Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Suite à l'installation de Tvants

c3d28

Par c3d28
dans Analyses et éradication malwares

 Partager

Messages recommandés

Zerocool81 Member

Zerocool81

Posté(e)
Posté(e)

Bonsoir,

Il met arrivé le même ennui que c3d28, et je n'arrive pas à m'en sortir, je comprends que ce soit pénible pour vous mais j'aurais également besoin de votre aide.

Même cause Tvants, et même genre de bestiole se baladant sur mon ordinateur et faisant exploser litteralement avast :P

 

 

Merci Beaucoup d'avance :P

regis56 Godlike Member

regis56

Posté(e)
Posté(e)

Salut !

 

pas de problème je suis sur le coup !

Dès que le script sera finalisé je te met la procédure.

 

Ce sera surement pour demain.

 

A plus.

regis56 Godlike Member

regis56

Posté(e)
Posté(e)

Salut !

 

Je tenais à venir t'informer :

 

Le script avance bien mais comme c'est une infection plutot difficile j'ai besoin d'encore un peu de temps.

 

Voilà à plus.

regis56 Godlike Member

regis56

Posté(e)
Posté(e) (modifié)

Bonsoir !

 

Le script est pret merci a ceux qui m'auront aidé sur le coup :P

 

Voici ce que tu vas faire STP :

 

On va créer un outil pour modifier la base de registre pour éliminer les traces d'infections !

 

1/Faire une sauvegarde du registre

Cliquer sur démarrer/executer

Taper ou copier/coller :

regedit /e Sav.reg

Cliquer sur Ok

Le fichier de sauvegarde se trouve ici

C:\Documents and Settings\Le nom de ta session\Sav.reg

 

2/ Créer un fichier Bloc Notes avec le texte qui se trouve dans l'espace "code" ci-dessous (copie/colle, sans le mot "Code"=>Attention pas de ligne vierge avant REGEDIT4 ) :

 

---code---

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"Userinit"="%WINDIR%\system32\userinit.exe,"

 

---code---

 

 

-Enregistre ce fichier dans : Bureau

-Nom du fichier : %SYSTEMDRIVE%\restore.reg

-Type : tous les fichiers

-cliquer sur Enregistrer

 

Ensuite :

 

Imprime cette page pour pouvoir suivre toutes les instructions pendant la procédure

 

1. Télécharger The Avenger par Swandog46 sur votre Bureau.

  • Click sur Avenger.zip pour ouvrir le fichier
  • Extraire avenger.exe sur votre bureau

2. Copier tout le texte de la boîte ci-dessous : mettre en surbrillance et appuyer sur les touches(Ctrl+C):

 

Drivers to unload:

ast

https

hidproc

bdwxbni

ffpbek

 

Registry values to delete:

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | http://hao123.union123.com/index.htm

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini | UserInit

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar | 03465FF5-00AE-411a-9C34-960ED566EC03

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar | DFCB34B6-902D-426E-AE2B-1B294AE19F4F

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | D:\Windows\System32\drivers\ttp.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | sdafdsafds

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | tcpipmon

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | System

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | qfv4c3g7xm

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | 9cu

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | Regscan

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar | B7D3E479-CC68-42B5-A338-C6B1F168274C

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | init

 

 

Registry keys to delete:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11F09AFD-75AD-4E51-AB43-E09E9351CE16}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6CFD436C-7AAD-4e50-992F-C0C87A94CAD2}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C86488AF-13D5-4FEF-9DDF-9FB88698CFC1}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dad6277f-c7eb-4f7e-8b0d-4e03f37a8dbf}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DE7C3CF0-4B15-11D1-ABED-709549C10000}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DFCB34B6-902D-426E-AE2B-1B294AE19F4F}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptimg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rpcc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Client IP-IPX

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\System Local Kernel Service

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Logon

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Windows User Mode Driver

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BBBE1C1A-89F7-4AF6-ABD1-2B2EF2D7A73B}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FA9295D9-42ED-4CE1-B2F5-AF6401111196}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7D3E479-CC68-42B5-A338-C6B1F168274C}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysReplaceOldServers

 

 

Files to delete:

%WINDIR%\4y9s.dll

%WINDIR%\sclgntfys.dll

%SYSTEMDRIVE%\WINDOWS9xro366yo.dll

%WINDIR%\system32\winsys16_070221.dll

%WINDIR%\system32\cryptimg.dll

%WINDIR%\system32\4e64ntos.dll

%WINDIR%\system32\cnwin.dll

%WINDIR%\system32\drivers\__delete_on_reboot__r_e_s_t_o_r_e_._d_l_l_

%WINDIR%\system32\drivers\ast.sys

%WINDIR%\System32\drivers\restore.ini

%WINDIR%\System32\drivers\https.sys

%WINDIR%\system32\drivers\hidproc.sys

%WINDIR%\bar.exe

%WINDIR%\rising128.exe

%WINDIR%\system32\2100qqgm.exe

%WINDIR%\system32\cacheur.exe

%WINDIR%\system32\12.exe

%WINDIR%\system32\1010s.exe

%WINDIR%\system32\UniBar.exe

%WINDIR%\system32\bind_50099.exe~

%WINDIR%\system32\unsvchosts.exe

%WINDIR%\system32\aswBoot.exe

%WINDIR%\system32\mctet.dll

%WINDIR%\system32\umtcap.dll

%WINDIR%\system32\cnwin.dll

%WINDIR%\system32\4f7ecfsb.dll

%WINDIR%\system32\4e64ntos.dll

%WINDIR%\system32\ffudf.exe

%WINDIR%\system32\dufs1.exe

%WINDIR%\system32\dufs2.exe

%WINDIR%\system32\jsefusf.exe

%WINDIR%\system32\drivers\bdwxbni.sys

%WINDIR%\system32\drivers\ffpbek.sys

%WINDIR%\system32\advport.dll

%WINDIR%\system32\wbem\ocmor.dll

%WINDIR%\System32\tcpipmon.exe

%SYSTEMDRIVE%\Documents and Settings\All Users\Application Data\Microsoft\Office\USERDATA\n8JRjXqheJ_2002.dll

%APPDATA%\Fichiers communs\CPUSH\cpush0.dll

%WINDIR%\System32\drivers\ttp.exe

%WINDIR%\temp\162.exe

%APPDATA%\Fichiers communs\System\Updaterun.exe

%SYSTEMDRIVE%\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\BkD1C4M4i3.exe

%WINDIR%\System32\AlxRes070221.exe

%WINDIR%\System32\scrsys070221.scr

%WINDIR%\System32\scrsys16_070221.scr

%WINDIR%\System32\winsys16_070221.dll

%WINDIR%\System32\winsys32_070221.dll

%WINDIR%\System32\winsys.ini

%SYSTEMDRIVE%\myplay.pif

%WINDIR%\SYSTEM32\RUNDLLFROMWIN2000.EXE

%WINDIR%\System32\regscan.exe

%WINDIR%\4y9s.dll

%SYSTEMDRIVE%\unwise.exe

%WINDIR%\System32\drivers\DJPXEKRXGMTBIP.DAT

%WINDIR%\sysinit.obi

%WINDIR%\bd9.exe

%WINDIR%\bd7.exe

%WINDIR%\bd5.exe

%WINDIR%\bd4.exe

%WINDIR%\bd3.exe

%SYSTEMDRIVE%\WINDOWS30.exe

%WINDIR%\100.exe

%WINDIR%\bd2.exe

%WINDIR%\bd3.exe

%WINDIR%\bd4.exe

%WINDIR%\bd5.exe

%WINDIR%\bd7.exe

%WINDIR%\bd9.exe

%WINDIR%\system32\1249.exe

%WINDIR%\system32\57sex109.exe

%WINDIR%\system32\ad2273.exe

%WINDIR%\system32\bind_50259.exe

%WINDIR%\system32\DIOVDJRYFMSAGN.EXE

%WINDIR%\system32\dodolook207.exe

%WINDIR%\system32\msmgrupdate.exe

%WINDIR%\system32\poptang.exe

%WINDIR%\system32\sofa020.exe

%WINDIR%\system32\zy0002.exe

%WINDIR%\system32\_msinst.exe

%WINDIR%\system32\1F8g8gk0g.dll

%WINDIR%\system32\GMTZG.DLL

%WINDIR%\system32\mshtmll.dll

%WINDIR%\system32\PVBJQXEL.DLL

%WINDIR%\system32\safobj32.dll

%WINDIR%\system32\VBHNTAHNUBI.DLL

%WINDIR%\system32\YEMUCJPWDKPW.DLL

%WINDIR%\system32\AdCache

%WINDIR%\ndpQO.exe

 

 

Folders to delete:

%APPDATA%\superutilbar

%APPDATA%\fichiers communs\.

%APPDATA%\fichiers communs\..

%APPDATA%\Fichiers communs\CPUSH

%APPDATA%\fichiers communs\{589E5AE1-0640-1036-0820-040406110021}

%APPDATA%\.

%APPDATA%\..

%APPDATA%\²Æ¸»Í¨

%APPDATA%\SoftToolbar

%APPDATA%\TVAnts

 

programs to launch on reboot:

%systemdrive%\restore.reg

 

Note: Le code ci-dessus a été intentionnellement rédigé pour CET utilisateur.

si vous n'êtes pas CET utilisateur, NE PAS appliquer ces directives : elles pourraient endommager votre système.

 

3. Maintenant, lancer The Avenger en cliquant sur son icône du bureau.

  • Sous "Script file to execute" choisir "Input Script Manually".
  • Puis cliquer sur l'icône en forme de loupe qui va ouvrir une nouvelle fenêtre "View/edit script"
  • Dans cette fenêtre, coller le texte précedemment copié sur le bureau par les touches (Ctrl+V).
  • Cliquer Done
  • ensuite cliquer sur l'icône en forme de Feu Vert pour démarrer l'exécution du script
  • Répondre "Yes" deux fois quand demandé.

4. The Avenger va automatiquement faire ce qui suit:

  • Il va Re-démarrer le système. ( Dans les cas où le script contient un/des "Drivers to Unload", The Avenger re-démarrera votre système 2 fois.)
  • A l'invite "voulez vous vraiment ajouter les informations contenues dans restore.reg au registre" répondre oui
  • Pendant le re-démarrage, il apparaitra brièvement une fenêtre de commande de windows noire sur votre bureau, ceci est NORMAL.
  • Après le re-démarrage, il crée un fichier log qui s'ouvrira, faisant apparaitre les actions exécutées par The Avenger. Ce fichier log se trouve ici : C:\avenger.txt
  • The Avenger aura également sauvegardé tous les fichiers, etc., que vous lui avez demandé de supprimer, les aura compactés (zipped) et tranféré l'archive zip ici C:\avenger\backup.zip.

5. Pour finir copier/coller le contenu du ficher c:\avenger.txt dans votre réponse avec un nouveau log HijackThis en utilisant REPONDRE

 

A plus.

Modifié par regis56
c3d28 Member

c3d28

Posté(e)
  • Auteur
Posté(e)

Log The Avenger

 

 

Logfile of The Avenger version 1, by Swandog46

Running from registry key:

\Registry\Machine\System\CurrentControlSet\Services\sihfgrvg

 

*******************

 

Script file located at: \??\D:\Documents and Settings\fsgulbrd.txt

Script file opened successfully.

 

Script file read successfully

 

Backups directory opened successfully at D:\Avenger

 

*******************

 

Beginning to process script file:

 

Driver ast unloaded successfully.

Driver https unloaded successfully.

Driver hidproc unloaded successfully.

Driver bdwxbni unloaded successfully.

Driver ffpbek unloaded successfully.

 

 

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Client IP-IPX not found!

Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Client IP-IPX failed!

 

Could not process line:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Client IP-IPX

Status: 0xc0000034

 

 

 

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\System Local Kernel Service not found!

Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\System Local Kernel Service failed!

 

Could not process line:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\System Local Kernel Service

Status: 0xc0000034

 

 

 

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Logon not found!

Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Logon failed!

 

Could not process line:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Logon

Status: 0xc0000034

 

 

 

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Windows User Mode Driver not found!

Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Windows User Mode Driver failed!

 

Could not process line:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Windows User Mode Driver

Status: 0xc0000034

 

 

 

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysReplaceOldServers not found!

Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysReplaceOldServers failed!

 

Could not process line:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysReplaceOldServers

Status: 0xc0000034

 

File D:\WINDOWS\4y9s.dll deleted successfully.

File D:\WINDOWS\sclgntfys.dll deleted successfully.

 

 

File D:\WINDOWS9xro366yo.dll not found!

Deletion of file D:\WINDOWS9xro366yo.dll failed!

 

Could not process line:

D:\WINDOWS9xro366yo.dll

Status: 0xc0000034

 

 

 

File D:\WINDOWS\system32\winsys16_070221.dll not found!

Deletion of file D:\WINDOWS\system32\winsys16_070221.dll failed!

 

Could not process line:

D:\WINDOWS\system32\winsys16_070221.dll

Status: 0xc0000034

 

File D:\WINDOWS\system32\cryptimg.dll deleted successfully.

 

 

File D:\WINDOWS\system32\4e64ntos.dll not found!

Deletion of file D:\WINDOWS\system32\4e64ntos.dll failed!

 

Could not process line:

D:\WINDOWS\system32\4e64ntos.dll

Status: 0xc0000034

 

File D:\WINDOWS\system32\cnwin.dll deleted successfully.

File D:\WINDOWS\system32\drivers\__delete_on_reboot__r_e_s_t_o_r_e_._d_l_l_ deleted successfully.

 

 

File D:\WINDOWS\system32\drivers\ast.sys not found!

Deletion of file D:\WINDOWS\system32\drivers\ast.sys failed!

 

Could not process line:

D:\WINDOWS\system32\drivers\ast.sys

Status: 0xc0000034

 

File D:\WINDOWS\System32\drivers\restore.ini deleted successfully.

File D:\WINDOWS\System32\drivers\https.sys deleted successfully.

File D:\WINDOWS\system32\drivers\hidproc.sys deleted successfully.

File D:\WINDOWS\bar.exe deleted successfully.

 

 

File D:\WINDOWS\rising128.exe not found!

Deletion of file D:\WINDOWS\rising128.exe failed!

 

Could not process line:

D:\WINDOWS\rising128.exe

Status: 0xc0000034

 

File D:\WINDOWS\system32\2100qqgm.exe deleted successfully.

File D:\WINDOWS\system32\cacheur.exe deleted successfully.

File D:\WINDOWS\system32\12.exe deleted successfully.

File D:\WINDOWS\system32\1010s.exe deleted successfully.

File D:\WINDOWS\system32\UniBar.exe deleted successfully.

File D:\WINDOWS\system32\bind_50099.exe~ deleted successfully.

File D:\WINDOWS\system32\unsvchosts.exe deleted successfully.

File D:\WINDOWS\system32\aswBoot.exe deleted successfully.

File D:\WINDOWS\system32\mctet.dll deleted successfully.

File D:\WINDOWS\system32\umtcap.dll deleted successfully.

 

 

File D:\WINDOWS\system32\cnwin.dll not found!

Deletion of file D:\WINDOWS\system32\cnwin.dll failed!

 

Could not process line:

D:\WINDOWS\system32\cnwin.dll

Status: 0xc0000034

 

 

 

File D:\WINDOWS\system32\4f7ecfsb.dll not found!

Deletion of file D:\WINDOWS\system32\4f7ecfsb.dll failed!

 

Could not process line:

D:\WINDOWS\system32\4f7ecfsb.dll

Status: 0xc0000034

 

 

 

File D:\WINDOWS\system32\4e64ntos.dll not found!

Deletion of file D:\WINDOWS\system32\4e64ntos.dll failed!

 

Could not process line:

D:\WINDOWS\system32\4e64ntos.dll

Status: 0xc0000034

 

File D:\WINDOWS\system32\ffudf.exe deleted successfully.

File D:\WINDOWS\system32\dufs1.exe deleted successfully.

File D:\WINDOWS\system32\dufs2.exe deleted successfully.

File D:\WINDOWS\system32\jsefusf.exe deleted successfully.

File D:\WINDOWS\system32\drivers\bdwxbni.sys deleted successfully.

File D:\WINDOWS\system32\drivers\ffpbek.sys deleted successfully.

File D:\WINDOWS\system32\advport.dll deleted successfully.

File D:\WINDOWS\system32\wbem\ocmor.dll deleted successfully.

 

 

File D:\WINDOWS\System32\tcpipmon.exe not found!

Deletion of file D:\WINDOWS\System32\tcpipmon.exe failed!

 

Could not process line:

D:\WINDOWS\System32\tcpipmon.exe

Status: 0xc0000034

 

File D:\Documents and Settings\All Users\Application Data\Microsoft\Office\USERDATA\n8JRjXqheJ_2002.dll deleted successfully.

 

 

Could not open file D:\Documents and Settings\Lenquette\Application Data\Fichiers communs\CPUSH\cpush0.dll for deletion

Deletion of file D:\Documents and Settings\Lenquette\Application Data\Fichiers communs\CPUSH\cpush0.dll failed!

 

Could not process line:

D:\Documents and Settings\Lenquette\Application Data\Fichiers communs\CPUSH\cpush0.dll

Status: 0xc000003a

 

 

 

File D:\WINDOWS\System32\drivers\ttp.exe not found!

Deletion of file D:\WINDOWS\System32\drivers\ttp.exe failed!

 

Could not process line:

D:\WINDOWS\System32\drivers\ttp.exe

Status: 0xc0000034

 

 

 

File D:\WINDOWS\temp\162.exe not found!

Deletion of file D:\WINDOWS\temp\162.exe failed!

 

Could not process line:

D:\WINDOWS\temp\162.exe

Status: 0xc0000034

 

 

 

Could not open file D:\Documents and Settings\Lenquette\Application Data\Fichiers communs\System\Updaterun.exe for deletion

Deletion of file D:\Documents and Settings\Lenquette\Application Data\Fichiers communs\System\Updaterun.exe failed!

 

Could not process line:

D:\Documents and Settings\Lenquette\Application Data\Fichiers communs\System\Updaterun.exe

Status: 0xc000003a

 

 

 

File D:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\BkD1C4M4i3.exe not found!

Deletion of file D:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\BkD1C4M4i3.exe failed!

 

Could not process line:

D:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\BkD1C4M4i3.exe

Status: 0xc0000034

 

 

 

File D:\WINDOWS\System32\AlxRes070221.exe not found!

Deletion of file D:\WINDOWS\System32\AlxRes070221.exe failed!

 

Could not process line:

D:\WINDOWS\System32\AlxRes070221.exe

Status: 0xc0000034

 

 

 

File D:\WINDOWS\System32\scrsys070221.scr not found!

Deletion of file D:\WINDOWS\System32\scrsys070221.scr failed!

 

Could not process line:

D:\WINDOWS\System32\scrsys070221.scr

Status: 0xc0000034

 

File D:\WINDOWS\System32\scrsys16_070221.scr deleted successfully.

 

 

File D:\WINDOWS\System32\winsys16_070221.dll not found!

Deletion of file D:\WINDOWS\System32\winsys16_070221.dll failed!

 

Could not process line:

D:\WINDOWS\System32\winsys16_070221.dll

Status: 0xc0000034

 

 

 

File D:\WINDOWS\System32\winsys32_070221.dll not found!

Deletion of file D:\WINDOWS\System32\winsys32_070221.dll failed!

 

Could not process line:

D:\WINDOWS\System32\winsys32_070221.dll

Status: 0xc0000034

 

 

 

File D:\WINDOWS\System32\winsys.ini not found!

Deletion of file D:\WINDOWS\System32\winsys.ini failed!

 

Could not process line:

D:\WINDOWS\System32\winsys.ini

Status: 0xc0000034

 

 

 

File D:\myplay.pif not found!

Deletion of file D:\myplay.pif failed!

 

Could not process line:

D:\myplay.pif

Status: 0xc0000034

 

File D:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE deleted successfully.

File D:\WINDOWS\System32\regscan.exe deleted successfully.

 

 

File D:\WINDOWS\4y9s.dll not found!

Deletion of file D:\WINDOWS\4y9s.dll failed!

 

Could not process line:

D:\WINDOWS\4y9s.dll

Status: 0xc0000034

 

 

 

File D:\unwise.exe not found!

Deletion of file D:\unwise.exe failed!

 

Could not process line:

D:\unwise.exe

Status: 0xc0000034

 

 

 

File D:\WINDOWS\System32\drivers\DJPXEKRXGMTBIP.DAT not found!

Deletion of file D:\WINDOWS\System32\drivers\DJPXEKRXGMTBIP.DAT failed!

 

Could not process line:

D:\WINDOWS\System32\drivers\DJPXEKRXGMTBIP.DAT

Status: 0xc0000034

 

 

 

File D:\WINDOWS\sysinit.obi not found!

Deletion of file D:\WINDOWS\sysinit.obi failed!

 

Could not process line:

D:\WINDOWS\sysinit.obi

Status: 0xc0000034

 

 

 

File D:\WINDOWS\bd9.exe not found!

Deletion of file D:\WINDOWS\bd9.exe failed!

 

Could not process line:

D:\WINDOWS\bd9.exe

Status: 0xc0000034

 

 

 

File D:\WINDOWS\bd7.exe not found!

Deletion of file D:\WINDOWS\bd7.exe failed!

 

Could not process line:

D:\WINDOWS\bd7.exe

Status: 0xc0000034

 

 

 

File D:\WINDOWS\bd5.exe not found!

Deletion of file D:\WINDOWS\bd5.exe failed!

 

Could not process line:

D:\WINDOWS\bd5.exe

Status: 0xc0000034

 

 

 

File D:\WINDOWS\bd4.exe not found!

Deletion of file D:\WINDOWS\bd4.exe failed!

 

Could not process line:

D:\WINDOWS\bd4.exe

Status: 0xc0000034

 

 

 

File D:\WINDOWS\bd3.exe not found!

Deletion of file D:\WINDOWS\bd3.exe failed!

 

Could not process line:

D:\WINDOWS\bd3.exe

Status: 0xc0000034

 

 

 

File D:\WINDOWS30.exe not found!

Deletion of file D:\WINDOWS30.exe failed!

 

Could not process line:

D:\WINDOWS30.exe

Status: 0xc0000034

 

 

 

File D:\WINDOWS\100.exe not found!

Deletion of file D:\WINDOWS\100.exe failed!

 

Could not process line:

D:\WINDOWS\100.exe

Status: 0xc0000034

 

 

 

File D:\WINDOWS\bd2.exe not found!

Deletion of file D:\WINDOWS\bd2.exe failed!

 

Could not process line:

D:\WINDOWS\bd2.exe

Status: 0xc0000034

 

 

 

File D:\WINDOWS\bd3.exe not found!

Deletion of file D:\WINDOWS\bd3.exe failed!

 

Could not process line:

D:\WINDOWS\bd3.exe

Status: 0xc0000034

 

 

 

File D:\WINDOWS\bd4.exe not found!

Deletion of file D:\WINDOWS\bd4.exe failed!

 

Could not process line:

D:\WINDOWS\bd4.exe

Status: 0xc0000034

 

 

 

File D:\WINDOWS\bd5.exe not found!

Deletion of file D:\WINDOWS\bd5.exe failed!

 

Could not process line:

D:\WINDOWS\bd5.exe

Status: 0xc0000034

 

 

 

File D:\WINDOWS\bd7.exe not found!

Deletion of file D:\WINDOWS\bd7.exe failed!

 

Could not process line:

D:\WINDOWS\bd7.exe

Status: 0xc0000034

 

 

 

File D:\WINDOWS\bd9.exe not found!

Deletion of file D:\WINDOWS\bd9.exe failed!

 

Could not process line:

D:\WINDOWS\bd9.exe

Status: 0xc0000034

 

 

 

File D:\WINDOWS\system32\1249.exe not found!

Deletion of file D:\WINDOWS\system32\1249.exe failed!

 

Could not process line:

D:\WINDOWS\system32\1249.exe

Status: 0xc0000034

 

 

 

File D:\WINDOWS\system32\57sex109.exe not found!

Deletion of file D:\WINDOWS\system32\57sex109.exe failed!

 

Could not process line:

D:\WINDOWS\system32\57sex109.exe

Status: 0xc0000034

 

 

 

File D:\WINDOWS\system32\ad2273.exe not found!

Deletion of file D:\WINDOWS\system32\ad2273.exe failed!

 

Could not process line:

D:\WINDOWS\system32\ad2273.exe

Status: 0xc0000034

 

 

 

File D:\WINDOWS\system32\bind_50259.exe not found!

Deletion of file D:\WINDOWS\system32\bind_50259.exe failed!

 

Could not process line:

D:\WINDOWS\system32\bind_50259.exe

Status: 0xc0000034

 

 

 

File D:\WINDOWS\system32\DIOVDJRYFMSAGN.EXE not found!

Deletion of file D:\WINDOWS\system32\DIOVDJRYFMSAGN.EXE failed!

 

Could not process line:

D:\WINDOWS\system32\DIOVDJRYFMSAGN.EXE

Status: 0xc0000034

 

 

 

File D:\WINDOWS\system32\dodolook207.exe not found!

Deletion of file D:\WINDOWS\system32\dodolook207.exe failed!

 

Could not process line:

D:\WINDOWS\system32\dodolook207.exe

Status: 0xc0000034

 

 

 

File D:\WINDOWS\system32\msmgrupdate.exe not found!

Deletion of file D:\WINDOWS\system32\msmgrupdate.exe failed!

 

Could not process line:

D:\WINDOWS\system32\msmgrupdate.exe

Status: 0xc0000034

 

 

 

File D:\WINDOWS\system32\poptang.exe not found!

Deletion of file D:\WINDOWS\system32\poptang.exe failed!

 

Could not process line:

D:\WINDOWS\system32\poptang.exe

Status: 0xc0000034

 

 

 

File D:\WINDOWS\system32\sofa020.exe not found!

Deletion of file D:\WINDOWS\system32\sofa020.exe failed!

 

Could not process line:

D:\WINDOWS\system32\sofa020.exe

Status: 0xc0000034

 

 

 

File D:\WINDOWS\system32\zy0002.exe not found!

Deletion of file D:\WINDOWS\system32\zy0002.exe failed!

 

Could not process line:

D:\WINDOWS\system32\zy0002.exe

Status: 0xc0000034

 

 

 

File D:\WINDOWS\system32\_msinst.exe not found!

Deletion of file D:\WINDOWS\system32\_msinst.exe failed!

 

Could not process line:

D:\WINDOWS\system32\_msinst.exe

Status: 0xc0000034

 

 

 

File D:\WINDOWS\system32\1F8g8gk0g.dll not found!

Deletion of file D:\WINDOWS\system32\1F8g8gk0g.dll failed!

 

Could not process line:

D:\WINDOWS\system32\1F8g8gk0g.dll

Status: 0xc0000034

 

 

 

File D:\WINDOWS\system32\GMTZG.DLL not found!

Deletion of file D:\WINDOWS\system32\GMTZG.DLL failed!

 

Could not process line:

D:\WINDOWS\system32\GMTZG.DLL

Status: 0xc0000034

 

 

 

File D:\WINDOWS\system32\mshtmll.dll not found!

Deletion of file D:\WINDOWS\system32\mshtmll.dll failed!

 

Could not process line:

D:\WINDOWS\system32\mshtmll.dll

Status: 0xc0000034

 

 

 

File D:\WINDOWS\system32\PVBJQXEL.DLL not found!

Deletion of file D:\WINDOWS\system32\PVBJQXEL.DLL failed!

 

Could not process line:

D:\WINDOWS\system32\PVBJQXEL.DLL

Status: 0xc0000034

 

 

 

File D:\WINDOWS\system32\safobj32.dll not found!

Deletion of file D:\WINDOWS\system32\safobj32.dll failed!

 

Could not process line:

D:\WINDOWS\system32\safobj32.dll

Status: 0xc0000034

 

 

 

File D:\WINDOWS\system32\VBHNTAHNUBI.DLL not found!

Deletion of file D:\WINDOWS\system32\VBHNTAHNUBI.DLL failed!

 

Could not process line:

D:\WINDOWS\system32\VBHNTAHNUBI.DLL

Status: 0xc0000034

 

 

 

File D:\WINDOWS\system32\YEMUCJPWDKPW.DLL not found!

Deletion of file D:\WINDOWS\system32\YEMUCJPWDKPW.DLL failed!

 

Could not process line:

D:\WINDOWS\system32\YEMUCJPWDKPW.DLL

Status: 0xc0000034

 

 

 

File D:\WINDOWS\system32\AdCache not found!

Deletion of file D:\WINDOWS\system32\AdCache failed!

 

Could not process line:

D:\WINDOWS\system32\AdCache

Status: 0xc0000034

 

 

 

File D:\WINDOWS\ndpQO.exe not found!

Deletion of file D:\WINDOWS\ndpQO.exe failed!

 

Could not process line:

D:\WINDOWS\ndpQO.exe

Status: 0xc0000034

 

 

 

Folder D:\Documents and Settings\Lenquette\Application Data\superutilbar not found!

Deletion of folder D:\Documents and Settings\Lenquette\Application Data\superutilbar failed!

 

Could not process line:

D:\Documents and Settings\Lenquette\Application Data\superutilbar

Status: 0xc0000034

 

 

 

Could not open folder D:\Documents and Settings\Lenquette\Application Data\fichiers communs\. for deletion

Deletion of folder D:\Documents and Settings\Lenquette\Application Data\fichiers communs\. failed!

 

Could not process line:

D:\Documents and Settings\Lenquette\Application Data\fichiers communs\.

Status: 0xc000003a

 

 

 

Could not open folder D:\Documents and Settings\Lenquette\Application Data\fichiers communs\.. for deletion

Deletion of folder D:\Documents and Settings\Lenquette\Application Data\fichiers communs\.. failed!

 

Could not process line:

D:\Documents and Settings\Lenquette\Application Data\fichiers communs\..

Status: 0xc000003a

 

 

 

Could not open folder D:\Documents and Settings\Lenquette\Application Data\Fichiers communs\CPUSH for deletion

Deletion of folder D:\Documents and Settings\Lenquette\Application Data\Fichiers communs\CPUSH failed!

 

Could not process line:

D:\Documents and Settings\Lenquette\Application Data\Fichiers communs\CPUSH

Status: 0xc000003a

 

 

 

Could not open folder D:\Documents and Settings\Lenquette\Application Data\fichiers communs\{589E5AE1-0640-1036-0820-040406110021} for deletion

Deletion of folder D:\Documents and Settings\Lenquette\Application Data\fichiers communs\{589E5AE1-0640-1036-0820-040406110021} failed!

 

Could not process line:

D:\Documents and Settings\Lenquette\Application Data\fichiers communs\{589E5AE1-0640-1036-0820-040406110021}

Status: 0xc000003a

 

 

 

Folder D:\Documents and Settings\Lenquette\Application Data\. not found!

Deletion of folder D:\Documents and Settings\Lenquette\Application Data\. failed!

 

Could not process line:

D:\Documents and Settings\Lenquette\Application Data\.

Status: 0xc0000034

 

 

 

Folder D:\Documents and Settings\Lenquette\Application Data\.. not found!

Deletion of folder D:\Documents and Settings\Lenquette\Application Data\.. failed!

 

Could not process line:

D:\Documents and Settings\Lenquette\Application Data\..

Status: 0xc0000034

 

 

 

Folder D:\Documents and Settings\Lenquette\Application Data\²Æ¸»Í¨ not found!

Deletion of folder D:\Documents and Settings\Lenquette\Application Data\²Æ¸»Í¨ failed!

 

Could not process line:

D:\Documents and Settings\Lenquette\Application Data\²Æ¸»Í¨

Status: 0xc0000034

 

 

 

Folder D:\Documents and Settings\Lenquette\Application Data\SoftToolbar not found!

Deletion of folder D:\Documents and Settings\Lenquette\Application Data\SoftToolbar failed!

 

Could not process line:

D:\Documents and Settings\Lenquette\Application Data\SoftToolbar

Status: 0xc0000034

 

 

 

Folder D:\Documents and Settings\Lenquette\Application Data\TVAnts not found!

Deletion of folder D:\Documents and Settings\Lenquette\Application Data\TVAnts failed!

 

Could not process line:

D:\Documents and Settings\Lenquette\Application Data\TVAnts

Status: 0xc0000034

 

 

 

Could not delete registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main|http://hao123.union123.com/index.htm

Deletion of registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main|http://hao123.union123.com/index.htm failed!

Status: 0xc0000034

 

 

 

Could not delete registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini|UserInit

Deletion of registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini|UserInit failed!

Status: 0xc0000034

 

 

 

Could not delete registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar|03465FF5-00AE-411a-9C34-960ED566EC03

Deletion of registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar|03465FF5-00AE-411a-9C34-960ED566EC03 failed!

Status: 0xc0000034

 

 

 

Could not delete registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar|DFCB34B6-902D-426E-AE2B-1B294AE19F4F

Deletion of registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar|DFCB34B6-902D-426E-AE2B-1B294AE19F4F failed!

Status: 0xc0000034

 

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|D:\Windows\System32\drivers\ttp.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|sdafdsafds deleted successfully.

 

 

Could not delete registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|tcpipmon

Deletion of registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|tcpipmon failed!

Status: 0xc0000034

 

 

 

Could not delete registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|System

Deletion of registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|System failed!

Status: 0xc0000034

 

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|qfv4c3g7xm deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|9cu deleted successfully.

 

 

Could not delete registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Regscan

Deletion of registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Regscan failed!

Status: 0xc0000034

 

 

 

Could not delete registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar|B7D3E479-CC68-42B5-A338-C6B1F168274C

Deletion of registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar|B7D3E479-CC68-42B5-A338-C6B1F168274C failed!

Status: 0xc0000034

 

 

 

Could not delete registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|init

Deletion of registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|init failed!

Status: 0xc0000034

 

 

 

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11F09AFD-75AD-4E51-AB43-E09E9351CE16} not found!

Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11F09AFD-75AD-4E51-AB43-E09E9351CE16} failed!

Status: 0xc0000034

 

 

 

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6CFD436C-7AAD-4e50-992F-C0C87A94CAD2} not found!

Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6CFD436C-7AAD-4e50-992F-C0C87A94CAD2} failed!

Status: 0xc0000034

 

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C86488AF-13D5-4FEF-9DDF-9FB88698CFC1} deleted successfully.

 

 

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dad6277f-c7eb-4f7e-8b0d-4e03f37a8dbf} not found!

Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dad6277f-c7eb-4f7e-8b0d-4e03f37a8dbf} failed!

Status: 0xc0000034

 

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DE7C3CF0-4B15-11D1-ABED-709549C10000} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DFCB34B6-902D-426E-AE2B-1B294AE19F4F} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptimg deleted successfully.

 

 

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rpcc not found!

Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rpcc failed!

Status: 0xc0000034

 

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfys deleted successfully.

 

 

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BBBE1C1A-89F7-4AF6-ABD1-2B2EF2D7A73B} not found!

Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BBBE1C1A-89F7-4AF6-ABD1-2B2EF2D7A73B} failed!

Status: 0xc0000034

 

 

 

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FA9295D9-42ED-4CE1-B2F5-AF6401111196} not found!

Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FA9295D9-42ED-4CE1-B2F5-AF6401111196} failed!

Status: 0xc0000034

 

 

 

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7D3E479-CC68-42B5-A338-C6B1F168274C} not found!

Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7D3E479-CC68-42B5-A338-C6B1F168274C} failed!

Status: 0xc0000034

 

 

Completed script processing.

 

*******************

 

Finished! Terminate.

 

 

 

 

 

 

Log HijackThis

 

 

Logfile of HijackThis v1.99.1

Scan saved at 21:13:55, on 02/03/2007

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\csrss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\spoolsv.exe

D:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe

D:\WINDOWS\System32\alg.exe

D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

D:\Program Files\Alwil Software\Avast4\ashServ.exe

D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

D:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

D:\Program Files\Alwil Software\Avast4\ashWebSv.exe

D:\WINDOWS\Explorer.EXE

D:\WINDOWS\System32\wuauclt.exe

D:\WINDOWS\System32\VTTimer.exe

D:\WINDOWS\System32\VTtrayp.exe

D:\Program Files\Micro Application\TrueImage\TrueImageMonitor.exe

D:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe

D:\Program Files\Java\jre1.5.0_11\bin\jusched.exe

D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

D:\WINDOWS\System32\ctfmon.exe

D:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

D:\WINDOWS\System32\wpabaln.exe

C:\Program Files\HijackThis\HijackThis.exe

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hao123.union123.com/index.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar3.dll

O2 - BHO: (no name) - {b6913445-dff5-4a8a-8b0d-4e03f37a8dbf} - D:\WINDOWS\System32\4a8acfsb.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar3.dll

O3 - Toolbar: dcb6 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - (no file)

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [TrueImage Monitor] "D:\Program Files\Micro Application\TrueImage\TrueImageMonitor.exe"

O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "D:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"

O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [spySweeper] "D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray

O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [Configuration de la C-BOX] D:\Documents and Settings\Lenquette\Bureau\Cegetel\C-BOX\Wizard\QuickAccess.exe

O4 - HKCU\..\Run: [RocketDock] "D:\Program Files\RocketDock\RocketDock.exe"

O4 - HKCU\..\Run: [Regscan] D:\WINDOWS\System32\regscan.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1171312937656

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O23 - Service: 838D6A98 - Unknown owner - D:\WINDOWS\System32\838D6A98.EXE (file missing)

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - D:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe

O23 - Service: Adobe LM Service - Unknown owner - D:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: jsefusf - Unknown owner - D:\WINDOWS\System32\jsefusf.exe (file missing)

O23 - Service: System Local Kernel Service (kernel) - Unknown owner - D:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\Y3qiXLp9Rv.exe

O23 - Service: Microsoft Update Service (MOBILL) - Unknown owner - D:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE (file missing)

O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - D:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

O23 - Service: Windows User Mode Driver (UMWdfmgr) - Unknown owner - rundll32.exe (file missing)

regis56 Godlike Member

regis56

Posté(e)
Posté(e) (modifié)

Salut !

 

Comment se comporte le pc ?

 

Je préfère te dire tout suite qu'un dysfonctionnement est apparu pour un autre utilisateur

donc sauvegarde tes documents importants on ne sait jamais.

 

Ensuite fais ceci :

 

Télécharge la dernière version de Killbox -> http://www.downloads.subratam.org/KillBox.zip

Place le programme dans le répertoire qui te plaît (pas d'installation Windows)

 

- redémarre l'ordinateur en mode sans échec

 

-Maintenant Je vais te demander d'arrêter un service qui est lancé automatiquement en mode normal

et qui est lié à l'infection !

 

Démarrer > Exécuter et taper Services.msc puis OK

Choisir le mode "Etendu" (onglets inférieurs)

Grâce à la barre de défilement (à droite) rechercher le service suivant:

 

838D6A98

 

Quand le service est trouvé, pointer dessus, double-cliquer (bouton gauche).

Dans la fenêtre suivante qui apparait, sous l'onglet Général cliquer sur le bouton Arrêter,

puis dérouler le Type de Démarrage pour le modifier en Désactivé

Cliquer sur Appliquer puis OK

 

Recommence avec ceux là :

jsefusf

System Local Kernel Service

Microsoft Update Service

Windows User Mode Driver

 

Lancer Hijackthis, choisir Open the Misc.Tools section

la fenêtre "Configuration" va s'ouvrir

cliquer sur Delete a NT service...

la fenêtre "Delete a Windows NT service" va s'ouvrir

Entrer dans la zone de dialogue :

 

838D6A98

 

Note : assurez-vous de ne mettre d'espace, ni avant, ni après !

cliquer OK

 

Une autre fenêtre devrait s'ouvrir, donnant des informations sur le service et demandant si vous voulez re-démarrer.

Cliquer NO

 

Recommence avec ceux là :

jsefusf

kernel

MOBILL

UMWdfmgr

 

-Maintenant on va modifier la base de registres pour éliminer les lignes liées a l'infection !

Lancer HijackThis, (scan only ou scanner seulement) cocher les lignes suivantes si présentes:

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hao123.union123.com/index.htm

O2 - BHO: (no name) - {b6913445-dff5-4a8a-8b0d-4e03f37a8dbf} - D:\WINDOWS\System32\4a8acfsb.dll

O3 - Toolbar: dcb6 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - (no file)

O4 - HKCU\..\Run: [Regscan] D:\WINDOWS\System32\regscan.exe

O23 - Service: 838D6A98 - Unknown owner - D:\WINDOWS\System32\838D6A98.EXE (file missing)

O23 - Service: jsefusf - Unknown owner - D:\WINDOWS\System32\jsefusf.exe (file missing)

O23 - Service: System Local Kernel Service (kernel) - Unknown owner - D:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\Y3qiXLp9Rv.exe

O23 - Service: Microsoft Update Service (MOBILL) - Unknown owner - D:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE (file missing)

O23 - Service: Windows User Mode Driver (UMWdfmgr) - Unknown owner - rundll32.exe (file missing)

 

Fermer tous les programmes et navigateur, et Cliquer sur Fix Checked

 

- lance Pocket Killbox

--- choisis l'option Delete on Reboot

---- copie la liste ci-dessous, des fichiers à supprimer (Ctrl-C) et File / Paste from Clipboard

D:\WINDOWS\System32\4a8acfsb.dll

D:\WINDOWS\System32\regscan.exe

D:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\Y3qiXLp9Rv.exe

* les boutons "Single File" et "All Files" deviennent actifs mais "Single File" est activé par défaut.

Il faut alors impérativement activer (cliquer sur) "All Files", impérativement, sinon seul le premier de la liste sera supprimé.

--- vérifie que tous les fichiers sont enregistrés, par la liste déroulante "Full Path of File to Delete"

--- /!\ ATTENTION si un ou des fichiers ".dll" sont présents dans la liste les mettrent en début de liste , et coche "Unregister .dll Before Deleting".

--- clique sur la croix blanche sur fond rouge (Delete File) :

 

- "File will be Removed on Reboot, Do you want to reboot now?", réponds OUI si tu es prêt à procéder

 

Si Pocket KillBox ne fait pas redémarrer le PC, redémarre le toi même.

 

Tu pourras trouver un tutorial complet et détaillé par Jesses : http://perso.wanadoo.fr/jesses/Docs/Logiciels/KillBox.htm

 

remet un rapport hijackthis puis :

 

Fais un scan en ligne ici stp :

http://www.kaspersky.com/virusscanner

tuto d'aide ici

http://www.malekal.com/scan_Av_en_ligne.html

 

A plus.

Modifié par regis56
c3d28 Member

c3d28

Posté(e)
  • Auteur
Posté(e)

Salut !

Il se porte très bien lorsque je suis sur I.E il n'y a pas de problème aucune page s'ouvre et la seul toolbar que j'ai c'est celle de Google !! De plus à l'ouverture de l'ordinateur Avast ne signale plus de virus !

En revanche lorsque je clique droit sur l'espace vide de la barre google , j'ai encore la possiblité de mettre Dcb6 l'un des problème qu'il y avait tout à l'heure !

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...