Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

[résolu] Faux antivirus et fenêtres qui s'ouvrent toutes seules

microgolgi

Par microgolgi
dans Analyses et éradication malwares

 Partager

Messages recommandés

microgolgi Member

microgolgi

Posté(e)
  • Auteur
Posté(e)

re, merci pour ton aide.

 

VundoFix V6.5.7

 

Checking Java version...

 

Scan started at 10:30:37 26/08/2007

 

Listing files found while scanning....

 

C:\WINDOWS\system32\awvtt.dll

C:\WINDOWS\system32\ttvwa.bak1

C:\WINDOWS\system32\ttvwa.bak2

C:\WINDOWS\system32\ttvwa.ini

 

Beginning removal...

 

Attempting to delete C:\WINDOWS\system32\awvtt.dll

C:\WINDOWS\system32\awvtt.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\ttvwa.bak1

C:\WINDOWS\system32\ttvwa.bak1 Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\ttvwa.bak2

C:\WINDOWS\system32\ttvwa.bak2 Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\ttvwa.ini

C:\WINDOWS\system32\ttvwa.ini Has been deleted!

 

Performing Repairs to the registry.

Done!

 

VundoFix V6.5.7

 

Checking Java version...

 

Scan started at 14:23:02 26/08/2007

 

Listing files found while scanning....

 

C:\windows\system32\ftinspxg.exe

C:\windows\system32\maxjdmjb.dll

C:\WINDOWS\system32\mlnmp.bak1

C:\WINDOWS\system32\mlnmp.bak2

C:\WINDOWS\system32\mlnmp.ini

C:\WINDOWS\system32\pmnlm.dll

 

Beginning removal...

 

Attempting to delete C:\windows\system32\ftinspxg.exe

C:\windows\system32\ftinspxg.exe Has been deleted!

 

Attempting to delete C:\windows\system32\maxjdmjb.dll

C:\windows\system32\maxjdmjb.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\mlnmp.bak1

C:\WINDOWS\system32\mlnmp.bak1 Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\mlnmp.bak2

C:\WINDOWS\system32\mlnmp.bak2 Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\mlnmp.ini

C:\WINDOWS\system32\mlnmp.ini Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\pmnlm.dll

C:\WINDOWS\system32\pmnlm.dll Has been deleted!

 

Performing Repairs to the registry.

Done!

 

VundoFix V6.5.7

 

Checking Java version...

 

Scan started at 17:37:16 26/08/2007

 

Listing files found while scanning....

 

C:\WINDOWS\system32\cfhkj.bak1

C:\WINDOWS\system32\cfhkj.ini

C:\WINDOWS\system32\jkhfc.dll

C:\windows\system32\mgcenlry.exe

C:\windows\system32\ustvytly.dll

 

Beginning removal...

 

Attempting to delete C:\WINDOWS\system32\cfhkj.bak1

C:\WINDOWS\system32\cfhkj.bak1 Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\cfhkj.ini

C:\WINDOWS\system32\cfhkj.ini Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\jkhfc.dll

C:\WINDOWS\system32\jkhfc.dll Could not be deleted.

 

Attempting to delete C:\windows\system32\mgcenlry.exe

C:\windows\system32\mgcenlry.exe Has been deleted!

 

Attempting to delete C:\windows\system32\ustvytly.dll

C:\windows\system32\ustvytly.dll Has been deleted!

 

Performing Repairs to the registry.

Done!

 

Beginning removal...

 

Attempting to delete C:\WINDOWS\system32\jkhfc.dll

C:\WINDOWS\system32\jkhfc.dll Has been deleted!

 

Performing Repairs to the registry.

Done!

 

VundoFix V6.5.7

 

Checking Java version...

 

Scan started at 18:51:55 26/08/2007

 

Listing files found while scanning....

 

C:\WINDOWS\system32\kjllm.bak1

C:\WINDOWS\system32\kjllm.ini

C:\WINDOWS\system32\mlljk.dll

 

Beginning removal...

 

Attempting to delete C:\WINDOWS\system32\kjllm.bak1

C:\WINDOWS\system32\kjllm.bak1 Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\kjllm.ini

C:\WINDOWS\system32\kjllm.ini Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\mlljk.dll

C:\WINDOWS\system32\mlljk.dll Has been deleted!

 

Performing Repairs to the registry.

Done!

 

VundoFix V6.5.7

 

Checking Java version...

 

Scan started at 14:32:44 30/08/2007

 

Listing files found while scanning....

 

C:\WINDOWS\system32\jkkll.dll

C:\WINDOWS\system32\llkkj.bak1

C:\WINDOWS\system32\llkkj.bak2

C:\WINDOWS\system32\llkkj.ini

 

Beginning removal...

 

Attempting to delete C:\WINDOWS\system32\jkkll.dll

C:\WINDOWS\system32\jkkll.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\llkkj.bak1

C:\WINDOWS\system32\llkkj.bak1 Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\llkkj.bak2

C:\WINDOWS\system32\llkkj.bak2 Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\llkkj.ini

C:\WINDOWS\system32\llkkj.ini Has been deleted!

 

Performing Repairs to the registry.

Done!

 

VundoFix V6.5.7

 

Checking Java version...

 

Scan started at 14:43:12 30/08/2007

 

Listing files found while scanning....

 

C:\WINDOWS\system32\rrutv.bak1

C:\WINDOWS\system32\rrutv.ini

C:\WINDOWS\system32\vturr.dll

 

Beginning removal...

 

Attempting to delete C:\WINDOWS\system32\rrutv.bak1

C:\WINDOWS\system32\rrutv.bak1 Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\rrutv.ini

C:\WINDOWS\system32\rrutv.ini Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\vturr.dll

C:\WINDOWS\system32\vturr.dll Could not be deleted.

 

Performing Repairs to the registry.

Done!

 

Beginning removal...

 

Attempting to delete C:\WINDOWS\system32\vturr.dll

C:\WINDOWS\system32\vturr.dll Has been deleted!

 

Performing Repairs to the registry.

Done!

 

VundoFix V6.5.7

 

Checking Java version...

 

Scan started at 14:50:50 30/08/2007

 

Listing files found while scanning....

 

No infected files were found.

 

 

VundoFix V6.5.7

 

Checking Java version...

 

Scan started at 14:58:44 30/08/2007

 

Listing files found while scanning....

 

No infected files were found.

 

 

VundoFix V6.5.7

 

Checking Java version...

 

Scan started at 18:54:42 30/08/2007

 

Listing files found while scanning....

 

C:\WINDOWS\system32\prutv.bak1

C:\WINDOWS\system32\prutv.ini

C:\WINDOWS\system32\vturp.dll

 

Beginning removal...

 

Attempting to delete C:\WINDOWS\system32\prutv.bak1

C:\WINDOWS\system32\prutv.bak1 Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\prutv.ini

C:\WINDOWS\system32\prutv.ini Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\vturp.dll

C:\WINDOWS\system32\vturp.dll Has been deleted!

 

Performing Repairs to the registry.

Done!

 

 

PAr contre j'ai plus de fenetres qui s'ouvrent.

bruce lee Devil Member !

bruce lee

Posté(e)
Posté(e)

Re,

 

Démarre en mode sans échec.

 

Réutilise le fichier reg que l'on a créer tout a l'heure (fixme.reg).

 

[*]Double-Clique sur OTMoveIt.exe pour le lancer.

[*]Copie le chemin des fichiers suivants en selectionnant TOUT et en appuyant sur CTRL+C (ou, après avoir sélectionner, clique-droit et choisis Copier) :

 

C:\WINDOWS\system32\yeppeljd.exe

C:\WINDOWS\system32\nnnkhfe.dll

  • Retourne dans OTMoveit, fais un clique-droit dans la fenêtre "Paste List of Files/Folders to be moved" et choisis Coller.
  • Clique sur le bouton rouge Moveit!.
  • Ferme OTMoveIt.
    Note : Si un fichier ou un dossier ne peut être déplacer immédiatement il te sera demander de redémarrer ta machine pour finir le processus. Si c'est le cas, choisis Yes.

Poste moi le rapport de OTMoveIT disponible ici : C:\_OTMoveIt\MovedFiles.

microgolgi Member

microgolgi

Posté(e)
  • Auteur
Posté(e)

C:\WINDOWS\system32\yeppeljd.exe moved successfully.

DllUnregisterServer procedure not found in C:\WINDOWS\system32\nnnkhfe.dll

C:\WINDOWS\system32\nnnkhfe.dll NOT unregistered.

File move failed. C:\WINDOWS\system32\nnnkhfe.dll scheduled to be moved on reboot.

 

Created on 08/30/2007 19:15:44

 

 

Logfile of HijackThis v1.99.1

Scan saved at 19:22:01, on 30/08/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe

C:\WINDOWS\System32\FTRTSVC.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

C:\WINDOWS\System32\svchost.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\SuperCopier2\SuperCopier2.exe

C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE

C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe

C:\PROGRA~1\Wanadoo\ComComp.exe

C:\PROGRA~1\Wanadoo\Toaster.exe

C:\PROGRA~1\Wanadoo\Inactivity.exe

C:\PROGRA~1\Wanadoo\PollingModule.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe

C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe

C:\WINDOWS\System32\alg.exe

C:\PROGRA~1\Wanadoo\Watch.exe

C:\Program Files\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.fr/spbasic.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.chemtable.com/order3.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {2E0290E5-1B58-40B5-9093-4EBD0FB5CB3A} - C:\WINDOWS\system32\vtutu.dll

O2 - BHO: (no name) - {38916424-DD75-4DDB-8335-79DF03A5E9C3} - C:\WINDOWS\system32\vturp.dll (file missing)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {60D13203-2DC3-4E31-8909-E70BEC38D9F8} - C:\WINDOWS\system32\nnnkhfe.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe

O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx

O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R

O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: offline-8876480 - {4B4DBA08-3C50-4119-8F13-A446EE1F511C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: nnnkhfe - C:\WINDOWS\SYSTEM32\nnnkhfe.dll

O20 - Winlogon Notify: vtutu - C:\WINDOWS\system32\vtutu.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

 

 

 

PAr cobtre, j'ai plein d'alert d'intrusion bloquée par Sunbelt

microgolgi Member

microgolgi

Posté(e)
  • Auteur
Posté(e)

Deckard's System Scanner v20070826.66

Run by jeremy on 2007-08-30 19:23:28

Computer is in Normal Mode.

--------------------------------------------------------------------------------

 

 

 

-- HijackThis (run as jeremy.exe) ----------------------------------------------

 

Logfile of HijackThis v1.99.1

Scan saved at 19:23:34, on 30/08/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe

C:\WINDOWS\System32\FTRTSVC.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

C:\WINDOWS\System32\svchost.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\SuperCopier2\SuperCopier2.exe

C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe

C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe

C:\WINDOWS\System32\alg.exe

C:\Documents and Settings\jeremy\Bureau\dss.exe

C:\PROGRA~1\HIJACK~1\jeremy.exe

C:\WINDOWS\system32\NOTEPAD.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.fr/spbasic.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.chemtable.com/order3.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {2E0290E5-1B58-40B5-9093-4EBD0FB5CB3A} - C:\WINDOWS\system32\vtutu.dll

O2 - BHO: (no name) - {38916424-DD75-4DDB-8335-79DF03A5E9C3} - C:\WINDOWS\system32\vturp.dll (file missing)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {60D13203-2DC3-4E31-8909-E70BEC38D9F8} - C:\WINDOWS\system32\nnnkhfe.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe

O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx

O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R

O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: offline-8876480 - {4B4DBA08-3C50-4119-8F13-A446EE1F511C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: nnnkhfe - C:\WINDOWS\SYSTEM32\nnnkhfe.dll

O20 - Winlogon Notify: vtutu - C:\WINDOWS\system32\vtutu.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

 

 

-- Files created between 2007-07-30 and 2007-08-30 -----------------------------

 

2007-08-30 19:05:07 6448 ---hs---- C:\WINDOWS\system32\ututv.bak1

2007-08-30 19:05:00 298080 --a------ C:\WINDOWS\system32\vtutu.dll

2007-08-30 18:37:14 0 d-------- C:\Program Files\Sunbelt Software

2007-08-30 15:31:31 0 d-------- C:\Documents and Settings\jeremy\Application Data\Grisoft

2007-08-30 15:31:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft

2007-08-30 13:51:33 0 d-------- C:\!KillBox

2007-08-30 13:34:09 0 d-------- C:\Program Files\Navilog1

2007-08-27 22:19:53 0 d-------- C:\Program Files\Picasa2

2007-08-26 20:24:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2007-08-26 20:24:09 0 d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard

2007-08-26 16:47:40 0 d-------- C:\Documents and Settings\jeremy\.housecall6.6

2007-08-26 16:45:57 69689 --a------ C:\WINDOWS\UNZIP.DLL <Not Verified; Trend Micro Inc.; Trend Active Update 1.32>

2007-08-26 16:45:57 507904 --a------ C:\WINDOWS\TMUPDATE.DLL <Not Verified; Trend Micro Inc.; ActiveUpdate Module>

2007-08-26 16:45:56 286720 --a------ C:\WINDOWS\PATCH.EXE <Not Verified; Trend Micro Inc.; ActiveUpdate Module>

2007-08-26 10:30:37 0 d-------- C:\VundoFix Backups

2007-08-25 18:48:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2007-08-25 18:39:40 0 d-------- C:\Program Files\Lavasoft

2007-08-24 14:38:23 0 d-------- C:\Documents and Settings\jeremy\Application Data\Creative

2007-08-24 12:48:59 0 d-------- C:\WINDOWS\system32\NtmsData

2007-08-24 12:27:41 25088 -----n--- C:\WINDOWS\system32\CTSVCCTL.EXE <Not Verified; Creative Technology Ltd; Creative Service Control>

2007-08-24 12:27:41 44032 -----n--- C:\WINDOWS\system32\CTSVCCDA.EXE <Not Verified; Creative Technology Ltd; Creative Service for CDROM Access>

2007-08-24 12:23:12 38402 -----n--- C:\WINDOWS\system32\drivers\StMp3Rec.sys <Not Verified; Generic; Generic MP3 Player>

2007-08-24 12:20:09 0 d-------- C:\Program Files\Creative

2007-08-23 21:25:04 43542 --a------ C:\WINDOWS\system32\nnnkhfe.dll

2007-08-22 17:12:27 0 dr-h----- C:\Documents and Settings\jeremy\Application Data\SecuROM

2007-08-22 17:12:26 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >

2007-08-22 17:08:37 0 d-------- C:\Program Files\Ubisoft

2007-08-22 17:00:50 685816 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2007-08-16 16:32:42 0 d-------- C:\Program Files\MSXML 6.0

2007-08-12 20:30:58 102400 --a------ C:\WINDOWS\system32\CmutEuro32.dll <Not Verified; Euro Information; Librairie Europe commune Crédit Mutuel et CIC>

2007-08-12 20:30:58 176128 --a------ C:\WINDOWS\calceuro.exe <Not Verified; Euro-Information; CALCEURO>

2007-08-12 20:30:56 0 d-------- C:\Program Files\CyberMUT

2007-08-12 20:28:04 0 d-------- C:\Documents and Settings\jeremy\Application Data\Grisbi

2007-08-05 14:44:46 0 d-------- C:\Documents and Settings\jeremy\Application Data\uTorrent

2007-08-02 19:41:09 37027 --a------ C:\WINDOWS\atmoUn.exe

2007-08-02 19:41:07 0 d-------- C:\Program Files\Viewpoint

2007-08-02 19:41:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint

2007-08-01 19:08:55 0 d-------- C:\Documents and Settings\jeremy\Application Data\MySpace

2007-08-01 19:08:52 0 d-------- C:\Program Files\MySpace

 

 

-- Find3M Report ---------------------------------------------------------------

 

2007-08-30 19:23:24 0 d-------- C:\Program Files\Wanadoo

2007-08-27 22:20:04 0 d-------- C:\Program Files\Google

2007-08-26 20:24:09 0 d-------- C:\Program Files\Fichiers communs

2007-08-26 19:24:27 506796 --a------ C:\WINDOWS\system32\perfh00C.dat

2007-08-26 19:24:27 84354 --a------ C:\WINDOWS\system32\perfc00C.dat

2007-08-26 12:40:23 0 d-------- C:\Documents and Settings\jeremy\Application Data\dvdcss

2007-08-24 12:30:25 0 d--h----- C:\Program Files\InstallShield Installation Information

2007-08-16 23:31:34 0 d-------- C:\Documents and Settings\jeremy\Application Data\AdobeUM

2007-07-28 10:06:40 0 d-------- C:\Documents and Settings\jeremy\Application Data\Serif

2007-07-26 20:14:23 30720 --a------ C:\WINDOWS\6816White12.dat

2007-07-26 20:14:23 4 --a------ C:\WINDOWS\6816Error.dat

2007-07-26 20:14:19 30720 --a------ C:\WINDOWS\6816Dark12.dat

2007-07-26 20:14:15 3 --a------ C:\WINDOWS\6816Offset.dat

2007-07-26 20:14:15 3 --a------ C:\WINDOWS\6816Gain.dat

2007-07-26 20:14:15 6 --a------ C:\WINDOWS\6816Exposure.dat

2007-07-22 16:32:49 0 d-------- C:\Program Files\TagRename

2007-07-22 16:17:38 0 d-------- C:\Program Files\Free Audio Pack

2007-07-15 22:09:23 0 d-------- C:\Documents and Settings\jeremy\Application Data\EoRezo

2007-07-15 22:05:53 0 d-------- C:\Documents and Settings\jeremy\Application Data\ItsLabel

2007-07-13 23:03:49 0 d-------- C:\Program Files\Windows Media Connect 2

2007-07-13 21:28:19 0 d-------- C:\Program Files\Messenger Plus! Live

2007-07-13 21:28:18 0 d-------- C:\Program Files\Windows Live

2007-07-13 21:28:18 0 d-------- C:\Program Files\MSN Messenger

2007-07-02 07:56:03 0 d-------- C:\Program Files\Winamp

2007-06-17 22:20:31 79 --a------ C:\WINDOWS\system32\netwbix32.dll

2007-06-15 23:50:21 1277 --a------ C:\WINDOWS\mozver.dat

 

 

-- Registry Dump ---------------------------------------------------------------

 

*Note* empty entries & legit default entries are not shown

 

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2E0290E5-1B58-40B5-9093-4EBD0FB5CB3A}]

30/08/2007 19:05 298080 --a------ C:\WINDOWS\system32\vtutu.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{38916424-DD75-4DDB-8335-79DF03A5E9C3}]

C:\WINDOWS\system32\vturp.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{60D13203-2DC3-4E31-8909-E70BEC38D9F8}]

23/08/2007 21:25 43542 --a------ C:\WINDOWS\system32\nnnkhfe.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [19/04/2007 13:26]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [28/07/2007 00:03]

"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 11:25]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [19/08/2004 17:09]

"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [12/02/2007 19:30]

"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [07/07/2006 18:45]

"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [23/08/2004 14:50]

"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [02/12/2004 18:23]

"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [17/08/2007 22:48]

 

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [24/10/2003 06:37:56]

Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [12/02/2007 19:30:42]

Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [26/06/2007 22:36:46]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableRegistryTools"=0 (0x0)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{60D13203-2DC3-4E31-8909-E70BEC38D9F8}"= C:\WINDOWS\system32\nnnkhfe.dll [23/08/2007 21:25 43542]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnkhfe]

nnnkhfe.dll 23/08/2007 21:25 43542 C:\WINDOWS\system32\nnnkhfe.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtutu]

C:\WINDOWS\system32\vtutu.dll 30/08/2007 19:05 298080 C:\WINDOWS\system32\vtutu.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

@="Volume shadow copy"

 

 

 

 

-- End of Deckard's System Scanner: finished at 2007-08-30 19:25:33 ------------

bruce lee Devil Member !

bruce lee

Posté(e)
Posté(e)

Re,

 

Relance vundofix une nouvelle fois s'il te plait puis poste le rapport.

 

1/telecharge silent runners http://www.silentrunners.org/Silent%20Runners.vbs

(fait clique droit sur le lien, puis enregistrer la cible sous)

 

2/déconnecte toi du net et ferme toutes les applications en cours.

 

3/lance silent runners laisse le travailler quand il aura finit de scanner tu en sauras averti par un message et un nouveau fichier texte sera crée ouvre ce fichier texte et colle la totalité du rapport.

 

 

Télécharge RegSearch.exe (Registry Search de Bobbi Flekman) -> http://www.bleepingcomputer.com/files/misc/RegSearch.zip

- Dézippe dans un répertoire dédié tel que C:\Program Files

 

- Double clique sur RegSearch.exe

 

- Copie colle nnnkhfe.dll dans la première ligne de la zone de recherche

 

- Clique sur OK

 

- Après recherche, le bloc-notes ouvre une fenêtre "RegSearch.txt" avec toutes les instances trouvées

 

- Le fichier est en outre sauvegardé dans le même répertoire que celui de RegSearch

 

- Copie-colle le contenu de la fenêtre dans un post, ici

 

- Ferme le bloc-notes

 

- Ferme RegSearch par Cancel

microgolgi Member

microgolgi

Posté(e)
  • Auteur
Posté(e)

VundoFix V6.5.7

 

Checking Java version...

 

Scan started at 10:30:37 26/08/2007

 

Listing files found while scanning....

 

C:\WINDOWS\system32\awvtt.dll

C:\WINDOWS\system32\ttvwa.bak1

C:\WINDOWS\system32\ttvwa.bak2

C:\WINDOWS\system32\ttvwa.ini

 

Beginning removal...

 

Attempting to delete C:\WINDOWS\system32\awvtt.dll

C:\WINDOWS\system32\awvtt.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\ttvwa.bak1

C:\WINDOWS\system32\ttvwa.bak1 Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\ttvwa.bak2

C:\WINDOWS\system32\ttvwa.bak2 Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\ttvwa.ini

C:\WINDOWS\system32\ttvwa.ini Has been deleted!

 

Performing Repairs to the registry.

Done!

 

VundoFix V6.5.7

 

Checking Java version...

 

Scan started at 14:23:02 26/08/2007

 

Listing files found while scanning....

 

C:\windows\system32\ftinspxg.exe

C:\windows\system32\maxjdmjb.dll

C:\WINDOWS\system32\mlnmp.bak1

C:\WINDOWS\system32\mlnmp.bak2

C:\WINDOWS\system32\mlnmp.ini

C:\WINDOWS\system32\pmnlm.dll

 

Beginning removal...

 

Attempting to delete C:\windows\system32\ftinspxg.exe

C:\windows\system32\ftinspxg.exe Has been deleted!

 

Attempting to delete C:\windows\system32\maxjdmjb.dll

C:\windows\system32\maxjdmjb.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\mlnmp.bak1

C:\WINDOWS\system32\mlnmp.bak1 Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\mlnmp.bak2

C:\WINDOWS\system32\mlnmp.bak2 Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\mlnmp.ini

C:\WINDOWS\system32\mlnmp.ini Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\pmnlm.dll

C:\WINDOWS\system32\pmnlm.dll Has been deleted!

 

Performing Repairs to the registry.

Done!

 

VundoFix V6.5.7

 

Checking Java version...

 

Scan started at 17:37:16 26/08/2007

 

Listing files found while scanning....

 

C:\WINDOWS\system32\cfhkj.bak1

C:\WINDOWS\system32\cfhkj.ini

C:\WINDOWS\system32\jkhfc.dll

C:\windows\system32\mgcenlry.exe

C:\windows\system32\ustvytly.dll

 

Beginning removal...

 

Attempting to delete C:\WINDOWS\system32\cfhkj.bak1

C:\WINDOWS\system32\cfhkj.bak1 Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\cfhkj.ini

C:\WINDOWS\system32\cfhkj.ini Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\jkhfc.dll

C:\WINDOWS\system32\jkhfc.dll Could not be deleted.

 

Attempting to delete C:\windows\system32\mgcenlry.exe

C:\windows\system32\mgcenlry.exe Has been deleted!

 

Attempting to delete C:\windows\system32\ustvytly.dll

C:\windows\system32\ustvytly.dll Has been deleted!

 

Performing Repairs to the registry.

Done!

 

Beginning removal...

 

Attempting to delete C:\WINDOWS\system32\jkhfc.dll

C:\WINDOWS\system32\jkhfc.dll Has been deleted!

 

Performing Repairs to the registry.

Done!

 

VundoFix V6.5.7

 

Checking Java version...

 

Scan started at 18:51:55 26/08/2007

 

Listing files found while scanning....

 

C:\WINDOWS\system32\kjllm.bak1

C:\WINDOWS\system32\kjllm.ini

C:\WINDOWS\system32\mlljk.dll

 

Beginning removal...

 

Attempting to delete C:\WINDOWS\system32\kjllm.bak1

C:\WINDOWS\system32\kjllm.bak1 Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\kjllm.ini

C:\WINDOWS\system32\kjllm.ini Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\mlljk.dll

C:\WINDOWS\system32\mlljk.dll Has been deleted!

 

Performing Repairs to the registry.

Done!

 

VundoFix V6.5.7

 

Checking Java version...

 

Scan started at 14:32:44 30/08/2007

 

Listing files found while scanning....

 

C:\WINDOWS\system32\jkkll.dll

C:\WINDOWS\system32\llkkj.bak1

C:\WINDOWS\system32\llkkj.bak2

C:\WINDOWS\system32\llkkj.ini

 

Beginning removal...

 

Attempting to delete C:\WINDOWS\system32\jkkll.dll

C:\WINDOWS\system32\jkkll.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\llkkj.bak1

C:\WINDOWS\system32\llkkj.bak1 Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\llkkj.bak2

C:\WINDOWS\system32\llkkj.bak2 Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\llkkj.ini

C:\WINDOWS\system32\llkkj.ini Has been deleted!

 

Performing Repairs to the registry.

Done!

 

VundoFix V6.5.7

 

Checking Java version...

 

Scan started at 14:43:12 30/08/2007

 

Listing files found while scanning....

 

C:\WINDOWS\system32\rrutv.bak1

C:\WINDOWS\system32\rrutv.ini

C:\WINDOWS\system32\vturr.dll

 

Beginning removal...

 

Attempting to delete C:\WINDOWS\system32\rrutv.bak1

C:\WINDOWS\system32\rrutv.bak1 Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\rrutv.ini

C:\WINDOWS\system32\rrutv.ini Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\vturr.dll

C:\WINDOWS\system32\vturr.dll Could not be deleted.

 

Performing Repairs to the registry.

Done!

 

Beginning removal...

 

Attempting to delete C:\WINDOWS\system32\vturr.dll

C:\WINDOWS\system32\vturr.dll Has been deleted!

 

Performing Repairs to the registry.

Done!

 

VundoFix V6.5.7

 

Checking Java version...

 

Scan started at 14:50:50 30/08/2007

 

Listing files found while scanning....

 

No infected files were found.

 

 

VundoFix V6.5.7

 

Checking Java version...

 

Scan started at 14:58:44 30/08/2007

 

Listing files found while scanning....

 

No infected files were found.

 

 

VundoFix V6.5.7

 

Checking Java version...

 

Scan started at 18:54:42 30/08/2007

 

Listing files found while scanning....

 

C:\WINDOWS\system32\prutv.bak1

C:\WINDOWS\system32\prutv.ini

C:\WINDOWS\system32\vturp.dll

 

Beginning removal...

 

Attempting to delete C:\WINDOWS\system32\prutv.bak1

C:\WINDOWS\system32\prutv.bak1 Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\prutv.ini

C:\WINDOWS\system32\prutv.ini Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\vturp.dll

C:\WINDOWS\system32\vturp.dll Has been deleted!

 

Performing Repairs to the registry.

Done!

 

VundoFix V6.5.7

 

Checking Java version...

 

Scan started at 20:14:37 30/08/2007

 

Listing files found while scanning....

 

C:\WINDOWS\system32\ututv.bak1

C:\WINDOWS\system32\ututv.ini

C:\WINDOWS\system32\vtutu.dll

 

Beginning removal...

 

Attempting to delete C:\WINDOWS\system32\ututv.bak1

C:\WINDOWS\system32\ututv.bak1 Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\ututv.ini

C:\WINDOWS\system32\ututv.ini Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\vtutu.dll

C:\WINDOWS\system32\vtutu.dll Has been deleted!

 

Performing Repairs to the registry.

Done!

microgolgi Member

microgolgi

Posté(e)
  • Auteur
Posté(e)

"Silent Runners.vbs", revision 52, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"

 

 

Startup items buried in registry:

---------------------------------

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

"LDM" = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" ["Logitech"]

"SuperCopier2.exe" = "C:\Program Files\SuperCopier2\SuperCopier2.exe" ["SFX TEAM"]

"WOOKIT" = "C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx" [empty string]

"Creative Detector" = "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R" ["Creative Technology Ltd"]

"Picasa Media Detector" = "C:\Program Files\Picasa2\PicasaMediaDetector.exe" ["Google Inc."]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]

"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" ["ALWIL Software"]

"!AVG Anti-Spyware" = ""C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized" ["GRISOFT s.r.o."]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

-> {HKLM...CLSID} = "AcroIEHlprObj Class"

\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

{2E0290E5-1B58-40B5-9093-4EBD0FB5CB3A}\(Default) = (no title provided)

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\WINDOWS\system32\vtutu.dll" [file not found]

{38916424-DD75-4DDB-8335-79DF03A5E9C3}\(Default) = (no title provided)

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\WINDOWS\system32\vturp.dll" [file not found]

{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]

{60D13203-2DC3-4E31-8909-E70BEC38D9F8}\(Default) = (no title provided)

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\WINDOWS\system32\nnnkhfe.dll" [null data]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

-> {HKLM...CLSID} = "SSVHelper Class"

\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll" ["Sun Microsystems, Inc."]

{AE7CD045-E861-484f-8273-0445EE161910}\(Default) = (no title provided)

-> {HKLM...CLSID} = "AcroIEToolbarHelper Class"

\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll" [null data]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"

-> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"

\InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"

-> {HKLM...CLSID} = "HyperTerminal Icon Ext"

\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]

"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"

-> {HKLM...CLSID} = "DesktopContext Class"

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"

-> {HKLM...CLSID} = "Desktop Explorer"

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"

-> {HKLM...CLSID} = "nView Desktop Context Menu"

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" = "Adobe.Acrobat.ContextMenu"

-> {HKLM...CLSID} = "Acrobat Elements Context Menu"

\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"

-> {HKLM...CLSID} = "Mes dossiers de partage"

\InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll" [MS]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"

-> {HKLM...CLSID} = "Outlook File Icon Extension"

\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL" [MS]

"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"

-> {HKLM...CLSID} = "Microsoft Office Outlook"

\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL" [MS]

"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"

-> {HKLM...CLSID} = "Microsoft Office Metadata Handler"

\InProcServer32\(Default) = "C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\msoshext.dll" [MS]

"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"

-> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"

\InProcServer32\(Default) = "C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\msoshext.dll" [MS]

"{B9B9F083-2B04-452A-8691-83694AC1037B}" = "Logitech Setpoint Extension"

-> {HKLM...CLSID} = "LogiExt Class"

\InProcServer32\(Default) = "C:\Program Files\Logitech\SetPoint\mcplext.dll" ["Logitech Inc."]

"{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C}" = "Logitech Setpoint Extension"

-> {HKLM...CLSID} = "KbLogiExt Class"

\InProcServer32\(Default) = "C:\Program Files\Logitech\SetPoint\kbcplext.dll" ["Logitech Inc."]

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"

-> {HKLM...CLSID} = "NVIDIA CPL Extension"

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{7C5E74A0-D5E0-11D0-A9BF-E886A83B9BE5}" = "Context Menu Shell Extension"

-> {HKLM...CLSID} = "Context Menu Shell Extension"

\InProcServer32\(Default) = "C:\PROGRA~1\TAGREN~1\TRshell.dll" ["Softpointer Inc"]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\msohevi.dll" [MS]

"{23F0DC38-DC86-49D6-81EC-40C54A204212}" = "Zen Nano Plus Media Explorer"

-> {HKLM...CLSID} = "Zen Nano Plus Media Explorer"

\InProcServer32\(Default) = "C:\Program Files\Creative\Creative Zen Nano Plus\CTMvns.dll" ["Creative Technology Ltd"]

"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"

-> {HKLM...CLSID} = "avast"

\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

<<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5"

-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"

\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["GRISOFT s.r.o."]

<<!>> "{60D13203-2DC3-4E31-8909-E70BEC38D9F8}" = "°c"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\WINDOWS\system32\nnnkhfe.dll" [null data]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\

"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

-> {HKLM...CLSID} = "WPDShServiceObj Class"

\InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]

 

HKLM\System\CurrentControlSet\Control\Session Manager\

<<!>> "BootExecute" = "autocheck autochk *"|"lsdelete" [null data]

 

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

<<!>> nnnkhfe\DLLName = "nnnkhfe.dll" [null data]

 

HKLM\Software\Classes\PROTOCOLS\Filter\

<<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}"

-> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter"

\InProcServer32\(Default) = "C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS]

 

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

Adobe.Acrobat.ContextMenu\(Default) = "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"

-> {HKLM...CLSID} = "Acrobat Elements Context Menu"

\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]

avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"

-> {HKLM...CLSID} = "avast"

\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"

-> {HKLM...CLSID} = "CContextScan Object"

\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["GRISOFT s.r.o."]

TagRename_ContextMenu\(Default) = "{7C5E74A0-D5E0-11D0-A9BF-E886A83B9BE5}"

-> {HKLM...CLSID} = "Context Menu Shell Extension"

\InProcServer32\(Default) = "C:\PROGRA~1\TAGREN~1\TRshell.dll" ["Softpointer Inc"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

 

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"

-> {HKLM...CLSID} = "CContextScan Object"

\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["GRISOFT s.r.o."]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

 

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"

-> {HKLM...CLSID} = "avast"

\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

TagRename_ContextMenu\(Default) = "{7C5E74A0-D5E0-11D0-A9BF-E886A83B9BE5}"

-> {HKLM...CLSID} = "Context Menu Shell Extension"

\InProcServer32\(Default) = "C:\PROGRA~1\TAGREN~1\TRshell.dll" ["Softpointer Inc"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

 

 

Group Policies {policy setting}:

--------------------------------

 

Note: detected settings may not have any effect.

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

 

"DisableRegistryTools" = (REG_DWORD) hex:0x00000000

{Prevent access to registry editing tools}

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

 

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001

{Shutdown: Allow system to be shut down without having to log on}

 

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001

{Devices: Allow undock without having to log on}

 

 

Active Desktop and Wallpaper:

-----------------------------

 

Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

 

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

 

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Documents and Settings\jeremy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

 

 

Startup items in "jeremy" & "All Users" startup folders:

--------------------------------------------------------

 

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage

"Acrobat Assistant" -> shortcut to: "C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe" ["Adobe Systems Inc."]

"Logitech Desktop Messenger" -> shortcut to: "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe /start" ["Logitech"]

"Logitech SetPoint" -> shortcut to: "C:\Program Files\Logitech\SetPoint\SetPoint.exe" ["Logitech Inc."]

 

 

Winsock2 Service Provider DLLs:

-------------------------------

 

Namespace Service Providers

 

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

 

Transport Service Providers

 

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

 

 

Toolbars, Explorer Bars, Extensions:

------------------------------------

 

Toolbars

 

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\

"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"

-> {HKLM...CLSID} = "Adobe PDF"

\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll" [null data]

 

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"

-> {HKLM...CLSID} = "Adobe PDF"

\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll" [null data]

 

HKLM\Software\Microsoft\Internet Explorer\Toolbar\

"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" = (no title provided)

-> {HKLM...CLSID} = "Adobe PDF"

\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll" [null data]

 

Explorer Bars

 

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

{182EC0BE-5110-49C8-A062-BEB1D02A220B}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Adobe PDF"

\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll" [null data]

 

HKLM\Software\Classes\CLSID\{01002DB2-8170-4D9B-A8B1-DDC9DD114E03}\(Default) = "Volet Wanadoo"

Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]

InProcServer32\(Default) = "C:\PROGRA~1\Wanadoo\audience\audience.dll" [empty string]

 

HKLM\Software\Classes\CLSID\{3BAF4A27-C764-4E1A-A6F4-62F7A7E5E51C}\(Default) = "ToolBand Class"

Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]

InProcServer32\(Default) = "C:\PROGRA~1\Wanadoo\audience\audience.dll" [empty string]

 

HKLM\Software\Classes\CLSID\{5BF498C0-931E-4A4F-B33F-456D07137EAA}\(Default) = "Volet Wanadoo"

Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]

InProcServer32\(Default) = "C:\PROGRA~1\Wanadoo\audience\audience.dll" [empty string]

 

Extensions (Tools menu items, main toolbar menu buttons)

 

HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Console Java (Sun)"

"CLSIDExtension" = "{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}"

-> {HKCU...CLSID} = "Java Plug-in 1.6.0_01"

\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll" ["Sun Microsystems, Inc."]

-> {HKLM...CLSID} = "Java Plug-in 1.6.0_01"

\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll" ["Sun Microsystems, Inc."]

 

 

Miscellaneous IE Hijack Points

------------------------------

 

C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

 

Added lines (compared with English-language version):

[strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/"

 

Missing lines (compared with English-language version):

[strings]: 1 line

 

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\

<<H>> "{08C06D61-F1F3-4799-86F8-BE1A89362C85}" = (no title provided)

-> {HKLM...CLSID} = "Search Class"

\InProcServer32\(Default) = "C:\PROGRA~1\Wanadoo\SEARCH~1.DLL" [empty string]

 

 

Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------

 

Ad-Aware 2007 Service, aawservice, ""C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe"" ["Lavasoft AB"]

avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" ["ALWIL Software"]

avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" ["ALWIL Software"]

avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]

avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]

AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe" ["GRISOFT s.r.o."]

Creative Service for CDROM Access, Creative Service for CDROM Access, "C:\WINDOWS\system32\CTsvcCDA.EXE" ["Creative Technology Ltd"]

EPSON Printer Status Agent2, EPSONStatusAgent2, "C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe" ["SEIKO EPSON CORPORATION"]

France Telecom Routing Table Service, FTRTSVC, "C:\WINDOWS\System32\FTRTSVC.exe" ["France Telecom"]

Machine Debug Manager, MDM, ""C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe"" [MS]

NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]

Sunbelt Personal Firewall 4, SPF4, ""C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe"" ["Sunbelt Software"]

 

 

Print Monitors:

---------------

 

HKLM\System\CurrentControlSet\Control\Print\Monitors\

Adobe PDF Port\Driver = "C:\WINDOWS\system32\AdobePDF.dll" ["Adobe Systems Incorporated."]

EPSON V3 2KMonitor300\Driver = "E_SL2300.DLL" ["SEIKO EPSON CORPORATION"]

 

 

---------- (launch time: 2007-08-30 20:23:13)

<<!>>: Suspicious data at a malware launch point.

<<H>>: Suspicious data at a browser hijack point.

 

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

DLL launch points, use the -supp parameter or answer "No" at the

first message box and "Yes" at the second message box.

---------- (total run time: 54 seconds, including 10 seconds for message boxes)

 

 

Je continue la procedure

microgolgi Member

microgolgi

Posté(e)
  • Auteur
Posté(e) (modifié)

REGEDIT4

 

; Registry Search by Bobbi Flekman © 2005

; Version: 1.0.2.4

 

; Results at 30/08/2007 20:27:37 for strings:

; 'nnnkhfe.dll'

; Strings excluded from search:

; (None)

; Search in:

; Registry Keys Registry Values Registry Data

; HKEY_LOCAL_MACHINE HKEY_USERS

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{60D13203-2DC3-4E31-8909-E70BEC38D9F8}\InprocServer32]

@="C:\\WINDOWS\\system32\\nnnkhfe.dll"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nnnkhfe]

"DllName"="nnnkhfe.dll"

 

; End Of The Log...

 

et voila, la suite? :P

Au fait quand tu dis de fermer ttes les applications, tu parles aussi par exemple d'avast, supercopier, logitech et compagnie enfin les logiciels qui apparaissent à coté de l'horloge.

Modifié par microgolgi
bruce lee Devil Member !

bruce lee

Posté(e)
Posté(e) (modifié)

Re,

 

Lance vundofix puis fait un clique droit dans le rectangle blanc puis un clique gauche sur add more files?

 

Dans la premiere ligne copie/colle:

 

C:\WINDOWS\system32\nnnkhfe.dll

 

Clique ensuite sur:

 

add files puis ensuite sur Close Window et enfin sur Remove Vundo

 

Si l'outil te demande de redémarrer, accepte.

Copie/Colle ensuite le rapport C:\ vundofix.txt

Modifié par bruce lee

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...