log HijackThis, votre avis sur 2 lignes svp

log HijackThis, votre avis sur 2 lignes svp - Sécurité - Windows & Software

Marsh Posté le 20-01-2006 à 01:04:40    

Bonsoir,
 
Voilà depuis le format de ma partition windows, j'ai des soucis, plus particulièrement avec des popup incessantes...
En fait j'ai utilisé le net lors de la mise à jour de Xp avec SP1 et d'avg, et j'ai attrapé pas mal de cochonneries...
C'était hier soir.  
Désormais j'ai des logs clean avec AntiSpyware, Ad Aware, Spybots et Avg. Ouf plus grand chose à signaler, enfin !
 
Pour HijackThis, il me reste encore des lignes suspectes, du moins je pense.
 
Logfile of HijackThis v1.99.1
Scan saved at 00:49:32, on 20/01/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\FICHIE~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Grisoft\AVG Free\avgwb.dat
E:\Downloads\Cleaner\hijackthis_199\HijackThis.exe
 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{73ADF191-1759-4930-8283-75B8AC7935ED}: NameServer = 80.10.246.130 80.10.246.3
O20 - Winlogon Notify: Reinstall - C:\WINDOWS\system32\mvrol9931.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
 
Voilà, ces deux lignes me paraissent suspectes, j'ai beau les corriger, elles reviennent au démarrage.
Les deux IP, je ne sais pas à quoi elles correspondent, en tout cas ce n'est pas la mienne et Google ne connait pas.
Pour le winlogon, j'ai noté que le dll varie systématiquement. Ce coup ci c'est un "Reinstall" mais ca varie aussi.
 
Comment savoir ce qu'il font ? Et s'ils sont la cause de ces maudits popups ?
Je vous remercie d'avance pour votre attention :-)


Message édité par Pwill le 20-01-2006 à 19:32:37
Reply

Marsh Posté le 20-01-2006 à 01:04:40   

Reply

Marsh Posté le 20-01-2006 à 14:53:43    

Pour le O17 ca ressemble aux DNS Wanadoo :)
Pas d'idée pour le O20, j'ai cette fois policies avec une autre dll...
Normal ?

Reply

Marsh Posté le 20-01-2006 à 20:50:37    

Bonsoir,
 
Télécharge L2mfix (de Shadowwar) de l'un de ces liens :
http://www.atribune.org/downloads/l2mfix.exe
http://www.downloads.subratam.org/l2mfix.exe
 
Sauvegarde-le sur ton Bureau et double-clique l2mfix.exe. Clique sur le bouton Install pour en extraire le contenu et suis les directives, puis ouvre le nouveau dossier "l2mfix" qui se trouve sur le Bureau. Double-clique l2mfix.bat et choisis l'option #1 pour Run Find Log en tapant 1 et ensuite Entrée. Le scan débutera sans générer d'indications, puis, après une minute ou deux, un fichier texte apparaîtra. Copie/colle le contenu de ce rapport ("report.txt" ) dans ta prochaine réponse.
 
IMPORTANT : NE PAS lancer l'option #2 OU autres fichiers situés dans le dossier "l2mfix" sans l'avis d'un conseiller !
 
Par contre, si une erreur s'affiche en lançant l'option #1, similaire à ceci : ''C:\windows\system32\cmd.exe
C:\windows\system32\autoexec.nt the system file is not suitable for running ms-dos and microsoft windows applications. Choose close to terminate the application.."...alors utilise l'option #5 ou le lien web fourni dans le dossier "l2mfix" afin de résoudre cette erreur. Ne pas lancer d'autres options avant d'avoir réglé ce pépin.
 
 

Reply

Marsh Posté le 20-01-2006 à 22:30:32    

Stoneangel est un ange ! Il trouve toutes les réponses! ;-)

Reply

Marsh Posté le 21-01-2006 à 13:23:59    

L2MFIX find log 010406
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
  6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Installer]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\j6n2lg5o16.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
  6c,00,6c,00,00,00
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
 
**********************************************************************************
useragent:
Windows Registry Editor Version 5.00
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{693C9C67-115B-C518-34E9-BB767CEE4B0C}"=""
 
**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class"
"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"="AVG7 Shell Extension"
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}"="AVG7 Find Extension"
"{6E8F53C0-BABA-4CC9-9331-BDA52864FFFF}"=""
"{DA657272-6E9B-4BB3-9EC0-1FA8588F9178}"=""
"{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"="UnlockerShellExtension"
"{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}"="PhoneBrowser"
"{C0C4375A-5B72-4efe-929D-3B848C3A1E91}"="Message View"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper"
"{1B638B2E-9DEA-4B1B-856F-BEA02D249944}"=""
 
**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00
 
[HKEY_CLASSES_ROOT\CLSID\{6E8F53C0-BABA-4CC9-9331-BDA52864FFFF}]
@=""
"IDEx"="ADDR"
 
[HKEY_CLASSES_ROOT\CLSID\{6E8F53C0-BABA-4CC9-9331-BDA52864FFFF}\Implemented Categories]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{6E8F53C0-BABA-4CC9-9331-BDA52864FFFF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{6E8F53C0-BABA-4CC9-9331-BDA52864FFFF}\InprocServer32]
@="C:\\WINDOWS\\system32\\vbrifier.dll"
"ThreadingModel"="Apartment"
 
Windows Registry Editor Version 5.00
 
[HKEY_CLASSES_ROOT\CLSID\{DA657272-6E9B-4BB3-9EC0-1FA8588F9178}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{DA657272-6E9B-4BB3-9EC0-1FA8588F9178}\Implemented Categories]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{DA657272-6E9B-4BB3-9EC0-1FA8588F9178}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{DA657272-6E9B-4BB3-9EC0-1FA8588F9178}\InprocServer32]
@="C:\\WINDOWS\\system32\\LigitCheckControl.dll"
"ThreadingModel"="Apartment"
 
Windows Registry Editor Version 5.00
 
[HKEY_CLASSES_ROOT\CLSID\{1B638B2E-9DEA-4B1B-856F-BEA02D249944}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{1B638B2E-9DEA-4B1B-856F-BEA02D249944}\Implemented Categories]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{1B638B2E-9DEA-4B1B-856F-BEA02D249944}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{1B638B2E-9DEA-4B1B-856F-BEA02D249944}\InprocServer32]
@="C:\\WINDOWS\\system32\\kudhu.dll"
"ThreadingModel"="Apartment"
 
**********************************************************************************
Files Found are not all bad files:
 
C:\WINDOWS\SYSTEM32\
   cddbco~1.dll   Wed  7 Dec 2005  11:29:18   A....        643 072   628,00 K
   cddbui~1.dll   Wed  7 Dec 2005  11:30:34   A....        770 048   752,00 K
   connapi.dll    Tue 29 Nov 2005  12:49:54   A....        246 272   240,50 K
   cvetcfg.dll    Thu 19 Jan 2006   0:01:04   A.S.R        235 647   230,12 K
   daapi.dll      Mon 28 Nov 2005   9:08:32   A....        115 712   113,00 K
   dvdskmgr.dll   Wed 18 Jan 2006  23:55:10   A.S.R        235 647   230,12 K
   fpjm03~1.dll   Sat 21 Jan 2006  12:50:34   ..S.R        233 989   228,50 K
   gccoll~1.dll   Tue 15 Nov 2005  12:12:08   A....        126 680   123,71 K
   gcunco~1.dll   Tue 15 Nov 2005  12:12:06   A....         95 448    93,21 K
   gdi32.dll      Mon  2 Jan 2006  23:39:04   A....        260 608   254,50 K
   gp64l3~1.dll   Thu 19 Jan 2006  13:48:22   A.S.R        235 082   229,57 K
   hashlib.dll    Tue 15 Nov 2005  12:12:08   A....        117 976   115,21 K
   iossvcs.dll    Thu 19 Jan 2006   0:26:26   A.S.R        235 333   229,82 K
   iwxwan.dll     Thu 19 Jan 2006  16:57:52   A.S.R        233 948   228,46 K
   j6n2lg~1.dll   Fri 20 Jan 2006  22:37:30   ..S.R        233 876   228,39 K
   kddlv.dll      Thu 19 Jan 2006   2:07:32   A.S.R        236 645   231,10 K
   kudhu.dll      Sat 21 Jan 2006  12:50:36   ..S.R        233 876   228,39 K
   ligitc~1.dll   Fri 20 Jan 2006  18:54:50   ..S.R        235 532   230,01 K
   lrk.dll        Fri 20 Jan 2006  16:33:10   ..S.R        234 892   229,39 K
   m2ju0c~1.dll   Thu 19 Jan 2006   3:55:42   A.S.R        233 704   228,23 K
   maihnd.dll     Fri 20 Jan 2006  22:21:04   ..S.R        235 928   230,40 K
   meiavi32.dll   Thu 19 Jan 2006   0:21:12   A.S.R        237 078   231,52 K
   mshtml.dll     Tue 22 Nov 2005  17:39:42   A....      2 700 288     2,57 M
   mstask.dll     Thu 19 Jan 2006   3:36:50   A....        266 240   260,00 K
   mv82l9~1.dll   Fri 20 Jan 2006  22:29:28   ..S.R        233 892   228,41 K
   nclapi.dll     Thu 24 Nov 2005  10:53:20   A....        110 592   108,00 K
   ncltools.dll   Fri 28 Oct 2005  13:51:32   A....         26 624    26,00 K
   ncrsesm.dll    Thu 19 Jan 2006  16:37:48   A.S.R        234 581   229,08 K
   netapi32.dll   Thu 19 Jan 2006   3:36:50   A....        306 688   299,50 K
   s288lc~1.dll   Thu 19 Jan 2006   2:23:46   A.S.R        235 704   230,18 K
   schedsvc.dll   Thu 19 Jan 2006   3:36:52   A....        174 592   170,50 K
   srrstr.dll     Thu 27 Oct 2005  20:07:56   A....        229 376   224,00 K
   swriptpw.dll   Thu 19 Jan 2006  16:19:58   A.S.R        233 619   228,14 K
 
33 items found:  33 files (18 H/S), 0 directories.
   Total of file sizes:  10 419 189 bytes      9,93 M
Locate .tmp files:
 
No matches found.
**********************************************************************************
Directory Listing of system files:
 Le volume dans le lecteur C n'a pas de nom.
 Le num‚ro de s‚rie du volume est 708C-519F
 
 R‚pertoire de C:\WINDOWS\System32
 
21/01/2006  12:53    <REP>          dllcache
21/01/2006  12:50           233ÿ876 kudhu.dll
21/01/2006  12:50           233ÿ989 fpjm0311e.dll
20/01/2006  22:37           233ÿ876 j6n2lg5o16.dll
20/01/2006  22:29           233ÿ892 mv82l9lo1.dll
20/01/2006  22:21           235ÿ928 maihnd.dll
20/01/2006  18:54           235ÿ532 LigitCheckControl.dll
20/01/2006  16:33           234ÿ892 lrk.dll
19/01/2006  16:57           233ÿ948 iwxwan.dll
19/01/2006  16:37           234ÿ581 ncrsesm.dll
19/01/2006  16:19           233ÿ619 swriptpw.dll
19/01/2006  13:48           235ÿ082 gp64l3jq1.dll
19/01/2006  03:55           233ÿ704 m2ju0c19ef.dll
19/01/2006  02:23           235ÿ704 s288lclu1fq8.dll
19/01/2006  02:07           236ÿ645 kddlv.dll
19/01/2006  00:26           235ÿ333 iOssvcs.dll
19/01/2006  00:21           237ÿ078 meiavi32.dll
19/01/2006  00:01           235ÿ647 cvetcfg.dll
18/01/2006  23:55           235ÿ647 dvdskmgr.dll
18/01/2006  22:04    <REP>          Microsoft
              18 fichier(s)        4ÿ228ÿ973 octets
               2 R‚p(s)   2ÿ924ÿ355ÿ584 octets libres
 
Voilà pour le log :) C'est au niveau des dll ?
Enfin je touche à rien sans votre avis bien sûr :jap:

Reply

Marsh Posté le 21-01-2006 à 17:53:18    

Re,
 
Ferme toutes les applications en cours, car cette étape nécessite un redémarrage.
 
Du dossier l2mfix situé sur ton Bureau, double-clique l2mfix.bat et choisis l'option 2 pour Run Fix en tapant 2 et ensuite "Entrée". Les icônes du Bureau vont disparaître (tout à fait normal). L2mfix poursuivra le scan et lorsque terminé, il sera prêt à redémarrer le PC. Appuie sur n'importe quelle touche pour redémarrer. Après le redémarrage, un fichier texte devrait apparaître. Copie/colle le contenu de ce rapport dans ta prochaine réponse, et poste un nouveau rapport HijackThis! également.
 
IMPORTANT:  NE PAS lancer d'autres fichiers situés dans le dossier "l2mfix" sans l'avis d'un conseiller ! Ne pas lancer cet outil en mode Sans Échec !!
 
**Si le fichier texte (rapport) n'apparaît pas au redémarrage, double-clique sur le fichier texte ("log.txt" ) situé dans le dossier "l2mfix".


Message édité par stonangel le 21-01-2006 à 17:55:25
Reply

Marsh Posté le 21-01-2006 à 18:03:09    

L2mfix 010406
Creating Account.
La commande s'est termin‚e correctement.
 
Adding Administrative privleges.  
Checking for L2MFix account(0=no 1=yes):  
1
 Granting SeDebugPrivilege to L2MFIX   ... successful
 
Running From:
C:\WINDOWS\system32
 
Killing Processes!  
 
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 720 'smss.exe'
 
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 816 'winlogon.exe'
Killing PID 816 'winlogon.exe'
 
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1972 'explorer.exe'
 
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1660 'rundll32.exe'
Killing PID 1140 'rundll32.exe'
Restoring Sedebugprivilege:
 Granting SeDebugPrivilege to Administrateurs   ... successful
 
Scanning First Pass. Please Wait!
 
First Pass Completed  
 
Second Pass Scanning  
 
Second pass Completed!
        1 fichier(s) copi‚(s).
        1 fichier(s) copi‚(s).
        1 fichier(s) copi‚(s).
        1 fichier(s) copi‚(s).
        1 fichier(s) copi‚(s).
        1 fichier(s) copi‚(s).
        1 fichier(s) copi‚(s).
        1 fichier(s) copi‚(s).
        1 fichier(s) copi‚(s).
        1 fichier(s) copi‚(s).
        1 fichier(s) copi‚(s).
        1 fichier(s) copi‚(s).
        1 fichier(s) copi‚(s).
        1 fichier(s) copi‚(s).
        1 fichier(s) copi‚(s).
        1 fichier(s) copi‚(s).
        1 fichier(s) copi‚(s).
        1 fichier(s) copi‚(s).
Deleting: C:\WINDOWS\system32\cvetcfg.dll  
Successfully Deleted: C:\WINDOWS\system32\cvetcfg.dll  
Deleting: C:\WINDOWS\system32\dvdskmgr.dll  
Successfully Deleted: C:\WINDOWS\system32\dvdskmgr.dll  
Deleting: C:\WINDOWS\system32\fpjm0311e.dll  
Successfully Deleted: C:\WINDOWS\system32\fpjm0311e.dll  
Deleting: C:\WINDOWS\system32\gp64l3jq1.dll  
Successfully Deleted: C:\WINDOWS\system32\gp64l3jq1.dll  
Deleting: C:\WINDOWS\system32\iOssvcs.dll  
Successfully Deleted: C:\WINDOWS\system32\iOssvcs.dll  
Deleting: C:\WINDOWS\system32\iwxwan.dll  
Successfully Deleted: C:\WINDOWS\system32\iwxwan.dll  
Deleting: C:\WINDOWS\system32\j6n2lg5o16.dll  
Successfully Deleted: C:\WINDOWS\system32\j6n2lg5o16.dll  
Deleting: C:\WINDOWS\system32\kddlv.dll  
Successfully Deleted: C:\WINDOWS\system32\kddlv.dll  
Deleting: C:\WINDOWS\system32\kudhu.dll  
Successfully Deleted: C:\WINDOWS\system32\kudhu.dll  
Deleting: C:\WINDOWS\system32\LigitCheckControl.dll  
Successfully Deleted: C:\WINDOWS\system32\LigitCheckControl.dll  
Deleting: C:\WINDOWS\system32\lrk.dll  
Successfully Deleted: C:\WINDOWS\system32\lrk.dll  
Deleting: C:\WINDOWS\system32\m2ju0c19ef.dll  
Successfully Deleted: C:\WINDOWS\system32\m2ju0c19ef.dll  
Deleting: C:\WINDOWS\system32\maihnd.dll  
Successfully Deleted: C:\WINDOWS\system32\maihnd.dll  
Deleting: C:\WINDOWS\system32\meiavi32.dll  
Successfully Deleted: C:\WINDOWS\system32\meiavi32.dll  
Deleting: C:\WINDOWS\system32\mv82l9lo1.dll  
Successfully Deleted: C:\WINDOWS\system32\mv82l9lo1.dll  
Deleting: C:\WINDOWS\system32\ncrsesm.dll  
Successfully Deleted: C:\WINDOWS\system32\ncrsesm.dll  
Deleting: C:\WINDOWS\system32\s288lclu1fq8.dll  
Successfully Deleted: C:\WINDOWS\system32\s288lclu1fq8.dll  
Deleting: C:\WINDOWS\system32\swriptpw.dll  
Successfully Deleted: C:\WINDOWS\system32\swriptpw.dll  
 
msg11?.dll  
        0 fichier(s) copi‚(s).
 
 
 
Restoring Windows Update Certificates.:
 
The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
  6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Installer]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\j6n2lg5o16.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
  6c,00,6c,00,00,00
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
 
 
The following are the files found:  
****************************************************************************
C:\WINDOWS\system32\cvetcfg.dll  
C:\WINDOWS\system32\dvdskmgr.dll  
C:\WINDOWS\system32\fpjm0311e.dll  
C:\WINDOWS\system32\gp64l3jq1.dll  
C:\WINDOWS\system32\iOssvcs.dll  
C:\WINDOWS\system32\iwxwan.dll  
C:\WINDOWS\system32\j6n2lg5o16.dll  
C:\WINDOWS\system32\kddlv.dll  
C:\WINDOWS\system32\kudhu.dll  
C:\WINDOWS\system32\LigitCheckControl.dll  
C:\WINDOWS\system32\lrk.dll  
C:\WINDOWS\system32\m2ju0c19ef.dll  
C:\WINDOWS\system32\maihnd.dll  
C:\WINDOWS\system32\meiavi32.dll  
C:\WINDOWS\system32\mv82l9lo1.dll  
C:\WINDOWS\system32\ncrsesm.dll  
C:\WINDOWS\system32\s288lclu1fq8.dll  
C:\WINDOWS\system32\swriptpw.dll  
 
Registry Entries that were Deleted:  
Please verify that the listing looks ok.  
If there was something deleted wrongly there are backups in the backreg folder.  
****************************************************************************
Windows Registry Editor Version 5.00
 
[HKEY_CLASSES_ROOT\CLSID\{6E8F53C0-BABA-4CC9-9331-BDA52864FFFF}]
@=""
"IDEx"="ADDR"
 
[HKEY_CLASSES_ROOT\CLSID\{6E8F53C0-BABA-4CC9-9331-BDA52864FFFF}\Implemented Categories]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{6E8F53C0-BABA-4CC9-9331-BDA52864FFFF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{6E8F53C0-BABA-4CC9-9331-BDA52864FFFF}\InprocServer32]
@="C:\\WINDOWS\\system32\\vbrifier.dll"
"ThreadingModel"="Apartment"
 
Windows Registry Editor Version 5.00
 
[HKEY_CLASSES_ROOT\CLSID\{DA657272-6E9B-4BB3-9EC0-1FA8588F9178}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{DA657272-6E9B-4BB3-9EC0-1FA8588F9178}\Implemented Categories]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{DA657272-6E9B-4BB3-9EC0-1FA8588F9178}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{DA657272-6E9B-4BB3-9EC0-1FA8588F9178}\InprocServer32]
@="C:\\WINDOWS\\system32\\LigitCheckControl.dll"
"ThreadingModel"="Apartment"
 
Windows Registry Editor Version 5.00
 
[HKEY_CLASSES_ROOT\CLSID\{1B638B2E-9DEA-4B1B-856F-BEA02D249944}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{1B638B2E-9DEA-4B1B-856F-BEA02D249944}\Implemented Categories]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{1B638B2E-9DEA-4B1B-856F-BEA02D249944}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{1B638B2E-9DEA-4B1B-856F-BEA02D249944}\InprocServer32]
@="C:\\WINDOWS\\system32\\kudhu.dll"
"ThreadingModel"="Apartment"
 
REGEDIT4
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{6E8F53C0-BABA-4CC9-9331-BDA52864FFFF}"=-
"{DA657272-6E9B-4BB3-9EC0-1FA8588F9178}"=-
"{1B638B2E-9DEA-4B1B-856F-BEA02D249944}"=-
[-HKEY_CLASSES_ROOT\CLSID\{6E8F53C0-BABA-4CC9-9331-BDA52864FFFF}]
[-HKEY_CLASSES_ROOT\CLSID\{DA657272-6E9B-4BB3-9EC0-1FA8588F9178}]
[-HKEY_CLASSES_ROOT\CLSID\{1B638B2E-9DEA-4B1B-856F-BEA02D249944}]
REGEDIT4
 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:  
****************************************************************************
 
****************************************************************************
Checking for L2MFix account(0=no 1=yes):  
0
Zipping up files for submission:
  adding: dlls/cvetcfg.dll (164 bytes security) (deflated 5%)
  adding: dlls/dvdskmgr.dll (164 bytes security) (deflated 5%)
  adding: dlls/fpjm0311e.dll (164 bytes security) (deflated 4%)
  adding: dlls/gp64l3jq1.dll (164 bytes security) (deflated 5%)
  adding: dlls/iOssvcs.dll (164 bytes security) (deflated 5%)
  adding: dlls/iwxwan.dll (164 bytes security) (deflated 4%)
  adding: dlls/j6n2lg5o16.dll (164 bytes security) (deflated 4%)
  adding: dlls/kddlv.dll (164 bytes security) (deflated 5%)
  adding: dlls/kudhu.dll (164 bytes security) (deflated 4%)
  adding: dlls/LigitCheckControl.dll (164 bytes security) (deflated 5%)
  adding: dlls/lrk.dll (164 bytes security) (deflated 5%)
  adding: dlls/m2ju0c19ef.dll (164 bytes security) (deflated 4%)
  adding: dlls/maihnd.dll (164 bytes security) (deflated 5%)
  adding: dlls/meiavi32.dll (164 bytes security) (deflated 5%)
  adding: dlls/mv82l9lo1.dll (164 bytes security) (deflated 4%)
  adding: dlls/ncrsesm.dll (164 bytes security) (deflated 5%)
  adding: dlls/s288lclu1fq8.dll (164 bytes security) (deflated 5%)
  adding: dlls/swriptpw.dll (164 bytes security) (deflated 4%)
  adding: backregs/1B638B2E-9DEA-4B1B-856F-BEA02D249944.reg (212 bytes security) (deflated 70%)
  adding: backregs/6E8F53C0-BABA-4CC9-9331-BDA52864FFFF.reg (212 bytes security) (deflated 69%)
  adding: backregs/DA657272-6E9B-4BB3-9EC0-1FA8588F9178.reg (212 bytes security) (deflated 69%)
  adding: backregs/notibac.reg (164 bytes security) (deflated 87%)
  adding: backregs/shell.reg (164 bytes security) (deflated 73%)

Reply

Marsh Posté le 21-01-2006 à 18:04:05    

Voila pour HijackThis:
 
Logfile of HijackThis v1.99.1
Scan saved at 18:03:25, on 21/01/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\PROGRA~1\FICHIE~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
E:\Downloads\Cleaner\hijackthis_199\HijackThis.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{73ADF191-1759-4930-8283-75B8AC7935ED}: NameServer = 80.10.246.130 80.10.246.3
O20 - Winlogon Notify: Installer - C:\WINDOWS\system32\j6n2lg5o16.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
 

Reply

Marsh Posté le 21-01-2006 à 18:12:37    

J'dois pouvoir fixer la ligne 020. Ca venait bien de la.
Si j'ai bien compris l2mfix a nettoyé la base de registre et mis des versions saines des dlls et viré celles corrompues ou qui n'avient rien à faire là ?
 
Pour le moment ca à l'air de tourner bien, et plus de popup :)
 

Reply

Marsh Posté le 21-01-2006 à 20:02:47    

En effet... Juste une retouche.
 
Ouvre HijackThis, scan et coche:
 
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
 
O20 - Winlogon Notify: Installer - C:\WINDOWS\system32\j6n2lg5o16.dll (file missing)  
 
Ferme toutes les fenêtres puis Fix checked. Redémarre.
 
Installe un parefeu (ZA, Kerio...)
 
Bon surf  :hello:  
 
 
 
 

Reply

Marsh Posté le 21-01-2006 à 20:02:47   

Reply

Marsh Posté le 21-01-2006 à 21:09:31    

Merci pour tout ! C'est tout propre :-)
Pour le pare-feu, c'est en cours de configuration ! (intégré à la CM)
:hello:

Reply

Sujets relatifs:

Leave a Replay

Make sure you enter the(*)required information where indicate.HTML code is not allowed