log HijackThis, votre avis sur 2 lignes svp
log HijackThis, votre avis sur 2 lignes svp - Sécurité - Windows & Software
Marsh Posté le 20-01-2006 à 14:53:43
Pour le O17 ca ressemble aux DNS Wanadoo 
Pas d'idée pour le O20, j'ai cette fois policies avec une autre dll...
Normal ?
Marsh Posté le 20-01-2006 à 20:50:37
Bonsoir,
Télécharge L2mfix (de Shadowwar) de l'un de ces liens :
http://www.atribune.org/downloads/l2mfix.exe
http://www.downloads.subratam.org/l2mfix.exe
Sauvegarde-le sur ton Bureau et double-clique l2mfix.exe. Clique sur le bouton Install pour en extraire le contenu et suis les directives, puis ouvre le nouveau dossier "l2mfix" qui se trouve sur le Bureau. Double-clique l2mfix.bat et choisis l'option #1 pour Run Find Log en tapant 1 et ensuite Entrée. Le scan débutera sans générer d'indications, puis, après une minute ou deux, un fichier texte apparaîtra. Copie/colle le contenu de ce rapport ("report.txt" ) dans ta prochaine réponse.
IMPORTANT : NE PAS lancer l'option #2 OU autres fichiers situés dans le dossier "l2mfix" sans l'avis d'un conseiller !
Par contre, si une erreur s'affiche en lançant l'option #1, similaire à ceci : ''C:\windows\system32\cmd.exe
C:\windows\system32\autoexec.nt the system file is not suitable for running ms-dos and microsoft windows applications. Choose close to terminate the application.."...alors utilise l'option #5 ou le lien web fourni dans le dossier "l2mfix" afin de résoudre cette erreur. Ne pas lancer d'autres options avant d'avoir réglé ce pépin.
Marsh Posté le 20-01-2006 à 22:30:32
Stoneangel est un ange ! Il trouve toutes les réponses! ;-)
Marsh Posté le 21-01-2006 à 13:23:59
L2MFIX find log 010406
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Installer]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\j6n2lg5o16.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
**********************************************************************************
useragent:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{693C9C67-115B-C518-34E9-BB767CEE4B0C}"=""
**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Feuille de proprits du fichier multimdia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de scurit NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des proprits de OLE DocFile"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de scurit DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donnes endommages de l'environnement"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets rseau de Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'cran ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension icne HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de scurit des imprimantes"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions rseau"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions rseau"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interprteur de commandes pour l'environnement d'excution de scripts Windows"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donnes Microsoft"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tches planifies"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tches et menu Dmarrer"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Excuter..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier lectronique"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du tlchargement"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau tendu"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet intgr de recherche"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Bote d'entre de l'adresse"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalise MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrs auto-ouvrante"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Paramtres du dossier global"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de dmarrage de la Suite IE4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="numrateur d'applications installes"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de rsum (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class"
"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"="AVG7 Shell Extension"
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}"="AVG7 Find Extension"
"{6E8F53C0-BABA-4CC9-9331-BDA52864FFFF}"=""
"{DA657272-6E9B-4BB3-9EC0-1FA8588F9178}"=""
"{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"="UnlockerShellExtension"
"{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}"="PhoneBrowser"
"{C0C4375A-5B72-4efe-929D-3B848C3A1E91}"="Message View"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chane"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chane"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper"
"{1B638B2E-9DEA-4B1B-856F-BEA02D249944}"=""
**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{6E8F53C0-BABA-4CC9-9331-BDA52864FFFF}]
@=""
"IDEx"="ADDR"
[HKEY_CLASSES_ROOT\CLSID\{6E8F53C0-BABA-4CC9-9331-BDA52864FFFF}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{6E8F53C0-BABA-4CC9-9331-BDA52864FFFF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{6E8F53C0-BABA-4CC9-9331-BDA52864FFFF}\InprocServer32]
@="C:\\WINDOWS\\system32\\vbrifier.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{DA657272-6E9B-4BB3-9EC0-1FA8588F9178}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{DA657272-6E9B-4BB3-9EC0-1FA8588F9178}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{DA657272-6E9B-4BB3-9EC0-1FA8588F9178}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{DA657272-6E9B-4BB3-9EC0-1FA8588F9178}\InprocServer32]
@="C:\\WINDOWS\\system32\\LigitCheckControl.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{1B638B2E-9DEA-4B1B-856F-BEA02D249944}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{1B638B2E-9DEA-4B1B-856F-BEA02D249944}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{1B638B2E-9DEA-4B1B-856F-BEA02D249944}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{1B638B2E-9DEA-4B1B-856F-BEA02D249944}\InprocServer32]
@="C:\\WINDOWS\\system32\\kudhu.dll"
"ThreadingModel"="Apartment"
**********************************************************************************
Files Found are not all bad files:
C:\WINDOWS\SYSTEM32\
cddbco~1.dll Wed 7 Dec 2005 11:29:18 A.... 643 072 628,00 K
cddbui~1.dll Wed 7 Dec 2005 11:30:34 A.... 770 048 752,00 K
connapi.dll Tue 29 Nov 2005 12:49:54 A.... 246 272 240,50 K
cvetcfg.dll Thu 19 Jan 2006 0:01:04 A.S.R 235 647 230,12 K
daapi.dll Mon 28 Nov 2005 9:08:32 A.... 115 712 113,00 K
dvdskmgr.dll Wed 18 Jan 2006 23:55:10 A.S.R 235 647 230,12 K
fpjm03~1.dll Sat 21 Jan 2006 12:50:34 ..S.R 233 989 228,50 K
gccoll~1.dll Tue 15 Nov 2005 12:12:08 A.... 126 680 123,71 K
gcunco~1.dll Tue 15 Nov 2005 12:12:06 A.... 95 448 93,21 K
gdi32.dll Mon 2 Jan 2006 23:39:04 A.... 260 608 254,50 K
gp64l3~1.dll Thu 19 Jan 2006 13:48:22 A.S.R 235 082 229,57 K
hashlib.dll Tue 15 Nov 2005 12:12:08 A.... 117 976 115,21 K
iossvcs.dll Thu 19 Jan 2006 0:26:26 A.S.R 235 333 229,82 K
iwxwan.dll Thu 19 Jan 2006 16:57:52 A.S.R 233 948 228,46 K
j6n2lg~1.dll Fri 20 Jan 2006 22:37:30 ..S.R 233 876 228,39 K
kddlv.dll Thu 19 Jan 2006 2:07:32 A.S.R 236 645 231,10 K
kudhu.dll Sat 21 Jan 2006 12:50:36 ..S.R 233 876 228,39 K
ligitc~1.dll Fri 20 Jan 2006 18:54:50 ..S.R 235 532 230,01 K
lrk.dll Fri 20 Jan 2006 16:33:10 ..S.R 234 892 229,39 K
m2ju0c~1.dll Thu 19 Jan 2006 3:55:42 A.S.R 233 704 228,23 K
maihnd.dll Fri 20 Jan 2006 22:21:04 ..S.R 235 928 230,40 K
meiavi32.dll Thu 19 Jan 2006 0:21:12 A.S.R 237 078 231,52 K
mshtml.dll Tue 22 Nov 2005 17:39:42 A.... 2 700 288 2,57 M
mstask.dll Thu 19 Jan 2006 3:36:50 A.... 266 240 260,00 K
mv82l9~1.dll Fri 20 Jan 2006 22:29:28 ..S.R 233 892 228,41 K
nclapi.dll Thu 24 Nov 2005 10:53:20 A.... 110 592 108,00 K
ncltools.dll Fri 28 Oct 2005 13:51:32 A.... 26 624 26,00 K
ncrsesm.dll Thu 19 Jan 2006 16:37:48 A.S.R 234 581 229,08 K
netapi32.dll Thu 19 Jan 2006 3:36:50 A.... 306 688 299,50 K
s288lc~1.dll Thu 19 Jan 2006 2:23:46 A.S.R 235 704 230,18 K
schedsvc.dll Thu 19 Jan 2006 3:36:52 A.... 174 592 170,50 K
srrstr.dll Thu 27 Oct 2005 20:07:56 A.... 229 376 224,00 K
swriptpw.dll Thu 19 Jan 2006 16:19:58 A.S.R 233 619 228,14 K
33 items found: 33 files (18 H/S), 0 directories.
Total of file sizes: 10 419 189 bytes 9,93 M
Locate .tmp files:
No matches found.
**********************************************************************************
Directory Listing of system files:
Le volume dans le lecteur C n'a pas de nom.
Le numro de srie du volume est 708C-519F
Rpertoire de C:\WINDOWS\System32
21/01/2006 12:53 <REP> dllcache
21/01/2006 12:50 233ÿ876 kudhu.dll
21/01/2006 12:50 233ÿ989 fpjm0311e.dll
20/01/2006 22:37 233ÿ876 j6n2lg5o16.dll
20/01/2006 22:29 233ÿ892 mv82l9lo1.dll
20/01/2006 22:21 235ÿ928 maihnd.dll
20/01/2006 18:54 235ÿ532 LigitCheckControl.dll
20/01/2006 16:33 234ÿ892 lrk.dll
19/01/2006 16:57 233ÿ948 iwxwan.dll
19/01/2006 16:37 234ÿ581 ncrsesm.dll
19/01/2006 16:19 233ÿ619 swriptpw.dll
19/01/2006 13:48 235ÿ082 gp64l3jq1.dll
19/01/2006 03:55 233ÿ704 m2ju0c19ef.dll
19/01/2006 02:23 235ÿ704 s288lclu1fq8.dll
19/01/2006 02:07 236ÿ645 kddlv.dll
19/01/2006 00:26 235ÿ333 iOssvcs.dll
19/01/2006 00:21 237ÿ078 meiavi32.dll
19/01/2006 00:01 235ÿ647 cvetcfg.dll
18/01/2006 23:55 235ÿ647 dvdskmgr.dll
18/01/2006 22:04 <REP> Microsoft
18 fichier(s) 4ÿ228ÿ973 octets
2 Rp(s) 2ÿ924ÿ355ÿ584 octets libres
Voilà pour le log C'est au niveau des dll ?
Enfin je touche à rien sans votre avis bien sûr 
Marsh Posté le 21-01-2006 à 17:53:18
Re,
Ferme toutes les applications en cours, car cette étape nécessite un redémarrage.
Du dossier l2mfix situé sur ton Bureau, double-clique l2mfix.bat et choisis l'option 2 pour Run Fix en tapant 2 et ensuite "Entrée". Les icônes du Bureau vont disparaître (tout à fait normal). L2mfix poursuivra le scan et lorsque terminé, il sera prêt à redémarrer le PC. Appuie sur n'importe quelle touche pour redémarrer. Après le redémarrage, un fichier texte devrait apparaître. Copie/colle le contenu de ce rapport dans ta prochaine réponse, et poste un nouveau rapport HijackThis! également.
IMPORTANT: NE PAS lancer d'autres fichiers situés dans le dossier "l2mfix" sans l'avis d'un conseiller ! Ne pas lancer cet outil en mode Sans Échec !!
**Si le fichier texte (rapport) n'apparaît pas au redémarrage, double-clique sur le fichier texte ("log.txt" ) situé dans le dossier "l2mfix".
Message édité par stonangel le 21-01-2006 à 17:55:25
Marsh Posté le 21-01-2006 à 18:03:09
L2mfix 010406
Creating Account.
La commande s'est termine correctement.
Adding Administrative privleges.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful
Running From:
C:\WINDOWS\system32
Killing Processes!
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 720 'smss.exe'
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1972 'explorer.exe'
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1660 'rundll32.exe'
Killing PID 1140 'rundll32.exe'
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administrateurs ... successful
Scanning First Pass. Please Wait!
First Pass Completed
Second Pass Scanning
Second pass Completed!
1 fichier(s) copi(s).
1 fichier(s) copi(s).
1 fichier(s) copi(s).
1 fichier(s) copi(s).
1 fichier(s) copi(s).
1 fichier(s) copi(s).
1 fichier(s) copi(s).
1 fichier(s) copi(s).
1 fichier(s) copi(s).
1 fichier(s) copi(s).
1 fichier(s) copi(s).
1 fichier(s) copi(s).
1 fichier(s) copi(s).
1 fichier(s) copi(s).
1 fichier(s) copi(s).
1 fichier(s) copi(s).
1 fichier(s) copi(s).
1 fichier(s) copi(s).
Deleting: C:\WINDOWS\system32\cvetcfg.dll
Successfully Deleted: C:\WINDOWS\system32\cvetcfg.dll
Deleting: C:\WINDOWS\system32\dvdskmgr.dll
Successfully Deleted: C:\WINDOWS\system32\dvdskmgr.dll
Deleting: C:\WINDOWS\system32\fpjm0311e.dll
Successfully Deleted: C:\WINDOWS\system32\fpjm0311e.dll
Deleting: C:\WINDOWS\system32\gp64l3jq1.dll
Successfully Deleted: C:\WINDOWS\system32\gp64l3jq1.dll
Deleting: C:\WINDOWS\system32\iOssvcs.dll
Successfully Deleted: C:\WINDOWS\system32\iOssvcs.dll
Deleting: C:\WINDOWS\system32\iwxwan.dll
Successfully Deleted: C:\WINDOWS\system32\iwxwan.dll
Deleting: C:\WINDOWS\system32\j6n2lg5o16.dll
Successfully Deleted: C:\WINDOWS\system32\j6n2lg5o16.dll
Deleting: C:\WINDOWS\system32\kddlv.dll
Successfully Deleted: C:\WINDOWS\system32\kddlv.dll
Deleting: C:\WINDOWS\system32\kudhu.dll
Successfully Deleted: C:\WINDOWS\system32\kudhu.dll
Deleting: C:\WINDOWS\system32\LigitCheckControl.dll
Successfully Deleted: C:\WINDOWS\system32\LigitCheckControl.dll
Deleting: C:\WINDOWS\system32\lrk.dll
Successfully Deleted: C:\WINDOWS\system32\lrk.dll
Deleting: C:\WINDOWS\system32\m2ju0c19ef.dll
Successfully Deleted: C:\WINDOWS\system32\m2ju0c19ef.dll
Deleting: C:\WINDOWS\system32\maihnd.dll
Successfully Deleted: C:\WINDOWS\system32\maihnd.dll
Deleting: C:\WINDOWS\system32\meiavi32.dll
Successfully Deleted: C:\WINDOWS\system32\meiavi32.dll
Deleting: C:\WINDOWS\system32\mv82l9lo1.dll
Successfully Deleted: C:\WINDOWS\system32\mv82l9lo1.dll
Deleting: C:\WINDOWS\system32\ncrsesm.dll
Successfully Deleted: C:\WINDOWS\system32\ncrsesm.dll
Deleting: C:\WINDOWS\system32\s288lclu1fq8.dll
Successfully Deleted: C:\WINDOWS\system32\s288lclu1fq8.dll
Deleting: C:\WINDOWS\system32\swriptpw.dll
Successfully Deleted: C:\WINDOWS\system32\swriptpw.dll
msg11?.dll
0 fichier(s) copi(s).
Restoring Windows Update Certificates.:
The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Installer]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\j6n2lg5o16.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
The following are the files found:
****************************************************************************
C:\WINDOWS\system32\cvetcfg.dll
C:\WINDOWS\system32\dvdskmgr.dll
C:\WINDOWS\system32\fpjm0311e.dll
C:\WINDOWS\system32\gp64l3jq1.dll
C:\WINDOWS\system32\iOssvcs.dll
C:\WINDOWS\system32\iwxwan.dll
C:\WINDOWS\system32\j6n2lg5o16.dll
C:\WINDOWS\system32\kddlv.dll
C:\WINDOWS\system32\kudhu.dll
C:\WINDOWS\system32\LigitCheckControl.dll
C:\WINDOWS\system32\lrk.dll
C:\WINDOWS\system32\m2ju0c19ef.dll
C:\WINDOWS\system32\maihnd.dll
C:\WINDOWS\system32\meiavi32.dll
C:\WINDOWS\system32\mv82l9lo1.dll
C:\WINDOWS\system32\ncrsesm.dll
C:\WINDOWS\system32\s288lclu1fq8.dll
C:\WINDOWS\system32\swriptpw.dll
Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{6E8F53C0-BABA-4CC9-9331-BDA52864FFFF}]
@=""
"IDEx"="ADDR"
[HKEY_CLASSES_ROOT\CLSID\{6E8F53C0-BABA-4CC9-9331-BDA52864FFFF}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{6E8F53C0-BABA-4CC9-9331-BDA52864FFFF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{6E8F53C0-BABA-4CC9-9331-BDA52864FFFF}\InprocServer32]
@="C:\\WINDOWS\\system32\\vbrifier.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{DA657272-6E9B-4BB3-9EC0-1FA8588F9178}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{DA657272-6E9B-4BB3-9EC0-1FA8588F9178}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{DA657272-6E9B-4BB3-9EC0-1FA8588F9178}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{DA657272-6E9B-4BB3-9EC0-1FA8588F9178}\InprocServer32]
@="C:\\WINDOWS\\system32\\LigitCheckControl.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{1B638B2E-9DEA-4B1B-856F-BEA02D249944}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{1B638B2E-9DEA-4B1B-856F-BEA02D249944}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{1B638B2E-9DEA-4B1B-856F-BEA02D249944}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{1B638B2E-9DEA-4B1B-856F-BEA02D249944}\InprocServer32]
@="C:\\WINDOWS\\system32\\kudhu.dll"
"ThreadingModel"="Apartment"
REGEDIT4
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{6E8F53C0-BABA-4CC9-9331-BDA52864FFFF}"=-
"{DA657272-6E9B-4BB3-9EC0-1FA8588F9178}"=-
"{1B638B2E-9DEA-4B1B-856F-BEA02D249944}"=-
[-HKEY_CLASSES_ROOT\CLSID\{6E8F53C0-BABA-4CC9-9331-BDA52864FFFF}]
[-HKEY_CLASSES_ROOT\CLSID\{DA657272-6E9B-4BB3-9EC0-1FA8588F9178}]
[-HKEY_CLASSES_ROOT\CLSID\{1B638B2E-9DEA-4B1B-856F-BEA02D249944}]
REGEDIT4
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************
****************************************************************************
Checking for L2MFix account(0=no 1=yes):
0
Zipping up files for submission:
adding: dlls/cvetcfg.dll (164 bytes security) (deflated 5%)
adding: dlls/dvdskmgr.dll (164 bytes security) (deflated 5%)
adding: dlls/fpjm0311e.dll (164 bytes security) (deflated 4%)
adding: dlls/gp64l3jq1.dll (164 bytes security) (deflated 5%)
adding: dlls/iOssvcs.dll (164 bytes security) (deflated 5%)
adding: dlls/iwxwan.dll (164 bytes security) (deflated 4%)
adding: dlls/j6n2lg5o16.dll (164 bytes security) (deflated 4%)
adding: dlls/kddlv.dll (164 bytes security) (deflated 5%)
adding: dlls/kudhu.dll (164 bytes security) (deflated 4%)
adding: dlls/LigitCheckControl.dll (164 bytes security) (deflated 5%)
adding: dlls/lrk.dll (164 bytes security) (deflated 5%)
adding: dlls/m2ju0c19ef.dll (164 bytes security) (deflated 4%)
adding: dlls/maihnd.dll (164 bytes security) (deflated 5%)
adding: dlls/meiavi32.dll (164 bytes security) (deflated 5%)
adding: dlls/mv82l9lo1.dll (164 bytes security) (deflated 4%)
adding: dlls/ncrsesm.dll (164 bytes security) (deflated 5%)
adding: dlls/s288lclu1fq8.dll (164 bytes security) (deflated 5%)
adding: dlls/swriptpw.dll (164 bytes security) (deflated 4%)
adding: backregs/1B638B2E-9DEA-4B1B-856F-BEA02D249944.reg (212 bytes security) (deflated 70%)
adding: backregs/6E8F53C0-BABA-4CC9-9331-BDA52864FFFF.reg (212 bytes security) (deflated 69%)
adding: backregs/DA657272-6E9B-4BB3-9EC0-1FA8588F9178.reg (212 bytes security) (deflated 69%)
adding: backregs/notibac.reg (164 bytes security) (deflated 87%)
adding: backregs/shell.reg (164 bytes security) (deflated 73%)
Marsh Posté le 21-01-2006 à 18:04:05
Voila pour HijackThis:
Logfile of HijackThis v1.99.1
Scan saved at 18:03:25, on 21/01/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\PROGRA~1\FICHIE~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
E:\Downloads\Cleaner\hijackthis_199\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{73ADF191-1759-4930-8283-75B8AC7935ED}: NameServer = 80.10.246.130 80.10.246.3
O20 - Winlogon Notify: Installer - C:\WINDOWS\system32\j6n2lg5o16.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
Marsh Posté le 21-01-2006 à 18:12:37
J'dois pouvoir fixer la ligne 020. Ca venait bien de la.
Si j'ai bien compris l2mfix a nettoyé la base de registre et mis des versions saines des dlls et viré celles corrompues ou qui n'avient rien à faire là ?
Pour le moment ca à l'air de tourner bien, et plus de popup
Marsh Posté le 21-01-2006 à 20:02:47
En effet... Juste une retouche.
Ouvre HijackThis, scan et coche:
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O20 - Winlogon Notify: Installer - C:\WINDOWS\system32\j6n2lg5o16.dll (file missing)
Ferme toutes les fenêtres puis Fix checked. Redémarre.
Installe un parefeu (ZA, Kerio...)
Bon surf 
Marsh Posté le 21-01-2006 à 21:09:31
Merci pour tout ! C'est tout propre :-)
Pour le pare-feu, c'est en cours de configuration ! (intégré à la CM)
Sujets relatifs:
- Vos avis sur cette carte Wifi US Robotics.
- Analyse de Logfile (hijackthis)
- Question HijackThis
- log hijackthis
- rapport Hijackthis demande d'aide
- Rapport Hijackthis suite a gros problème
- demande d'analyse Hijackthis
- Analyse de mon log Hijackthis
- [Demande d'avis] Prendre la Freebox
- Demande d'analyse hijackthis
Marsh Posté le 20-01-2006 à 01:04:40
Bonsoir,
Voilà depuis le format de ma partition windows, j'ai des soucis, plus particulièrement avec des popup incessantes...
En fait j'ai utilisé le net lors de la mise à jour de Xp avec SP1 et d'avg, et j'ai attrapé pas mal de cochonneries...
C'était hier soir.
Désormais j'ai des logs clean avec AntiSpyware, Ad Aware, Spybots et Avg. Ouf plus grand chose à signaler, enfin !
Pour HijackThis, il me reste encore des lignes suspectes, du moins je pense.
Logfile of HijackThis v1.99.1
Scan saved at 00:49:32, on 20/01/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\FICHIE~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Grisoft\AVG Free\avgwb.dat
E:\Downloads\Cleaner\hijackthis_199\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{73ADF191-1759-4930-8283-75B8AC7935ED}: NameServer = 80.10.246.130 80.10.246.3
O20 - Winlogon Notify: Reinstall - C:\WINDOWS\system32\mvrol9931.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
Voilà, ces deux lignes me paraissent suspectes, j'ai beau les corriger, elles reviennent au démarrage.
Les deux IP, je ne sais pas à quoi elles correspondent, en tout cas ce n'est pas la mienne et Google ne connait pas.
Pour le winlogon, j'ai noté que le dll varie systématiquement. Ce coup ci c'est un "Reinstall" mais ca varie aussi.
Comment savoir ce qu'il font ? Et s'ils sont la cause de ces maudits popups ?
Je vous remercie d'avance pour votre attention :-)
Message édité par Pwill le 20-01-2006 à 19:32:37