08B945-5FE8-4A8D-B5D0-31B3BB497D7F}\RP192\A0011613.dll Infected! C:\System Volume Information\_restore{9B08B945-5FE8-4A8D-B5D0-31B3BB497D7F}\RP192\A0011618.dll Infected! C:\System Volume Information\_restore{9B08B945-5FE8-4A8D-B5D0-31B3BB497D7F}\RP192\A0011619.dll Infected! C:\System Volume Information\_restore{9B08B945-5FE8-4A8D-B5D0-31B3BB497D7F}\RP192\A0011627.dll Infected! C:\System Volume Information\_restore{9B08B945-5FE8-4A8D-B5D0-31B3BB497D7F}\RP192\A0011628.dll Infected! C:\System Volume Information\_restore{9B08B945-5FE8-4A8D-B5D0-31B3BB497D7F}\RP192\A0012636.dll Infected! C:\System Volume Information\_restore{9B08B945-5FE8-4A8D-B5D0-31B3BB497D7F}\RP192\A0012760.dll Infected! C:\WINDOWS\system32\dnl6013se.dll Infected! C:\WINDOWS\system32\hr6m05j1e.dll Infected! C:\WINDOWS\system32\rQssapi.dll Infected! C:\WINDOWS\system32\wjaueng1.dll Infected! C:\WINDOWS\system32\guard.tmp Attempting to delete infected files... Attempting to delete: C:\WINDOWS\system32\FV20.DLL C:\WINDOWS\system32\FV20.DLL Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B08B945-5FE8-4A8D-B5D0-31B3BB497D7F}\RP192\A0009585.dll C:\System Volume Information\_restore{9B08B945-5FE8-4A8D-B5D0-31B3BB497D7F}\RP192\A0009585.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B08B945-5FE8-4A8D-B5D0-31B3BB497D7F}\RP192\A0009588.dll C:\System Volume Information\_restore{9B08B945-5FE8-4A8D-B5D0-31B3BB497D7F}\RP192\A0009588.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B08B945-5FE8-4A8D-B5D0-31B3BB497D7F}\RP192\A0009589.dll C:\System Volume Information\_restore{9B08B945-5FE8-4A8D-B5D0-31B3BB497D7F}\RP192\A0009589.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B08B945-5FE8-4A8D-B5D0-31B3BB497D7F}\RP192\A0009590.dll C:\System Volume Information\_restore{9B08B945-5FE8-4A8D-B5D0-31B3BB497D7F}\RP192\A0009590.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B08B945-5FE8-4A8D-B5D0-31B3BB497D7F}\RP192\A0009591.dll C:\System Volume Information\_restore{9B08B945-5FE8-4A8D-B5D0-31B3BB497D7F}\RP192\A0009591.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B08B945-5FE8-4A8D-B5D0-31B3BB497D7F}\RP192\A0009592.dll C:\System Volume Information\_restore{9B08B945-5FE8-4A8D-B5D0-31B3BB497D7F}\RP192\A0009592.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B08B945-5FE8-4A8D-B5D0-31B3BB497D7F}\RP192\A0009593.dll C:\System Volume Information\_restore{9B08B945-5FE8-4A8D-B5D0-31B3BB497D7F}\RP192\A0009593.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B08B945-5FE8-4A8D-B5D0-31B3BB497D7F}\RP192\A0009596.dll C:\System Volume Information\_restore{9B08B945-5FE8-4A8D-B5D0-31B3BB497D7F}\RP192\A0009596.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B08B945-5FE8-4A8D-B5D0-31B3BB497D7F}\RP192\A0009605.dll C:\System Volume Information\_restore{9B08B945-5FE8-4A8D-B5D0-31B3BB497D7F}\RP192\A0009605.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B08B945-5FE8-4A8D-B5D0-31B3BB497D7F}\RP192\A0010610.dll C:\System Volume Information\_restore{9B08B945-5FE8-4A8D-B5D0-31B3BB497D7F}\RP192\A0010610.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B08B945-5FE8-4A8D-B5D0-31B3BB497D7F}\RP192\A0011608.dll C:\System Volume Information\_restore{9B08B945-5FE8-4A8D-B5D0-31B3BB497D7F}\RP192\A0011608.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B08B945-5FE8-4A8D-B5D0-31B3BB497D7F}\RP192\A0011613.dll C:\System Volume Information\_restore{9B08B945-5FE8-4A8D-B5D0-31B3BB497D7F}\RP192\A0011613.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B08B945-5FE8-4A8D-B5D0-31B3BB497D7F}\RP192\A0011618.dll C:\System Volume Information\_restore{9B08B945-5FE8-4A8D-B5D0-31B3BB497D7F}\RP192\A0011618.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B08B945-5FE8-4A8D-B5D0-31B3BB497D7F}\RP192\A0011619.dll C:\System Volume Information\_restore{9B08B945-5FE8-4A8D-B5D0-31B3BB497D7F}\RP192\A0011619.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B08B945-5FE8-4A8D-B5D0-31B3BB497D7F}\RP192\A0011627.dll C:\System Volume Information\_restore{9B08B945-5FE8-4A8D-B5D0-31B3BB497D7F}\RP192\A0011627.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B08B945-5FE8-4A8D-B5D0-31B3BB497D7F}\RP192\A0011628.dll C:\System Volume Information\_restore{9B08B945-5FE8-4A8D-B5D0-31B3BB497D7F}\RP192\A0011628.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B08B945-5FE8-4A8D-B5D0-31B3BB497D7F}\RP192\A0012636.dll C:\System Volume Information\_restore{9B08B945-5FE8-4A8D-B5D0-31B3BB497D7F}\RP192\A0012636.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{9B08B945-5FE8-4A8D-B5D0-31B3BB497D7F}\RP192\A0012760.dll C:\System Volume Information\_restore{9B08B945-5FE8-4A8D-B5D0-31B3BB497D7F}\RP192\A0012760.dll Deleted successfully! Attempting to delete: C:\WINDOWS\system32\dnl6013se.dll C:\WINDOWS\system32\dnl6013se.dll Deleted successfully! Attempting to delete: C:\WINDOWS\system32\hr6m05j1e.dll C:\WINDOWS\system32\hr6m05j1e.dll Deleted successfully! Attempting to delete: C:\WINDOWS\system32\rQssapi.dll C:\WINDOWS\system32\rQssapi.dll Deleted successfully! Attempting to delete: C:\WINDOWS\system32\wjaueng1.dll C:\WINDOWS\system32\wjaueng1.dll Deleted successfully! Attempting to delete: C:\WINDOWS\system32\guard.tmp C:\WINDOWS\system32\guard.tmp Deleted successfully! Making registry repairs. Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\H323TSP Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SideBySide Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{9B30C1DD-B296-4A56-B6F5-284FD0645EAD}" HKCR\Clsid\{9B30C1DD-B296-4A56-B6F5-284FD0645EAD} Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{CF6CBBFB-9714-44E1-BC14-44FCB7F7A113}" HKCR\Clsid\{CF6CBBFB-9714-44E1-BC14-44FCB7F7A113} Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{ADDA9642-4F67-42EB-A326-06F18DC2A64D}" HKCR\Clsid\{ADDA9642-4F67-42EB-A326-06F18DC2A64D} Restoring Windows certificates. Replaced hosts file with default windows hosts file Restoring SeDebugPrivilege for Administrateurs - Succeeded en ce moment donc, ewido tourne ainsi que antivir (en mode actif, pas en scan mais en protection) Antinvir a donc supprimer un .exe, voici le nom du virus : TR/Dldr.DollarRev.D et Ewido continue de tourner.. bref need back up