Aller au contenu
  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

CurePCSolutions, ads .exe to files


JjJames

Messages recommandés

~~ edit by ipl_001: this discussion was split from http://forum.zebulon.fr/index.php?showtopic=111010

 

Hi, sorry but my french is not good enough to talk about this virus so i'll try it in english.

 

I have had the same problem a mentioned above. only problem is that some important school files, movie files etc. have been renamed with the .exe.

 

and every time i opened IE6, i got a page called "blank.mht"

 

I had already found out that the file "1A9BDAF.dll" in my system32 file was causing most of this, so i renamed it to "xxxx1A9BDAF.dll".

 

(it was hidden, i found it by arranging all files by the the date they were last changed, and that was the only file that was changed that day)

 

and that was a succes. no more blank.mht, no more error messages when using shift of crtl. So that .dll file seems te cause most of that.

 

after i rebooted, i could just delete the dll file.

 

 

The only problem still remaining is if it is possibble to reconvert the changed .exe to their original files.

I have about 3Gb of files that now have .exe extension.

 

Do you think it is possible?

 

I am thinking, about installing the CorePCsolutions software on an old pc, and then try if i can convert them back with their software.

 

Merci beaucoup par avance

 

JjJames

 

ps: This seems to be a pretty new virus/spyware, not a lot about it on the internet, and the things you do find, are from this month

Lien vers le commentaire
Partager sur d’autres sites

....

Ps : Etant donné que je suis aussi bon en anglais qu'en informatique pourrait tu me dire ce qu'a répondu JjJames et si ce qu'il dit peut m'aider! Merci beaucoup

 

Non je suis desole, mais je pense que je n'ai rien dit, que peut t'aider. Je vais essayer en francais.

J'ai expliquer que j'ai le même probleme que vous. Donc, le changement des fichiers en xls.exe, avi.exe, etc... et la probleme de la page "blank.mht" en Internet Explorer.

 

J'ai trouver un .dll (1A9BDAF.dll) dans c:/windows/system32 (c'etait cache), c'est come le F9428.ddl de vous. J'ai changer le nom ce dll en "xxx1A9BDAF.dll" et apres que j'ai fait ca, j'ai effacer "black.mht" dans c:/windows/. J'ai changer mon page d'accueil, et maintenant, je n'ai plus de problemes avec ca. Mais je vous conseille de ne pas faire ca, mais de attendre une reponse ici, parce-que je ne suis pas un specialiste.

 

Mais la probleme de mes fichiers reste (presque 3Gb) . Et je ne sait pas, ci je peut les reparer.

 

voila, j'espère que tu comprends.

 

JjJames

Modifié par JjJames
Lien vers le commentaire
Partager sur d’autres sites

hi JjJames ,welcome to Zebulon :P

I am thinking, about installing the CorePCsolutions software on an old pc, and then try if i can convert them back with their software.

Don't install this program, I think it's a rogue (a false antispyware program)

Can you please open a new topic and run a scan with Hijackhis then post the log ?=>

  • Download HijackThis on your desktop > http://downloads.subratam.org/hijackthis.zip
  • Don’t hit Open, but Save as. Then navigate to your desktop, and hit Save. After downloading, minimize all windows until you’re on your desktop.
  • Now double-click on the zip file containing the HijackThis.exe file. Select the HijackThis.exe, and hit the combination Ctrl + C.
  • Minimize the zipfolder, and go to My Computer. Double-click on C:/, then double-click on Program Files.
  • In the menu bar you’ll find File. Click it, then choose New, and then Folder.
  • Call this folder HijackThis. Double-click to open this – new – folder.
  • Now use the combination Ctrl + V to paste the HijackThis.exe into this folder. Now close all other windows, and double-click on the HijackThis.exe in the folder you’ve just created.

Lien vers le commentaire
Partager sur d’autres sites

hi JjJames ,welcome to Zebulon :P

 

Don't install this program, I think it's a rogue (a false antispyware program)

...

 

Hi, thats why i was thinking about installing it on an old pc, i know its a false antipyware program, but maybe it can recover the files it killed.

 

But i'll open an other topic with my log.

Lien vers le commentaire
Partager sur d’autres sites

hello,

 

Some spyware changed about 3GB of files into .exe, and simply renaming it doesnt help.

 

i had the same problem as discribed here:

http://forum.zebulon.fr/index.php?showtopic=111010&st=0

 

J'ai expliquer que j'ai le même probleme que vous. Donc, le changement des fichiers en xls.exe, avi.exe, etc... et la probleme de la page "blank.mht" en Internet Explorer.

 

J'ai trouver un .dll (1A9BDAF.dll) dans c:/windows/system32 (c'etait cache), c'est come le F9428.ddl de vous. J'ai changer le nom ce dll en "xxx1A9BDAF.dll" et apres que j'ai fait ca, j'ai effacer "black.mht" dans c:/windows/. J'ai changer mon page d'accueil, et maintenant, je n'ai plus de problemes avec ca.

 

Here is the hijackthis log:

 

Logfile of HijackThis v1.99.1

Scan saved at 16:44:51, on 16/12/2006

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

E:\WINDOWS\System32\smss.exe

E:\WINDOWS\system32\winlogon.exe

E:\WINDOWS\system32\services.exe

E:\WINDOWS\system32\lsass.exe

E:\WINDOWS\system32\svchost.exe

E:\WINDOWS\System32\svchost.exe

E:\WINDOWS\System32\brsvc01a.exe

E:\WINDOWS\system32\spoolsv.exe

E:\WINDOWS\System32\brss01a.exe

E:\WINDOWS\Explorer.EXE

E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

E:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

E:\Program Files\Microsoft ActiveSync\wcescomm.exe

E:\PROGRA~1\MICROS~2\rapimgr.exe

E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

E:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

E:\WINDOWS\System32\nvsvc32.exe

E:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe

E:\Program Files\MSN Messenger\msnmsgr.exe

E:\WINDOWS\System32\svchost.exe

E:\Program Files\Internet Explorer\iexplore.exe

E:\Program Files\Mozilla Firefox\firefox.exe

E:\Program Files\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = E:\WINDOWS\blank.mht

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = E:\WINDOWS\blank.mht

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = E:\WINDOWS\blank.mht

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - E:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll

O2 - BHO: E:\WINDOWS\System32\1A9BDAF.dll - {947254B5-96F3-4A9D-FF34-8466477D897C} - E:\WINDOWS\System32\1A9BDAF.dll (file missing)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - E:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll

O4 - HKLM\..\Run: [NVMixerTray] "E:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\System32\NeroCheck.exe

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [H/PC Connection Agent] "E:\Program Files\Microsoft ActiveSync\wcescomm.exe"

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://E:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~2\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~2\INetRepl.dll

O9 - Extra 'Tools' menuitem: Mobiele favorieten maken - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~2\INetRepl.dll

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)

O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{009A856C-37DB-4A4C-B80C-8651986985D2}: NameServer = 198.231.24.102

O17 - HKLM\System\CCS\Services\Tcpip\..\{8804FB52-7789-47B8-9A11-0B689603007D}: NameServer = 198.231.24.102

O17 - HKLM\System\CCS\Services\Tcpip\..\{9C3C5C1B-CE75-4A8C-9291-96D12B200435}: NameServer = 198.231.24.102

O17 - HKLM\System\CCS\Services\Tcpip\..\{D11A5074-21F9-4863-A76F-E0CB00718422}: NameServer = 198.231.24.102

O17 - HKLM\System\CCS\Services\Tcpip\..\{D4C19F45-0E93-45CC-8C80-CD6C64B4FE6D}: NameServer = 198.231.24.102

O17 - HKLM\System\CS1\Services\Tcpip\..\{009A856C-37DB-4A4C-B80C-8651986985D2}: NameServer = 198.231.24.102

O17 - HKLM\System\CS2\Services\Tcpip\..\{009A856C-37DB-4A4C-B80C-8651986985D2}: NameServer = 198.231.24.102

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - E:\WINDOWS\System32\brsvc01a.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - E:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe

O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - E:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe

Lien vers le commentaire
Partager sur d’autres sites

Close Internet Explorer and any open windows and run Hijack This .Check the below entries and click on Fix Checked:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = E:\WINDOWS\blank.mht

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = E:\WINDOWS\blank.mht

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = E:\WINDOWS\blank.mht

 

O2 - BHO: E:\WINDOWS\System32\1A9BDAF.dll - {947254B5-96F3-4A9D-FF34-8466477D897C} - E:\WINDOWS\System32\1A9BDAF.dll (file missing)

then,please, click Config, click Misc Tools

Click "Open Uninstall Manager"

Click "Save List" (generates uninstall_list.txt)

Click Save, copy and paste the results in your next post.

 

add to this log a fresh HijackThis log.

 

Sorry ! I also would like you to download and run SmitFraudFix =>

 

Use this URL to download the latest version (the file contains both English and French versions):

http://siri.urz.free.fr/Fix/SmitfraudFix.exe

* Double-click SmitfraudFix.exe

* Select 1 and hit Enter to create a report of the infected files. The report can be found at the root of the system drive, usually at C:\rapport.txt.

Modifié par charles ingals
Lien vers le commentaire
Partager sur d’autres sites

uninstall list

 

µTorrent

Ad-Aware SE Personal

Adobe Bridge 1.0

Adobe Common File Installer

Adobe Download Manager 2.0 (alleen verwijderen)

Adobe Flash Player 9 ActiveX

Adobe Help Center 1.0

Adobe Photoshop CS2

Adobe Reader 7.0.8 - Nederlands

Adobe Stock Photos 1.0

Apple Software Update

Ares 1.9.0

AVG Free Edition

Battlefield 2

BfSV 0.85

Cisco Systems VPN Client 4.8.01.0300

Combined Community Codec Pack 2006-07-28 (Remove Only)

EVEREST Home Edition v2.20

GTA San Andreas

HijackThis 1.99.1

Hotfix for Windows XP (KB909394)

Image Resizer Powertoy for Windows XP

Indeo® Software

Microsoft .NET Framework 1.1

Microsoft ActiveSync 4.0

Microsoft Office FrontPage 2003

Microsoft Office Professional Editie 2003

Mozilla Firefox (1.5.0.:P

Nero 7 Demo

NVIDIA Drivers

NvMixer

PeerGuardian 2.0

QuickTime

SAS Learning Edition 2.0

SolidConverterPDF

Telemeter 3.5f

VideoLAN VLC media player 0.8.5

Winamp (remove only)

Windows Live Messenger

Windows Media Format Runtime

Windows Media Player 10

Windows Media Player 10 Hotfix - KB894476

WinRAR

Xfire (remove only)

 

Fresh Hijackthis log:

 

Logfile of HijackThis v1.99.1

Scan saved at 17:24:25, on 16/12/2006

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

E:\WINDOWS\System32\smss.exe

E:\WINDOWS\system32\winlogon.exe

E:\WINDOWS\system32\services.exe

E:\WINDOWS\system32\lsass.exe

E:\WINDOWS\system32\svchost.exe

E:\WINDOWS\System32\svchost.exe

E:\WINDOWS\System32\brsvc01a.exe

E:\WINDOWS\system32\spoolsv.exe

E:\WINDOWS\System32\brss01a.exe

E:\WINDOWS\Explorer.EXE

E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

E:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

E:\Program Files\Microsoft ActiveSync\wcescomm.exe

E:\PROGRA~1\MICROS~2\rapimgr.exe

E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

E:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

E:\WINDOWS\System32\nvsvc32.exe

E:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe

E:\Program Files\MSN Messenger\msnmsgr.exe

E:\WINDOWS\System32\svchost.exe

E:\Program Files\Telemeter 3.0\Telemeter3.exe

E:\Program Files\Internet Explorer\iexplore.exe

E:\Program Files\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - E:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - E:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll

O4 - HKLM\..\Run: [NVMixerTray] "E:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\System32\NeroCheck.exe

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [H/PC Connection Agent] "E:\Program Files\Microsoft ActiveSync\wcescomm.exe"

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://E:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~2\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~2\INetRepl.dll

O9 - Extra 'Tools' menuitem: Mobiele favorieten maken - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~2\INetRepl.dll

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)

O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{009A856C-37DB-4A4C-B80C-8651986985D2}: NameServer = 198.231.24.102

O17 - HKLM\System\CCS\Services\Tcpip\..\{8804FB52-7789-47B8-9A11-0B689603007D}: NameServer = 198.231.24.102

O17 - HKLM\System\CCS\Services\Tcpip\..\{9C3C5C1B-CE75-4A8C-9291-96D12B200435}: NameServer = 198.231.24.102

O17 - HKLM\System\CCS\Services\Tcpip\..\{D11A5074-21F9-4863-A76F-E0CB00718422}: NameServer = 198.231.24.102

O17 - HKLM\System\CCS\Services\Tcpip\..\{D4C19F45-0E93-45CC-8C80-CD6C64B4FE6D}: NameServer = 198.231.24.102

O17 - HKLM\System\CS1\Services\Tcpip\..\{009A856C-37DB-4A4C-B80C-8651986985D2}: NameServer = 198.231.24.102

O17 - HKLM\System\CS2\Services\Tcpip\..\{009A856C-37DB-4A4C-B80C-8651986985D2}: NameServer = 198.231.24.102

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - E:\WINDOWS\System32\brsvc01a.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - E:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe

O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - E:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe

 

 

I have no more problems with that "black.mht" page, ever since i deleted the dll. But the files are still names .exe, and i cant change them.

Maybe i schould not have deleted the .dll file?

Lien vers le commentaire
Partager sur d’autres sites

sorry JjJames! I added this to my last reply =>

 

Sorry ! I also would like you to download and run SmitFraudFix =>

 

Use this URL to download the latest version (the file contains both English and French versions):

http://siri.urz.free.fr/Fix/SmitfraudFix.exe

* Double-click SmitfraudFix.exe

* Select 1 and hit Enter to create a report of the infected files. The report can be found at the root of the system drive, usually at C:\rapport.txt.

Maybe i schould not have deleted the .dll file?

I can't tell you yet! I need to do find more info about that :P

Lien vers le commentaire
Partager sur d’autres sites

smitfraudfix log

 

SmitFraudFix v2.130

 

Scan done at 17:42:14,98, za 16/12/2006

Run from E:\Documents and Settings\Frederick\Bureaublad\SmitfraudFix

OS: Microsoft Windows XP [versie 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in normal mode

 

»»»»»»»»»»»»»»»»»»»»»»»» E:\

 

 

»»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS

 

 

»»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS\system

 

 

»»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS\Web

 

 

»»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS\system32

 

 

»»»»»»»»»»»»»»»»»»»»»»»» E:\Documents and Settings\Frederick

 

 

»»»»»»»»»»»»»»»»»»»»»»»» E:\Documents and Settings\Frederick\Application Data

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

 

 

»»»»»»»»»»»»»»»»»»»»»»»» E:\DOCUME~1\FREDER~1\FAVORI~1

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

 

 

»»»»»»»»»»»»»»»»»»»»»»»» E:\Program Files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="Mijn huidige introductiepagina"

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"{947254B5-96F3-4A9D-FF34-8466477D897C}"="Printer driver"

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End

Lien vers le commentaire
Partager sur d’autres sites

ok! we are going to scan your computer with Avg As .

Print this topic if neccesary it will make it easier for you to follow the instructions and complete all of the steps.

 

Download ATF Cleaner to your desktop.

 

Download, install, and update AVG Anti-Spyware 7.5

  1. Save the installer to desktop
  2. Double click the installer, select your language, and then select OK
  3. Click NEXT>>Select I Agree>>>NEXT>>>INSTALL
  4. AVG will now install and afterwards click FINISH
  5. AVG Anti-Spyware 7.5 should now Load
  6. Click the Update tab at the top. Under Manual Update click Start update.
  7. After the update finishes (the status bar at the bottom will display "Update successful")
  8. Close AVG Anti-Spyware 7.5. Do not run it yet.

Reboot your computer into Safe Mode. To boot into Safe Mode, please restart your computer. Tap F8 before Windows loads. Select Safe Mode at the top, on the screen that appears.

Sign in with your normal user account

 

Once in safe mode:

  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.

If you use Firefox browser, do this also:

  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser, do this also:

  • Click Opera at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

  • Then run AVG Anti-Spyware 7.5 and click on the Scanner tab at the top
  • Click the "Settings" tab and then change the recommended action to Quarantine and ensure that Automatically generate report after every scan is selected and
    Uncheck "Only if Threats are found"
  • Click back to the "Scan" tab and then click on Complete System Scan.
    This scan can take quite a while to run, so be prepared.
  • AVG Anti-Spyware 7.5 will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG Anti-Spyware 7.5 will display "All actions have been applied" on the right hand side.
  • Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).

Reboot your computer and ,please, submit Avg As's log in your next reply :P

Modifié par charles ingals
Lien vers le commentaire
Partager sur d’autres sites

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...