Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Infection due à TvAnts

Zerocool81
 Partager

Messages recommandés

regis56 Godlike Member

regis56

Posté(e)
Posté(e)

Bonsoir !

 

Le script est pret merci a ceux qui m'auront aidé sur le coup :P

 

Voici ce que tu vas faire STP :

 

On va créer un outil pour modifier la base de registre pour éliminer les traces d'infections !

 

1/Faire une sauvegarde du registre

Cliquer sur démarrer/executer

Taper ou copier/coller :

regedit /e Sav.reg

Cliquer sur Ok

Le fichier de sauvegarde se trouve ici

C:\Documents and Settings\Le nom de ta session\Sav.reg

 

2/ Créer un fichier Bloc Notes avec le texte qui se trouve dans l'espace "code" ci-dessous (copie/colle, sans le mot "Code"=>Attention pas de ligne vierge avant REGEDIT4 ) :

 

---code---

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"Userinit"="%WINDIR%\\system32\\userinit.exe,"

 

---code---

 

 

-Enregistre ce fichier dans : Bureau

-Nom du fichier : %SYSTEMDRIVE%\restore.reg

-Type : tous les fichiers

-cliquer sur Enregistrer

 

Ensuite :

 

Imprime cette page pour pouvoir suivre toutes les instructions pendant la procédure

 

1. Télécharger The Avenger par Swandog46 sur votre Bureau.

  • Click sur Avenger.zip pour ouvrir le fichier
  • Extraire avenger.exe sur votre bureau

2. Copier tout le texte de la boîte ci-dessous : mettre en surbrillance et appuyer sur les touches(Ctrl+C):

 

Drivers to unload:

ast

https

hidproc

bdwxbni

ffpbek

 

Registry values to delete:

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | http://hao123.union123.com/index.htm

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini | UserInit

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar | 03465FF5-00AE-411a-9C34-960ED566EC03

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar | DFCB34B6-902D-426E-AE2B-1B294AE19F4F

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | D:\Windows\System32\drivers\ttp.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | sdafdsafds

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | tcpipmon

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | System

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | qfv4c3g7xm

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | 9cu

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | Regscan

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar | B7D3E479-CC68-42B5-A338-C6B1F168274C

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | init

 

 

Registry keys to delete:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11F09AFD-75AD-4E51-AB43-E09E9351CE16}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6CFD436C-7AAD-4e50-992F-C0C87A94CAD2}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C86488AF-13D5-4FEF-9DDF-9FB88698CFC1}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dad6277f-c7eb-4f7e-8b0d-4e03f37a8dbf}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DE7C3CF0-4B15-11D1-ABED-709549C10000}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DFCB34B6-902D-426E-AE2B-1B294AE19F4F}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptimg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rpcc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Client IP-IPX

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\System Local Kernel Service

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Logon

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Windows User Mode Driver

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BBBE1C1A-89F7-4AF6-ABD1-2B2EF2D7A73B}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FA9295D9-42ED-4CE1-B2F5-AF6401111196}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7D3E479-CC68-42B5-A338-C6B1F168274C}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysReplaceOldServers

 

 

Files to delete:

%WINDIR%\4y9s.dll

%WINDIR%\sclgntfys.dll

%SYSTEMDRIVE%\WINDOWS9xro366yo.dll

%WINDIR%\system32\winsys16_070221.dll

%WINDIR%\system32\cryptimg.dll

%WINDIR%\system32\4e64ntos.dll

%WINDIR%\system32\cnwin.dll

%WINDIR%\system32\drivers\__delete_on_reboot__r_e_s_t_o_r_e_._d_l_l_

%WINDIR%\system32\drivers\ast.sys

%WINDIR%\System32\drivers\restore.ini

%WINDIR%\System32\drivers\https.sys

%WINDIR%\system32\drivers\hidproc.sys

%WINDIR%\bar.exe

%WINDIR%\rising128.exe

%WINDIR%\system32\2100qqgm.exe

%WINDIR%\system32\cacheur.exe

%WINDIR%\system32\12.exe

%WINDIR%\system32\1010s.exe

%WINDIR%\system32\UniBar.exe

%WINDIR%\system32\bind_50099.exe~

%WINDIR%\system32\unsvchosts.exe

%WINDIR%\system32\aswBoot.exe

%WINDIR%\system32\mctet.dll

%WINDIR%\system32\umtcap.dll

%WINDIR%\system32\cnwin.dll

%WINDIR%\system32\4f7ecfsb.dll

%WINDIR%\system32\4e64ntos.dll

%WINDIR%\system32\ffudf.exe

%WINDIR%\system32\dufs1.exe

%WINDIR%\system32\dufs2.exe

%WINDIR%\system32\jsefusf.exe

%WINDIR%\system32\drivers\bdwxbni.sys

%WINDIR%\system32\drivers\ffpbek.sys

%WINDIR%\system32\advport.dll

%WINDIR%\system32\wbem\ocmor.dll

%WINDIR%\System32\tcpipmon.exe

%SYSTEMDRIVE%\Documents and Settings\All Users\Application Data\Microsoft\Office\USERDATA\n8JRjXqheJ_2002.dll

%APPDATA%\Fichiers communs\CPUSH\cpush0.dll

%WINDIR%\System32\drivers\ttp.exe

%WINDIR%\temp\162.exe

%APPDATA%\Fichiers communs\System\Updaterun.exe

%SYSTEMDRIVE%\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\BkD1C4M4i3.exe

%WINDIR%\System32\AlxRes070221.exe

%WINDIR%\System32\scrsys070221.scr

%WINDIR%\System32\scrsys16_070221.scr

%WINDIR%\System32\winsys16_070221.dll

%WINDIR%\System32\winsys32_070221.dll

%WINDIR%\System32\winsys.ini

%SYSTEMDRIVE%\myplay.pif

%WINDIR%\SYSTEM32\RUNDLLFROMWIN2000.EXE

%WINDIR%\System32\regscan.exe

%WINDIR%\4y9s.dll

%SYSTEMDRIVE%\unwise.exe

%WINDIR%\System32\drivers\DJPXEKRXGMTBIP.DAT

%WINDIR%\sysinit.obi

%WINDIR%\bd9.exe

%WINDIR%\bd7.exe

%WINDIR%\bd5.exe

%WINDIR%\bd4.exe

%WINDIR%\bd3.exe

%SYSTEMDRIVE%\WINDOWS30.exe

%WINDIR%\100.exe

%WINDIR%\bd2.exe

%WINDIR%\bd3.exe

%WINDIR%\bd4.exe

%WINDIR%\bd5.exe

%WINDIR%\bd7.exe

%WINDIR%\bd9.exe

%WINDIR%\system32\1249.exe

%WINDIR%\system32\57sex109.exe

%WINDIR%\system32\ad2273.exe

%WINDIR%\system32\bind_50259.exe

%WINDIR%\system32\DIOVDJRYFMSAGN.EXE

%WINDIR%\system32\dodolook207.exe

%WINDIR%\system32\msmgrupdate.exe

%WINDIR%\system32\poptang.exe

%WINDIR%\system32\sofa020.exe

%WINDIR%\system32\zy0002.exe

%WINDIR%\system32\_msinst.exe

%WINDIR%\system32\1F8g8gk0g.dll

%WINDIR%\system32\GMTZG.DLL

%WINDIR%\system32\mshtmll.dll

%WINDIR%\system32\PVBJQXEL.DLL

%WINDIR%\system32\safobj32.dll

%WINDIR%\system32\VBHNTAHNUBI.DLL

%WINDIR%\system32\YEMUCJPWDKPW.DLL

%WINDIR%\system32\AdCache

%WINDIR%\ndpQO.exe

 

 

Folders to delete:

%APPDATA%\superutilbar

%APPDATA%\fichiers communs\.

%APPDATA%\fichiers communs\..

%APPDATA%\Fichiers communs\CPUSH

%APPDATA%\fichiers communs\{589E5AE1-0640-1036-0820-040406110021}

%APPDATA%\.

%APPDATA%\..

%APPDATA%\²Æ¸»Í¨

%APPDATA%\SoftToolbar

%APPDATA%\TVAnts

 

programs to launch on reboot:

%systemdrive%\restore.reg

 

Note: Le code ci-dessus a été intentionnellement rédigé pour CET utilisateur.

si vous n'êtes pas CET utilisateur, NE PAS appliquer ces directives : elles pourraient endommager votre système.

 

3. Maintenant, lancer The Avenger en cliquant sur son icône du bureau.

  • Sous "Script file to execute" choisir "Input Script Manually".
  • Puis cliquer sur l'icône en forme de loupe qui va ouvrir une nouvelle fenêtre "View/edit script"
  • Dans cette fenêtre, coller le texte précedemment copié sur le bureau par les touches (Ctrl+V).
  • Cliquer Done
  • ensuite cliquer sur l'icône en forme de Feu Vert pour démarrer l'exécution du script
  • Répondre "Yes" deux fois quand demandé.

4. The Avenger va automatiquement faire ce qui suit:

  • Il va Re-démarrer le système. ( Dans les cas où le script contient un/des "Drivers to Unload", The Avenger re-démarrera votre système 2 fois.)
  • A l'invite "voulez vous vraiment ajouter les informations contenues dans restore.reg au registre" répondre oui
  • Pendant le re-démarrage, il apparaitra brièvement une fenêtre de commande de windows noire sur votre bureau, ceci est NORMAL.
  • Après le re-démarrage, il crée un fichier log qui s'ouvrira, faisant apparaitre les actions exécutées par The Avenger. Ce fichier log se trouve ici : C:\avenger.txt
  • The Avenger aura également sauvegardé tous les fichiers, etc., que vous lui avez demandé de supprimer, les aura compactés (zipped) et tranféré l'archive zip ici C:\avenger\backup.zip.

5. Pour finir copier/coller le contenu du ficher c:\avenger.txt dans votre réponse avec un nouveau log HijackThis en utilisant REPONDRE

 

A plus.

Zerocool81 Member

Zerocool81

Posté(e)
  • Auteur
Posté(e)

Voila le log Avenger

 

Logfile of The Avenger version 1, by Swandog46

Running from registry key:

\Registry\Machine\System\CurrentControlSet\Services\yqxpbnlx

 

*******************

 

Script file located at: \??\C:\WINDOWS\system32\vsoeomdl.txt

Script file opened successfully.

 

Script file read successfully

 

Backups directory opened successfully at C:\Avenger

 

*******************

 

Beginning to process script file:

 

 

 

Registry key \Registry\Machine\System\CurrentControlSet\Services\ast not found!

Unload of driver ast failed!

 

Could not process line:

ast

Status: 0xc0000034

 

 

 

Registry key \Registry\Machine\System\CurrentControlSet\Services\https not found!

Unload of driver https failed!

 

Could not process line:

https

Status: 0xc0000034

 

 

 

Registry key \Registry\Machine\System\CurrentControlSet\Services\hidproc not found!

Unload of driver hidproc failed!

 

Could not process line:

hidproc

Status: 0xc0000034

 

 

 

Registry key \Registry\Machine\System\CurrentControlSet\Services\bdwxbni not found!

Unload of driver bdwxbni failed!

 

Could not process line:

bdwxbni

Status: 0xc0000034

 

 

 

Registry key \Registry\Machine\System\CurrentControlSet\Services\ffpbek not found!

Unload of driver ffpbek failed!

 

Could not process line:

ffpbek

Status: 0xc0000034

 

 

 

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Client IP-IPX not found!

Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Client IP-IPX failed!

 

Could not process line:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Client IP-IPX

Status: 0xc0000034

 

 

 

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\System Local Kernel Service not found!

Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\System Local Kernel Service failed!

 

Could not process line:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\System Local Kernel Service

Status: 0xc0000034

 

 

 

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Logon not found!

Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Logon failed!

 

Could not process line:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Logon

Status: 0xc0000034

 

 

 

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Windows User Mode Driver not found!

Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Windows User Mode Driver failed!

 

Could not process line:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Windows User Mode Driver

Status: 0xc0000034

 

 

 

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysReplaceOldServers not found!

Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysReplaceOldServers failed!

 

Could not process line:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysReplaceOldServers

Status: 0xc0000034

 

 

 

File C:\WINDOWS\4y9s.dll not found!

Deletion of file C:\WINDOWS\4y9s.dll failed!

 

Could not process line:

C:\WINDOWS\4y9s.dll

Status: 0xc0000034

 

 

 

File C:\WINDOWS\sclgntfys.dll not found!

Deletion of file C:\WINDOWS\sclgntfys.dll failed!

 

Could not process line:

C:\WINDOWS\sclgntfys.dll

Status: 0xc0000034

 

 

 

File C:\WINDOWS9xro366yo.dll not found!

Deletion of file C:\WINDOWS9xro366yo.dll failed!

 

Could not process line:

C:\WINDOWS9xro366yo.dll

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\winsys16_070221.dll not found!

Deletion of file C:\WINDOWS\system32\winsys16_070221.dll failed!

 

Could not process line:

C:\WINDOWS\system32\winsys16_070221.dll

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\cryptimg.dll not found!

Deletion of file C:\WINDOWS\system32\cryptimg.dll failed!

 

Could not process line:

C:\WINDOWS\system32\cryptimg.dll

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\4e64ntos.dll not found!

Deletion of file C:\WINDOWS\system32\4e64ntos.dll failed!

 

Could not process line:

C:\WINDOWS\system32\4e64ntos.dll

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\cnwin.dll not found!

Deletion of file C:\WINDOWS\system32\cnwin.dll failed!

 

Could not process line:

C:\WINDOWS\system32\cnwin.dll

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\drivers\__delete_on_reboot__r_e_s_t_o_r_e_._d_l_l_ not found!

Deletion of file C:\WINDOWS\system32\drivers\__delete_on_reboot__r_e_s_t_o_r_e_._d_l_l_ failed!

 

Could not process line:

C:\WINDOWS\system32\drivers\__delete_on_reboot__r_e_s_t_o_r_e_._d_l_l_

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\drivers\ast.sys not found!

Deletion of file C:\WINDOWS\system32\drivers\ast.sys failed!

 

Could not process line:

C:\WINDOWS\system32\drivers\ast.sys

Status: 0xc0000034

 

 

 

File C:\WINDOWS\System32\drivers\restore.ini not found!

Deletion of file C:\WINDOWS\System32\drivers\restore.ini failed!

 

Could not process line:

C:\WINDOWS\System32\drivers\restore.ini

Status: 0xc0000034

 

 

 

File C:\WINDOWS\System32\drivers\https.sys not found!

Deletion of file C:\WINDOWS\System32\drivers\https.sys failed!

 

Could not process line:

C:\WINDOWS\System32\drivers\https.sys

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\drivers\hidproc.sys not found!

Deletion of file C:\WINDOWS\system32\drivers\hidproc.sys failed!

 

Could not process line:

C:\WINDOWS\system32\drivers\hidproc.sys

Status: 0xc0000034

 

 

 

File C:\WINDOWS\bar.exe not found!

Deletion of file C:\WINDOWS\bar.exe failed!

 

Could not process line:

C:\WINDOWS\bar.exe

Status: 0xc0000034

 

 

 

File C:\WINDOWS\rising128.exe not found!

Deletion of file C:\WINDOWS\rising128.exe failed!

 

Could not process line:

C:\WINDOWS\rising128.exe

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\2100qqgm.exe not found!

Deletion of file C:\WINDOWS\system32\2100qqgm.exe failed!

 

Could not process line:

C:\WINDOWS\system32\2100qqgm.exe

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\cacheur.exe not found!

Deletion of file C:\WINDOWS\system32\cacheur.exe failed!

 

Could not process line:

C:\WINDOWS\system32\cacheur.exe

Status: 0xc0000034

 

File C:\WINDOWS\system32\12.exe deleted successfully.

File C:\WINDOWS\system32\1010s.exe deleted successfully.

 

 

File C:\WINDOWS\system32\UniBar.exe not found!

Deletion of file C:\WINDOWS\system32\UniBar.exe failed!

 

Could not process line:

C:\WINDOWS\system32\UniBar.exe

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\bind_50099.exe~ not found!

Deletion of file C:\WINDOWS\system32\bind_50099.exe~ failed!

 

Could not process line:

C:\WINDOWS\system32\bind_50099.exe~

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\unsvchosts.exe not found!

Deletion of file C:\WINDOWS\system32\unsvchosts.exe failed!

 

Could not process line:

C:\WINDOWS\system32\unsvchosts.exe

Status: 0xc0000034

 

File C:\WINDOWS\system32\aswBoot.exe deleted successfully.

 

 

File C:\WINDOWS\system32\mctet.dll not found!

Deletion of file C:\WINDOWS\system32\mctet.dll failed!

 

Could not process line:

C:\WINDOWS\system32\mctet.dll

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\umtcap.dll not found!

Deletion of file C:\WINDOWS\system32\umtcap.dll failed!

 

Could not process line:

C:\WINDOWS\system32\umtcap.dll

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\cnwin.dll not found!

Deletion of file C:\WINDOWS\system32\cnwin.dll failed!

 

Could not process line:

C:\WINDOWS\system32\cnwin.dll

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\4f7ecfsb.dll not found!

Deletion of file C:\WINDOWS\system32\4f7ecfsb.dll failed!

 

Could not process line:

C:\WINDOWS\system32\4f7ecfsb.dll

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\4e64ntos.dll not found!

Deletion of file C:\WINDOWS\system32\4e64ntos.dll failed!

 

Could not process line:

C:\WINDOWS\system32\4e64ntos.dll

Status: 0xc0000034

 

File C:\WINDOWS\system32\ffudf.exe deleted successfully.

 

 

File C:\WINDOWS\system32\dufs1.exe not found!

Deletion of file C:\WINDOWS\system32\dufs1.exe failed!

 

Could not process line:

C:\WINDOWS\system32\dufs1.exe

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\dufs2.exe not found!

Deletion of file C:\WINDOWS\system32\dufs2.exe failed!

 

Could not process line:

C:\WINDOWS\system32\dufs2.exe

Status: 0xc0000034

 

File C:\WINDOWS\system32\jsefusf.exe deleted successfully.

 

 

File C:\WINDOWS\system32\drivers\bdwxbni.sys not found!

Deletion of file C:\WINDOWS\system32\drivers\bdwxbni.sys failed!

 

Could not process line:

C:\WINDOWS\system32\drivers\bdwxbni.sys

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\drivers\ffpbek.sys not found!

Deletion of file C:\WINDOWS\system32\drivers\ffpbek.sys failed!

 

Could not process line:

C:\WINDOWS\system32\drivers\ffpbek.sys

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\advport.dll not found!

Deletion of file C:\WINDOWS\system32\advport.dll failed!

 

Could not process line:

C:\WINDOWS\system32\advport.dll

Status: 0xc0000034

 

 

 

File C:\WINDOWS\system32\wbem\ocmor.dll not found!

Deletion of file C:\WINDOWS\system32\wbem\ocmor.dll failed!

 

Could not process line:

C:\WINDOWS\system32\wbem\ocmor.dll

Status: 0xc0000034

 

 

 

File C:\WINDOWS\System32\tcpipmon.exe not found!

Deletion of file C:\WINDOWS\System32\tcpipmon.exe failed!

 

Could not process line:

C:\WINDOWS\System32\tcpipmon.exe

Status: 0xc0000034

 

 

 

Could not open file C:\Documents and Settings\All Users\Application Data\Microsoft\Office\USERDATA\n8JRjXqheJ_2002.dll for deletion

Deletion of file C:\Documents and Settings\All Users\Application Data\Microsoft\Office\USERDATA\n8JRjXqheJ_2002.dll failed!

 

Could not process line:

C:\Documents and Settings\All Users\Application Data\Microsoft\Office\USERDATA\n8JRjXqheJ_2002.dll

Status: 0xc000003a

 

 

 

Could not open file C:\Documents and Settings\Zerocool\Application Data\Fichiers communs\CPUSH\cpush0.dll for deletion

Deletion of file C:\Documents and Settings\Zerocool\Application Data\Fichiers communs\CPUSH\cpush0.dll failed!

 

Could not process line:

C:\Documents and Settings\Zerocool\Application Data\Fichiers communs\CPUSH\cpush0.dll

Status: 0xc000003a

 

 

 

File C:\WINDOWS\System32\drivers\ttp.exe not found!

Deletion of file C:\WINDOWS\System32\drivers\ttp.exe failed!

 

Could not process line:

C:\WINDOWS\System32\drivers\ttp.exe

Status: 0xc0000034

 

 

 

File C:\WINDOWS\temp\162.exe not found!

Deletion of file C:\WINDOWS\temp\162.exe failed!

 

Could not process line:

C:\WINDOWS\temp\162.exe

Status: 0xc0000034

 

 

 

Could not open file C:\Documents and Settings\Zerocool\Application Data\Fichiers communs\System\Updaterun.exe for deletion

Deletion of file C:\Documents and Settings\Zerocool\Application Data\Fichiers communs\System\Updaterun.exe failed!

 

Could not process line:

C:\Documents and Settings\Zerocool\Application Data\Fichiers communs\System\Updaterun.exe

Status: 0xc000003a

 

 

 

Could not open file C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\BkD1C4M4i3.exe for deletion

Deletion of file C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\BkD1C4M4i3.exe failed!

 

Could not process line:

C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\BkD1C4M4i3.exe

Status: 0xc000003a

 

 

 

File C:\WINDOWS\System32\AlxRes070221.exe not found!

Deletion of file C:\WINDOWS\System32\AlxRes070221.exe failed!

 

Could not process line:

C:\WINDOWS\System32\AlxRes070221.exe

Status: 0xc0000034

 

 

 

File C:\WINDOWS\System32\scrsys070221.scr not found!

Deletion of file C:\WINDOWS\System32\scrsys070221.scr failed!

 

Could not process line:

C:\WINDOWS\System32\scrsys070221.scr

Status: 0xc0000034

 

 

 

File C:\WINDOWS\System32\scrsys16_070221.scr not found!

Deletion of file C:\WINDOWS\System32\scrsys16_070221.scr failed!

 

Could not process line:

C:\WINDOWS\System32\scrsys16_070221.scr

Status: 0xc0000034

 

 

 

File C:\WINDOWS\System32\winsys16_070221.dll not found!

Deletion of file C:\WINDOWS\System32\winsys16_070221.dll failed!

 

Could not process line:

C:\WINDOWS\System32\winsys16_070221.dll

Status: 0xc0000034

 

 

 

File C:\WINDOWS\System32\winsys32_070221.dll not found!

Deletion of file C:\WINDOWS\System32\winsys32_070221.dll failed!

 

Could not process line:

C:\WINDOWS\System32\winsys32_070221.dll

Status: 0xc0000034

 

 

 

File C:\WINDOWS\System32\winsys.ini not found!

Deletion of file C:\WINDOWS\System32\winsys.ini failed!

 

Could not process line:

C:\WINDOWS\System32\winsys.ini

Status: 0xc0000034

 

 

 

File C:\myplay.pif not found!

Deletion of file C:\myplay.pif failed!

 

Could not process line:

C:\myplay.pif

Status: 0xc0000034

 

 

 

File C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE not found!

Deletion of file C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE failed!

 

Could not process line:

C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE

Status: 0xc0000034

 

 

 

File C:\WINDOWS\System32\regscan.exe not found!

Deletion of file C:\WINDOWS\System32\regscan.exe failed!

 

Could not process line:

C:\WINDOWS\System32\regscan.exe

Status: 0xc0000034

 

 

 

File C:\WINDOWS\4y9s.dll not found!

Deletion of file C:\WINDOWS\4y9s.dll failed!

 

Could not process line:

C:\WINDOWS\4y9s.dll

Status: 0xc0000034

 

File C:\unwise.exe deleted successfully.

File C:\WINDOWS\System32\drivers\DJPXEKRXGMTBIP.DAT deleted successfully.

File C:\WINDOWS\sysinit.obi deleted successfully.

File C:\WINDOWS\bd9.exe deleted successfully.

File C:\WINDOWS\bd7.exe deleted successfully.

File C:\WINDOWS\bd5.exe deleted successfully.

File C:\WINDOWS\bd4.exe deleted successfully.

File C:\WINDOWS\bd3.exe deleted successfully.

 

 

File C:\WINDOWS30.exe not found!

Deletion of file C:\WINDOWS30.exe failed!

 

Could not process line:

C:\WINDOWS30.exe

Status: 0xc0000034

 

File C:\WINDOWS\100.exe deleted successfully.

File C:\WINDOWS\bd2.exe deleted successfully.

 

 

File C:\WINDOWS\bd3.exe not found!

Deletion of file C:\WINDOWS\bd3.exe failed!

 

Could not process line:

C:\WINDOWS\bd3.exe

Status: 0xc0000034

 

 

 

File C:\WINDOWS\bd4.exe not found!

Deletion of file C:\WINDOWS\bd4.exe failed!

 

Could not process line:

C:\WINDOWS\bd4.exe

Status: 0xc0000034

 

 

 

File C:\WINDOWS\bd5.exe not found!

Deletion of file C:\WINDOWS\bd5.exe failed!

 

Could not process line:

C:\WINDOWS\bd5.exe

Status: 0xc0000034

 

 

 

File C:\WINDOWS\bd7.exe not found!

Deletion of file C:\WINDOWS\bd7.exe failed!

 

Could not process line:

C:\WINDOWS\bd7.exe

Status: 0xc0000034

 

 

 

File C:\WINDOWS\bd9.exe not found!

Deletion of file C:\WINDOWS\bd9.exe failed!

 

Could not process line:

C:\WINDOWS\bd9.exe

Status: 0xc0000034

 

File C:\WINDOWS\system32\1249.exe deleted successfully.

File C:\WINDOWS\system32\57sex109.exe deleted successfully.

File C:\WINDOWS\system32\ad2273.exe deleted successfully.

File C:\WINDOWS\system32\bind_50259.exe deleted successfully.

File C:\WINDOWS\system32\DIOVDJRYFMSAGN.EXE deleted successfully.

File C:\WINDOWS\system32\dodolook207.exe deleted successfully.

File C:\WINDOWS\system32\msmgrupdate.exe deleted successfully.

File C:\WINDOWS\system32\poptang.exe deleted successfully.

File C:\WINDOWS\system32\sofa020.exe deleted successfully.

File C:\WINDOWS\system32\zy0002.exe deleted successfully.

File C:\WINDOWS\system32\_msinst.exe deleted successfully.

File C:\WINDOWS\system32\1F8g8gk0g.dll deleted successfully.

File C:\WINDOWS\system32\GMTZG.DLL deleted successfully.

File C:\WINDOWS\system32\mshtmll.dll deleted successfully.

File C:\WINDOWS\system32\PVBJQXEL.DLL deleted successfully.

File C:\WINDOWS\system32\safobj32.dll deleted successfully.

File C:\WINDOWS\system32\VBHNTAHNUBI.DLL deleted successfully.

File C:\WINDOWS\system32\YEMUCJPWDKPW.DLL deleted successfully.

 

 

Error: C:\WINDOWS\system32\AdCache is a folder, not a file!

Deletion of file C:\WINDOWS\system32\AdCache failed!

 

Could not process line:

C:\WINDOWS\system32\AdCache

Status: 0xc00000ba

 

File C:\WINDOWS\ndpQO.exe deleted successfully.

 

 

Folder C:\Documents and Settings\Zerocool\Application Data\superutilbar not found!

Deletion of folder C:\Documents and Settings\Zerocool\Application Data\superutilbar failed!

 

Could not process line:

C:\Documents and Settings\Zerocool\Application Data\superutilbar

Status: 0xc0000034

 

 

 

Could not open folder C:\Documents and Settings\Zerocool\Application Data\fichiers communs\. for deletion

Deletion of folder C:\Documents and Settings\Zerocool\Application Data\fichiers communs\. failed!

 

Could not process line:

C:\Documents and Settings\Zerocool\Application Data\fichiers communs\.

Status: 0xc000003a

 

 

 

Could not open folder C:\Documents and Settings\Zerocool\Application Data\fichiers communs\.. for deletion

Deletion of folder C:\Documents and Settings\Zerocool\Application Data\fichiers communs\.. failed!

 

Could not process line:

C:\Documents and Settings\Zerocool\Application Data\fichiers communs\..

Status: 0xc000003a

 

 

 

Could not open folder C:\Documents and Settings\Zerocool\Application Data\Fichiers communs\CPUSH for deletion

Deletion of folder C:\Documents and Settings\Zerocool\Application Data\Fichiers communs\CPUSH failed!

 

Could not process line:

C:\Documents and Settings\Zerocool\Application Data\Fichiers communs\CPUSH

Status: 0xc000003a

 

 

 

Could not open folder C:\Documents and Settings\Zerocool\Application Data\fichiers communs\{589E5AE1-0640-1036-0820-040406110021} for deletion

Deletion of folder C:\Documents and Settings\Zerocool\Application Data\fichiers communs\{589E5AE1-0640-1036-0820-040406110021} failed!

 

Could not process line:

C:\Documents and Settings\Zerocool\Application Data\fichiers communs\{589E5AE1-0640-1036-0820-040406110021}

Status: 0xc000003a

 

 

 

Could not open folder C:\Documents and Settings\Zerocool\Application Data\. for deletion

Deletion of folder C:\Documents and Settings\Zerocool\Application Data\. failed!

 

Could not process line:

C:\Documents and Settings\Zerocool\Application Data\.

Status: 0xc0000033

 

 

 

Could not open folder C:\Documents and Settings\Zerocool\Application Data\.. for deletion

Deletion of folder C:\Documents and Settings\Zerocool\Application Data\.. failed!

 

Could not process line:

C:\Documents and Settings\Zerocool\Application Data\..

Status: 0xc0000033

 

 

 

Folder C:\Documents and Settings\Zerocool\Application Data\²Æ¸»Í¨ not found!

Deletion of folder C:\Documents and Settings\Zerocool\Application Data\²Æ¸»Í¨ failed!

 

Could not process line:

C:\Documents and Settings\Zerocool\Application Data\²Æ¸»Í¨

Status: 0xc0000034

 

 

 

Folder C:\Documents and Settings\Zerocool\Application Data\SoftToolbar not found!

Deletion of folder C:\Documents and Settings\Zerocool\Application Data\SoftToolbar failed!

 

Could not process line:

C:\Documents and Settings\Zerocool\Application Data\SoftToolbar

Status: 0xc0000034

 

 

 

Folder C:\Documents and Settings\Zerocool\Application Data\TVAnts not found!

Deletion of folder C:\Documents and Settings\Zerocool\Application Data\TVAnts failed!

 

Could not process line:

C:\Documents and Settings\Zerocool\Application Data\TVAnts

Status: 0xc0000034

 

 

 

Could not delete registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main|http://hao123.union123.com/index.htm

Deletion of registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main|http://hao123.union123.com/index.htm failed!

Status: 0xc0000034

 

 

 

Could not delete registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini|UserInit

Deletion of registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini|UserInit failed!

Status: 0xc0000034

 

 

 

Could not delete registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar|03465FF5-00AE-411a-9C34-960ED566EC03

Deletion of registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar|03465FF5-00AE-411a-9C34-960ED566EC03 failed!

Status: 0xc0000034

 

 

 

Could not delete registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar|DFCB34B6-902D-426E-AE2B-1B294AE19F4F

Deletion of registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar|DFCB34B6-902D-426E-AE2B-1B294AE19F4F failed!

Status: 0xc0000034

 

 

 

Could not delete registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|D:\Windows\System32\drivers\ttp.exe

Deletion of registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|D:\Windows\System32\drivers\ttp.exe failed!

Status: 0xc0000034

 

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|sdafdsafds deleted successfully.

 

 

Could not delete registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|tcpipmon

Deletion of registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|tcpipmon failed!

Status: 0xc0000034

 

 

 

Could not delete registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|System

Deletion of registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|System failed!

Status: 0xc0000034

 

 

 

Could not delete registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|qfv4c3g7xm

Deletion of registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|qfv4c3g7xm failed!

Status: 0xc0000034

 

 

 

Could not delete registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|9cu

Deletion of registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|9cu failed!

Status: 0xc0000034

 

 

 

Could not delete registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Regscan

Deletion of registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Regscan failed!

Status: 0xc0000034

 

 

 

Could not delete registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar|B7D3E479-CC68-42B5-A338-C6B1F168274C

Deletion of registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar|B7D3E479-CC68-42B5-A338-C6B1F168274C failed!

Status: 0xc0000034

 

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|init deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11F09AFD-75AD-4E51-AB43-E09E9351CE16} deleted successfully.

 

 

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6CFD436C-7AAD-4e50-992F-C0C87A94CAD2} not found!

Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6CFD436C-7AAD-4e50-992F-C0C87A94CAD2} failed!

Status: 0xc0000034

 

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045} deleted successfully.

 

 

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C86488AF-13D5-4FEF-9DDF-9FB88698CFC1} not found!

Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C86488AF-13D5-4FEF-9DDF-9FB88698CFC1} failed!

Status: 0xc0000034

 

 

 

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dad6277f-c7eb-4f7e-8b0d-4e03f37a8dbf} not found!

Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dad6277f-c7eb-4f7e-8b0d-4e03f37a8dbf} failed!

Status: 0xc0000034

 

 

 

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DE7C3CF0-4B15-11D1-ABED-709549C10000} not found!

Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DE7C3CF0-4B15-11D1-ABED-709549C10000} failed!

Status: 0xc0000034

 

 

 

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DFCB34B6-902D-426E-AE2B-1B294AE19F4F} not found!

Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DFCB34B6-902D-426E-AE2B-1B294AE19F4F} failed!

Status: 0xc0000034

 

 

 

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptimg not found!

Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptimg failed!

Status: 0xc0000034

 

 

 

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rpcc not found!

Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rpcc failed!

Status: 0xc0000034

 

 

 

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfys not found!

Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfys failed!

Status: 0xc0000034

 

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BBBE1C1A-89F7-4AF6-ABD1-2B2EF2D7A73B} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FA9295D9-42ED-4CE1-B2F5-AF6401111196} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7D3E479-CC68-42B5-A338-C6B1F168274C} deleted successfully.

Program C:\restore.reg successfully set up to run once on reboot.

 

Completed script processing.

 

*******************

 

Finished! Terminate.

 

Log Hijackthis

 

Logfile of HijackThis v1.99.1

Scan saved at 19:19:08, on 02/03/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16414)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\166.exe

C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program Files\Apoint\Apntex.exe

C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\system32\wuauclt.exe

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\Documents and Settings\Zerocool\Bureau\A ranger\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wwww.cq223.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://wwww.cq223.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

F2 - REG:system.ini: UserInit=%WINDIR%\system32\userinit.exe,

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O3 - Toolbar: sofa - {B7D3E479-CC68-42B5-A338-C6B1F168274C} - C:\Program Files\SoftToolbar\soft.dll

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: ²Æ¸»Í¨ - {C1F0024B-8278-4999-B7E6-2718426D9FE6} - C:\Program Files\²Æ¸»Í¨\caif.dll (HKCU)

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/fr/

O15 - Trusted Zone: *.sony-europe.com

O15 - Trusted Zone: *.sonystyle-europe.com

O15 - Trusted Zone: *.vaio-link.com

O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{FC80CAE2-5754-4AE4-BF7D-91677E0C7955}: NameServer = 212.27.39.134

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: VESWinlogon - C:\WINDOWS\SYSTEM32\VESWinlogon.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: jsefusf - Unknown owner - C:\WINDOWS\system32\jsefusf.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: SysReplaceOldServers (ReplaceOldServers) - Unknown owner - C:\Windows\system32\DIOVDJRYFMSAGN.EXE (file missing)

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: ·þÎñÃû (svcname) - Unknown owner - C:\WINDOWS\system32\166.exe

O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe

O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\VAIO Entertainment\VzTaskScheduler.exe

O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe

O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe

O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)

O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)

O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

 

 

 

Voila encore merci :P

Zerocool81 Member

Zerocool81

Posté(e)
  • Auteur
Posté(e)

Je n'ai plus les pages chinoises qui s'affichent intempestivement, par contre j'ai un message d'erreur au démarrage (je vais redémarrer pour te dire exactement) et j'ai encore des processus inconnus quand je fais CTRL+ALT+SUPPR mais tu m'as débarassé du plus ennuyeux :P

Zerocool81 Member

Zerocool81

Posté(e)
  • Auteur
Posté(e)

Depuis que j'ai voulu redémarer je n'arrive plus à accéder à windows en effet au redémarage maintenant j'accède à l'invite d'ouverture de session(que j'avais désactivée au auparavant) et lorsque que je clique sur "l'icone" de mon nom d'utilisateur windows fait comme s'il fermait la session (changement de vos paramètres personnels, deconexion).

 

Voila j'espère que tu trouveras une explication logique et une solution à cela :P

Zerocool81 Member

Zerocool81

Posté(e)
  • Auteur
Posté(e) (modifié)

J'ai pas le choix de "administrateur" c'est juste mon compte qui s'affiche.

 

Sinon pour la réparation, c'est un portable avec windows déjà installé mais je vais essayer de metre le cd Vaio qu'ils m'ont fait créer quand je l'ai eu. Je te tiens au courant.

 

 

Edit : même chose en mode sans echec, que ce soit admin ou mon compte j'ai passage de chargement des paramètres personnels à enregistrement des paramètres...

Modifié par Zerocool81
Zerocool81 Member

Zerocool81

Posté(e)
  • Auteur
Posté(e)

La je suis un peu dans la "mouise" vu que la seule chose qu'on me propose c'est la reinstalation avec restauration de l'ordinateur à son état original. Ayant des données assez importantes dans "mes documents" je suis ouvert à toute autre suggestion :P

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...