Rapport HijackThis contre spyware VX2. Help !!!

Rapport HijackThis contre spyware VX2. Help !!! - Sécurité - Windows & Software

Marsh Posté le 25-06-2005 à 13:55:17    

Bon, j'ai tout testé : Ad Aware, spybot, A², Norton, Spyware Nuker, Vx2 Finder, le Add on de Ad-Aware, bref, j'ai toujours mes fenêtres "loadingwebsite" qui reviennent sans arrêt, donc si kkun peut m'aider avec mon rapport hijackthis, ce serait sympa, je désespère là !
 
Logfile of HijackThis v1.99.1
Scan saved at 13:54:10, on 25/06/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\VeriSign\NAVI\naviagent.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SAGEM\SAGEM F@st800\DSLMON.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Hijackthis\HijackThis1991.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://freebox.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://freebox.free.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =  
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =  
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st800\DSLMON.exe
O8 - Extra context menu item: Ouvrir l'image dans &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1036\phdintl.dll/phdContext.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Aide i-Nav - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra 'Tools' menuitem: Aide i-Nav - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra 'Tools' menuitem: Options i-Nav - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://freebox.free.fr/
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f003.mail.caramail.lycos.fr [...] loader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1D761415-3A76-4D5F-B4A2-F9447A091C55}: NameServer = 212.27.54.252 212.27.39.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{1D761415-3A76-4D5F-B4A2-F9447A091C55}: NameServer = 212.27.54.252 212.27.39.1
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: RunOnceEx - C:\WINDOWS\system32\k0nola531d.dll
O23 - Service: ADSLAutoconnect - Unknown owner - C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe" -z (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: VeriSign Updater (navi) - VeriSign, Inc. - C:\Program Files\VeriSign\NAVI\naviagent.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
 

Reply

Marsh Posté le 25-06-2005 à 13:55:17   

Reply

Marsh Posté le 25-06-2005 à 14:15:51    

Bonjour, télécharge:
CCleaner
http://www.ccleaner.com/ccdownload.asp
 
Ewido
http://www.ewido.net/en/download/
Installe et mets à jour.
 
Désactive Tea Timer de SSD, passe CCleaner sur chaque session utilisateur et exécute Ewido. A la fin de son analyse colle le rapport ici avec un nouveau rapport Hijackthis.


Message édité par stonangel le 25-06-2005 à 14:16:07
Reply

Marsh Posté le 25-06-2005 à 15:49:04    

stonangel a écrit :

Bonjour, télécharge:
CCleaner
http://www.ccleaner.com/ccdownload.asp
 
Ewido
http://www.ewido.net/en/download/
Installe et mets à jour.
 
Désactive Tea Timer de SSD, passe CCleaner sur chaque session utilisateur et exécute Ewido. A la fin de son analyse colle le rapport ici avec un nouveau rapport Hijackthis.


Bon, j'ai scanné avec ccleaner qui m'a viré 28 MB de cochonneries temporaires, puis mis à jour Ewido et lancé un scan qui m'a trouvé Dialer Generic (je ne sais pas s'il y a un rapport avec loadingwebsite qui apparait encore après le nettoyage), et quelques cookies. Voilà le rapport HJT qui suit :
 
Logfile of HijackThis v1.99.1
Scan saved at 15:48:03, on 25/06/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\VeriSign\NAVI\naviagent.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\SAGEM\SAGEM F@st800\DSLMON.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Hijackthis\HijackThis1991.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://freebox.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://freebox.free.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =  
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =  
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st800\DSLMON.exe
O8 - Extra context menu item: Ouvrir l'image dans &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1036\phdintl.dll/phdContext.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Aide i-Nav - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra 'Tools' menuitem: Aide i-Nav - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra 'Tools' menuitem: Options i-Nav - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://freebox.free.fr/
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f003.mail.caramail.lycos.fr [...] loader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1D761415-3A76-4D5F-B4A2-F9447A091C55}: NameServer = 212.27.54.252 212.27.39.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{1D761415-3A76-4D5F-B4A2-F9447A091C55}: NameServer = 212.27.54.252 212.27.39.1
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: RunOnceEx - C:\WINDOWS\system32\k0nola531d.dll
O23 - Service: ADSLAutoconnect - Unknown owner - C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe" -z (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: VeriSign Updater (navi) - VeriSign, Inc. - C:\Program Files\VeriSign\NAVI\naviagent.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
 

Reply

Marsh Posté le 25-06-2005 à 16:36:30    

Re, télécharge  L2Mfix  
http://www.atribune.org/downloads/l2mfix.exe  
ou http://www.downloads.subratam.org/l2mfix.exe:
 
- télécharger sur le bureau et double-cliquer sur le fichier L2Mfix.exe
- cliquer sur le bouton "Install" pour dézipper
---
- ouvrir le dossier L2Mfix créé sur le bureau
- double-cliquer sur L2Mfix.bat et choisir l'option 1 Run Find Log (entrer 1)
- après 1 ou 2 minutes de recherche, il y a ouverture du Bloc-note ; poster le contenu sur le forum.
(ne pas utiliser l'option 2 ni aucun autre fichier du dossier L2Mfix)
--- (examen log... non, log en cas de pb)
- fermer tous les programmes parce qu'il va y avoir reboot automatique
- ouvrir le dossier L2Mfix créé sur le bureau
- double-cliquer sur L2Mfix.bat, choisir l'option 2 Run Fix (entrer 2) et appuyer sur n'importe quelle touche pour redémarrer l'ordinateur
Après redémarrage, le bureau et les icônes vont apparaître puis disparaître, c'est normal !
- L2Mfix va rescanner le disque ; après 1 ou 2 minutes de recherche, ouverture du Bloc-note ; poster le contenu sur le forum en même temps qu'un nouveau rapport HijackThis.
(n'utiliser aucun autre fichier du dossier L2Mfix)


Message édité par stonangel le 25-06-2005 à 16:49:35
Reply

Marsh Posté le 25-06-2005 à 16:47:29    

stonangel a écrit :

Re, télécharge cet utilitaire Silent runners
 
http://www.silentrunners.org/Silent%20Runners.zip
 
Une fois téléchargé, tu le dézippes dans un dossier dédié.
Puis tu double cliques sur ce fichier, il va travailler, patiente jusqu'à l'affichage d'un message.
Un log est généré dans le même dossier, colle le log ici.


"Silent Runners.vbs", revision 38.1, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
 
 
Startup items buried in registry:
---------------------------------
 
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SpybotSD TeaTimer" = "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"]
 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"ccApp" = ""C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"Norton Ghost 9.0" = "C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe" ["Symantec Corporation"]
"Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer" ["Symantec Corporation"]
"UserFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -u" [MS]
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Explorateur de bureau"
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL" [MS]
"{CE000992-A58C-4441-8938-744CD72AB27F}" = "i-Nav IDN Resolver"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll" ["VeriSign, Inc."]
"{CE000994-A58C-4441-8938-744CD72AB27F}" = "i-Nav IDN SearchHook"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll" ["VeriSign, Inc."]
"{135E819E-DD01-479B-B3E1-5E680D7FC43E}" = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\guard.tmp" [null data]
"{AB77609F-2178-4E6F-9C4B-44AC179D937A}" = "a² Context Menu Shell Extension"
  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\A2FREE~1\A2CONT~1.DLL" [null data]
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido\security suite\shellhook.dll" ["TODO: <Firmenname>"]
 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\
INFECTION WARNING! "AppInit_DLLs" = "MsgPlusLoader.dll" ["Patchou"]
 
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! RunOnceEx\DLLName = "C:\WINDOWS\system32\k0nola531d.dll" [null data]
 
 
Active Desktop and Wallpaper:
-----------------------------
 
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
 
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Mlle ZENTE\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"
 
 
Enabled Screen Saver:
---------------------
 
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\ssbezier.scr" [MS]
 
 
Startup items in "Mlle ZENTE" & "All Users" startup folders:
------------------------------------------------------------
 
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
"DSLMON" -> shortcut to: "C:\Program Files\SAGEM\SAGEM F@st800\DSLMON.exe" [empty string]
 
 
Enabled Scheduled Tasks:
------------------------
 
"AF85253D9192D695" -> launches: "c:\progra~1\antireal\amok mfcd kind.exe" [file not found]
"B1AB48AB9068FA1F" -> launches: "c:\progra~1\antireal\amok mfcd kind.exe" [file not found]
"Norton AntiVirus - Analyser mon ordinateur - Mlle ZENTE" -> launches: "C:\PROGRA~1\NORTON~1\NORTON~3\Navw32.exe /task:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]
"Norton SystemWorks One Button Checkup" -> launches: "C:\Program Files\Norton SystemWorks\OBC.exe  /CUSTOM /SCHEDULE /AUTO" ["Symantec Corporation"]
"Spybot - Search & Destroy -  Scheduled Task" -> launches: "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe /AUTOCHECK" ["Safer Networking Limited"]
"Symantec Drmc" -> launches: "C:\Program Files\Fichiers communs\Symantec Shared\SymDrmc.exe  /CUSTOM /SCHEDULE" ["Symantec Corporation"]
"Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]
 
 
Winsock2 Service Provider DLLs:
-------------------------------
 
Namespace Service Providers
 
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
 
Transport Service Providers
 
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
 
 
Toolbars, Explorer Bars, Extensions:
------------------------------------
 
Toolbars
 
HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" [from CLSID]
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
 
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
 
Extensions (Tools menu items, main toolbar menu buttons)
 
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Console Java (Sun)"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll" ["Sun Microsystems, Inc."]
 
{CE000992-A58C-4441-8938-744CD72AB27F}\
"ButtonText" = "Aide i-Nav"
"MenuText" = "Aide i-Nav"
"Exec" = "http://idn.verisign-grs.com/plug-in/support/index.jsp" [file not found]
 
{CE000996-A58C-4441-8938-744CD72AB27F}\
"MenuText" = "Options i-Nav"
"CLSIDExtension" = "{CE000996-A58C-4441-8938-744CD72AB27F}"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll" ["VeriSign, Inc."]
 
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]
 
 
Miscellaneous IE Hijack Points
------------------------------
 
C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings" )
 
Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://freebox.free.fr/
[Strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/"
 
Missing lines (compared with English-language version):
[Strings]: 2 lines
 
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
"{CE000994-A58C-4441-8938-744CD72AB27F}" = "*b" (unwriteable string)
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll" ["VeriSign, Inc."]
 
 
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
 
ADSLAutoconnect, ADSLAutoconnect, ""C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe" -z" [null data]
ewido security suite control, ewido security suite control, "C:\Program Files\ewido\security suite\ewidoctrl.exe" ["ewido networks"]
ewido security suite guard, ewido security suite guard, "C:\Program Files\ewido\security suite\ewidoguard.exe" ["ewido networks"]
GEARSecurity, GEARSecurity, "C:\WINDOWS\System32\GEARSec.exe" ["GEAR Software"]
HTTP SSL, HTTPFilter, "C:\WINDOWS\System32\svchost.exe -k HTTPFilter" {"C:\WINDOWS\System32\w3ssl.dll" [MS]}
Norton AntiVirus Firewall Monitor Service, NPFMntor, ""C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe"" ["Symantec Corporation"]
Norton Ghost, Norton Ghost, "C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe" ["Symantec Corporation"]
Norton Unerase Protection, NProtectService, "C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE" ["Symantec Corporation"]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]
Service Norton AntiVirus Auto-Protect, navapsvc, ""C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"]
Speed Disk service, Speed Disk service, "C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE" ["Symantec Corporation"]
Symantec Core LC, Symantec Core LC, "C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe" ["Symantec Corporation"]
Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
Symantec Network Drivers Service, SNDSrvc, ""C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe"" ["Symantec Corporation"]
Symantec Settings Manager, ccSetMgr, ""C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]
Symantec SPBBCSvc, SPBBCSvc, ""C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe"" ["Symantec Corporation"]
VeriSign Updater, navi, "C:\Program Files\VeriSign\NAVI\naviagent.exe uimode=agentupdate" ["VeriSign, Inc."]
 
 
----------
This report excludes default entries except where indicated.
To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
----------
oilà le résultat :
 
"Silent Runners.vbs", revision 38.1, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
 
 
Startup items buried in registry:
---------------------------------
 
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SpybotSD TeaTimer" = "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"]
 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"ccApp" = ""C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"Norton Ghost 9.0" = "C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe" ["Symantec Corporation"]
"Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer" ["Symantec Corporation"]
"UserFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -u" [MS]
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Explorateur de bureau"
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL" [MS]
"{CE000992-A58C-4441-8938-744CD72AB27F}" = "i-Nav IDN Resolver"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll" ["VeriSign, Inc."]
"{CE000994-A58C-4441-8938-744CD72AB27F}" = "i-Nav IDN SearchHook"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll" ["VeriSign, Inc."]
"{135E819E-DD01-479B-B3E1-5E680D7FC43E}" = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\guard.tmp" [null data]
"{AB77609F-2178-4E6F-9C4B-44AC179D937A}" = "a² Context Menu Shell Extension"
  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\A2FREE~1\A2CONT~1.DLL" [null data]
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido\security suite\shellhook.dll" ["TODO: <Firmenname>"]
 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\
INFECTION WARNING! "AppInit_DLLs" = "MsgPlusLoader.dll" ["Patchou"]
 
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! RunOnceEx\DLLName = "C:\WINDOWS\system32\k0nola531d.dll" [null data]
 
 
Active Desktop and Wallpaper:
-----------------------------
 
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
 
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Mlle ZENTE\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"
 
 
Enabled Screen Saver:
---------------------
 
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\ssbezier.scr" [MS]
 
 
Startup items in "Mlle ZENTE" & "All Users" startup folders:
------------------------------------------------------------
 
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
"DSLMON" -> shortcut to: "C:\Program Files\SAGEM\SAGEM F@st800\DSLMON.exe" [empty string]
 
 
Enabled Scheduled Tasks:
------------------------
 
"AF85253D9192D695" -> launches: "c:\progra~1\antireal\amok mfcd kind.exe" [file not found]
"B1AB48AB9068FA1F" -> launches: "c:\progra~1\antireal\amok mfcd kind.exe" [file not found]
"Norton AntiVirus - Analyser mon ordinateur - Mlle ZENTE" -> launches: "C:\PROGRA~1\NORTON~1\NORTON~3\Navw32.exe /task:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]
"Norton SystemWorks One Button Checkup" -> launches: "C:\Program Files\Norton SystemWorks\OBC.exe  /CUSTOM /SCHEDULE /AUTO" ["Symantec Corporation"]
"Spybot - Search & Destroy -  Scheduled Task" -> launches: "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe /AUTOCHECK" ["Safer Networking Limited"]
"Symantec Drmc" -> launches: "C:\Program Files\Fichiers communs\Symantec Shared\SymDrmc.exe  /CUSTOM /SCHEDULE" ["Symantec Corporation"]
"Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]
 
 
Winsock2 Service Provider DLLs:
-------------------------------
 
Namespace Service Providers
 
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
 
Transport Service Providers
 
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
 
 
Toolbars, Explorer Bars, Extensions:
------------------------------------
 
Toolbars
 
HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" [from CLSID]
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
 
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
 
Extensions (Tools menu items, main toolbar menu buttons)
 
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Console Java (Sun)"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll" ["Sun Microsystems, Inc."]
 
{CE000992-A58C-4441-8938-744CD72AB27F}\
"ButtonText" = "Aide i-Nav"
"MenuText" = "Aide i-Nav"
"Exec" = "http://idn.verisign-grs.com/plug-in/support/index.jsp" [file not found]
 
{CE000996-A58C-4441-8938-744CD72AB27F}\
"MenuText" = "Options i-Nav"
"CLSIDExtension" = "{CE000996-A58C-4441-8938-744CD72AB27F}"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll" ["VeriSign, Inc."]
 
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]
 
 
Miscellaneous IE Hijack Points
------------------------------
 
C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings" )
 
Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://freebox.free.fr/
[Strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/"
 
Missing lines (compared with English-language version):
[Strings]: 2 lines
 
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
"{CE000994-A58C-4441-8938-744CD72AB27F}" = "*b" (unwriteable string)
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll" ["VeriSign, Inc."]
 
 
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
 
ADSLAutoconnect, ADSLAutoconnect, ""C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe" -z" [null data]
ewido security suite control, ewido security suite control, "C:\Program Files\ewido\security suite\ewidoctrl.exe" ["ewido networks"]
ewido security suite guard, ewido security suite guard, "C:\Program Files\ewido\security suite\ewidoguard.exe" ["ewido networks"]
GEARSecurity, GEARSecurity, "C:\WINDOWS\System32\GEARSec.exe" ["GEAR Software"]
HTTP SSL, HTTPFilter, "C:\WINDOWS\System32\svchost.exe -k HTTPFilter" {"C:\WINDOWS\System32\w3ssl.dll" [MS]}
Norton AntiVirus Firewall Monitor Service, NPFMntor, ""C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe"" ["Symantec Corporation"]
Norton Ghost, Norton Ghost, "C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe" ["Symantec Corporation"]
Norton Unerase Protection, NProtectService, "C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE" ["Symantec Corporation"]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]
Service Norton AntiVirus Auto-Protect, navapsvc, ""C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"]
Speed Disk service, Speed Disk service, "C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE" ["Symantec Corporation"]
Symantec Core LC, Symantec Core LC, "C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe" ["Symantec Corporation"]
Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
Symantec Network Drivers Service, SNDSrvc, ""C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe"" ["Symantec Corporation"]
Symantec Settings Manager, ccSetMgr, ""C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]
Symantec SPBBCSvc, SPBBCSvc, ""C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe"" ["Symantec Corporation"]
VeriSign Updater, navi, "C:\Program Files\VeriSign\NAVI\naviagent.exe uimode=agentupdate" ["VeriSign, Inc."]
 
 
----------
This report excludes default entries except where indicated.
To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
----------

Reply

Marsh Posté le 25-06-2005 à 18:11:42    

stonangel a écrit :

Re, télécharge  L2Mfix  
http://www.atribune.org/downloads/l2mfix.exe  
ou http://www.downloads.subratam.org/l2mfix.exe:
 
- télécharger sur le bureau et double-cliquer sur le fichier L2Mfix.exe
- cliquer sur le bouton "Install" pour dézipper
---
- ouvrir le dossier L2Mfix créé sur le bureau
- double-cliquer sur L2Mfix.bat et choisir l'option 1 Run Find Log (entrer 1)
- après 1 ou 2 minutes de recherche, il y a ouverture du Bloc-note ; poster le contenu sur le forum.
(ne pas utiliser l'option 2 ni aucun autre fichier du dossier L2Mfix)
--- (examen log... non, log en cas de pb)
- fermer tous les programmes parce qu'il va y avoir reboot automatique
- ouvrir le dossier L2Mfix créé sur le bureau
- double-cliquer sur L2Mfix.bat, choisir l'option 2 Run Fix (entrer 2) et appuyer sur n'importe quelle touche pour redémarrer l'ordinateur
Après redémarrage, le bureau et les icônes vont apparaître puis disparaître, c'est normal !
- L2Mfix va rescanner le disque ; après 1 ou 2 minutes de recherche, ouverture du Bloc-note ; poster le contenu sur le forum en même temps qu'un nouveau rapport HijackThis.
(n'utiliser aucun autre fichier du dossier L2Mfix)


voilà le 1er contenu mais il m'a annoncé que "le fichier système ne convient pas à l'exécution des applications MS-DOS ou microsoft Windows", j'ai cliqué deux fois sur "ignorer" :
 
L2MFIX find log 1.03
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
  6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Extensions]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\k0nola531d.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
  6c,00,6c,00,00,00
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
 
**********************************************************************************
useragent:
Windows Registry Editor Version 5.00
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{DC73B69A-136F-7B04-9A12-EBCD8C9C563D}"=""
 
**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Explorateur de bureau"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{CE000992-A58C-4441-8938-744CD72AB27F}"="i-Nav IDN Resolver"
"{CE000994-A58C-4441-8938-744CD72AB27F}"="i-Nav IDN SearchHook"
"{809DFDA9-01AC-4A38-8E10-3A57AB0BBDDD}"=""
"{4C35660D-2D7F-43FC-890F-EA8373E08F2F}"=""
"{050AF355-E746-4B32-BD00-AAA4FB5E17E5}"=""
"{135E819E-DD01-479B-B3E1-5E680D7FC43E}"=""
"{279DD381-BF7D-40D9-8E51-3CB0625CF5C7}"=""
"{AB77609F-2178-4E6F-9C4B-44AC179D937A}"="aý Context Menu Shell Extension"
 
**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00
 
[HKEY_CLASSES_ROOT\CLSID\{135E819E-DD01-479B-B3E1-5E680D7FC43E}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{135E819E-DD01-479B-B3E1-5E680D7FC43E}\Implemented Categories]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{135E819E-DD01-479B-B3E1-5E680D7FC43E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{135E819E-DD01-479B-B3E1-5E680D7FC43E}\InprocServer32]
@="C:\\WINDOWS\\system32\\sci_ci.dll"
"ThreadingModel"="Apartment"
 
Windows Registry Editor Version 5.00
 
[HKEY_CLASSES_ROOT\CLSID\{279DD381-BF7D-40D9-8E51-3CB0625CF5C7}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{279DD381-BF7D-40D9-8E51-3CB0625CF5C7}\Implemented Categories]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{279DD381-BF7D-40D9-8E51-3CB0625CF5C7}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
 
[HKEY_CLASSES_ROOT\CLSID\{279DD381-BF7D-40D9-8E51-3CB0625CF5C7}\InprocServer32]
"ThreadingModel"="Apartment"
 
**********************************************************************************
Files Found are not all bad files:
Locate .tmp files:
**********************************************************************************
Directory Listing of system files:
 Le volume dans le lecteur C n'a pas de nom.
 Le num‚ro de s‚rie du volume est 786F-8624
 
 R‚pertoire de C:\WINDOWS\System32
 
25/06/2005  18:05           235ÿ622 guard.tmp
25/06/2005  14:12           235ÿ622 m228lcfu1f28.dll
25/06/2005  10:09           235ÿ926 f40o0ed3eh0.dll
25/06/2005  09:57           235ÿ622 k0nola531d.dll
25/06/2005  09:53           236ÿ288 nuwrseng.dll
22/06/2005  17:13           236ÿ288 j6j6lg1s16.dll
21/06/2005  12:37           236ÿ288 m6nqlg5516.dll
02/06/2005  17:59                 5 AuxDrv32b_g.oxc
28/02/2005  05:31    <REP>          dllcache
18/12/2003  12:50    <REP>          Microsoft
30/09/1999  20:21           166ÿ672 mstext35.dll
28/09/1999  22:42         1ÿ050ÿ896 msjet35.dll
09/09/1999  23:06           168ÿ720 msltus35.dll
09/09/1999  23:06           252ÿ688 msexcl35.dll
25/08/1999  15:57           415ÿ504 msrepl35.dll
10/06/1999  10:34           123ÿ664 msjint35.dll
10/06/1999  10:34            24ÿ848 msjter35.dll
07/06/1999  19:59           250ÿ128 mspdox35.dll
25/04/1999  18:00           287ÿ504 Msxbse35.dll
25/04/1999  18:00           368ÿ912 Vbar332.dll
25/04/1999  18:00           252ÿ176 Msrd2x35.dll
              19 fichier(s)        5ÿ013ÿ373 octets
               2 R‚p(s)  73ÿ209ÿ024ÿ512 octets libres

Reply

Marsh Posté le 25-06-2005 à 18:25:52    

stonangel a écrit :

Re, télécharge  L2Mfix  
http://www.atribune.org/downloads/l2mfix.exe  
ou http://www.downloads.subratam.org/l2mfix.exe:
 
- télécharger sur le bureau et double-cliquer sur le fichier L2Mfix.exe
- cliquer sur le bouton "Install" pour dézipper
---
- ouvrir le dossier L2Mfix créé sur le bureau
- double-cliquer sur L2Mfix.bat et choisir l'option 1 Run Find Log (entrer 1)
- après 1 ou 2 minutes de recherche, il y a ouverture du Bloc-note ; poster le contenu sur le forum.
(ne pas utiliser l'option 2 ni aucun autre fichier du dossier L2Mfix)
--- (examen log... non, log en cas de pb)
- fermer tous les programmes parce qu'il va y avoir reboot automatique
- ouvrir le dossier L2Mfix créé sur le bureau
- double-cliquer sur L2Mfix.bat, choisir l'option 2 Run Fix (entrer 2) et appuyer sur n'importe quelle touche pour redémarrer l'ordinateur
Après redémarrage, le bureau et les icônes vont apparaître puis disparaître, c'est normal !
- L2Mfix va rescanner le disque ; après 1 ou 2 minutes de recherche, ouverture du Bloc-note ; poster le contenu sur le forum en même temps qu'un nouveau rapport HijackThis.
(n'utiliser aucun autre fichier du dossier L2Mfix)


et voici le deuxième bloc notes après reboot :
L2Mfix 1.03
 
Running From:
C:\Documents and Settings\Mlle ZENTE\Bureau\l2mfix\l2mfix
 
 
 
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
 
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI)    ALLOW  Full access  AUTORITE NT\SYSTEM
(IO)    ALLOW  Full access  AUTORITE NT\SYSTEM
(ID-NI) ALLOW  Read         BUILTIN\Utilisateurs
(ID-IO) ALLOW  Read         BUILTIN\Utilisateurs
(ID-NI) ALLOW  Full access  BUILTIN\Administrateurs
(ID-IO) ALLOW  Full access  BUILTIN\Administrateurs
(ID-NI) ALLOW  Full access  AUTORITE NT\SYSTEM
(ID-IO) ALLOW  Full access  AUTORITE NT\SYSTEM
(ID-IO) ALLOW  Full access  CREATEUR PROPRIETAIRE
 
 
 
Setting registry permissions:
 
 
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
 
 
Denying C(CI) access for predefined group "Administrators"
 - adding new ACCESS DENY entry
 
 
Registry Permissions set too:
 
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
 
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(CI)    DENY   --C-------    BUILTIN\Administrateurs
(NI)    ALLOW  Full access  AUTORITE NT\SYSTEM
(IO)    ALLOW  Full access  AUTORITE NT\SYSTEM
(ID-NI) ALLOW  Read         BUILTIN\Utilisateurs
(ID-IO) ALLOW  Read         BUILTIN\Utilisateurs
(ID-NI) ALLOW  Full access  BUILTIN\Administrateurs
(ID-IO) ALLOW  Full access  BUILTIN\Administrateurs
(ID-NI) ALLOW  Full access  AUTORITE NT\SYSTEM
(ID-IO) ALLOW  Full access  AUTORITE NT\SYSTEM
(ID-IO) ALLOW  Full access  CREATEUR PROPRIETAIRE
 
 
 
Setting up for Reboot
 
 
Starting Reboot!
 
C:\Documents and Settings\Mlle ZENTE\Bureau\l2mfix\l2mfix  
System Rebooted!  
 
Running From:
C:\Documents and Settings\Mlle ZENTE\Bureau\l2mfix\l2mfix
 
killing explorer and rundll32.exe  
 
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1512 'explorer.exe'
Killing PID 1512 'explorer.exe'
Killing PID 1512 'explorer.exe'
 
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Error, Cannot find a process with an image name of rundll32.exe
 
Scanning First Pass. Please Wait!
 
First Pass Completed  
 
Second Pass Scanning  
 
Second pass Completed!
Backing Up: C:\WINDOWS\system32\f40o0ed3eh0.dll
        1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\j6j6lg1s16.dll
        1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\m228lcfu1f28.dll
        1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\m6nqlg5516.dll
        1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\nuwrseng.dll
        1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\guard.tmp
        1 fichier(s) copi‚(s).
deleting: C:\WINDOWS\system32\f40o0ed3eh0.dll  
Successfully Deleted: C:\WINDOWS\system32\f40o0ed3eh0.dll
deleting: C:\WINDOWS\system32\j6j6lg1s16.dll  
Successfully Deleted: C:\WINDOWS\system32\j6j6lg1s16.dll
deleting: C:\WINDOWS\system32\m228lcfu1f28.dll  
Successfully Deleted: C:\WINDOWS\system32\m228lcfu1f28.dll
deleting: C:\WINDOWS\system32\m6nqlg5516.dll  
Successfully Deleted: C:\WINDOWS\system32\m6nqlg5516.dll
deleting: C:\WINDOWS\system32\nuwrseng.dll  
Successfully Deleted: C:\WINDOWS\system32\nuwrseng.dll
deleting: C:\WINDOWS\system32\guard.tmp  
Successfully Deleted: C:\WINDOWS\system32\guard.tmp
 
 
Zipping up files for submission:
  adding: f40o0ed3eh0.dll (164 bytes security) (deflated 5%)
  adding: j6j6lg1s16.dll (164 bytes security) (deflated 5%)
  adding: m228lcfu1f28.dll (164 bytes security) (deflated 5%)
  adding: m6nqlg5516.dll (164 bytes security) (deflated 5%)
  adding: nuwrseng.dll (164 bytes security) (deflated 5%)
  adding: guard.tmp (164 bytes security) (deflated 5%)
  adding: clear.reg (164 bytes security) (deflated 55%)
  adding: echo.reg (164 bytes security) (deflated 12%)
  adding: direct.txt (164 bytes security) (deflated 7%)
  adding: lo2.txt (164 bytes security) (deflated 76%)
  adding: readme.txt (164 bytes security) (deflated 49%)
  adding: report.txt (164 bytes security) (deflated 64%)
  adding: test.txt (164 bytes security) (deflated 61%)
  adding: test2.txt (164 bytes security) (deflated 36%)
  adding: test3.txt (164 bytes security) (deflated 36%)
  adding: test5.txt (164 bytes security) (deflated 36%)
  adding: xfind.txt (164 bytes security) (deflated 54%)
  adding: backregs/135E819E-DD01-479B-B3E1-5E680D7FC43E.reg (164 bytes security) (deflated 70%)
  adding: backregs/279DD381-BF7D-40D9-8E51-3CB0625CF5C7.reg (164 bytes security) (deflated 71%)
  adding: backregs/shell.reg (164 bytes security) (deflated 73%)
 
Restoring Registry Permissions:  
 
 
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
 
 
Revoking access for predefined group "Administrators"
Inherited ACE can not be revoked here!
Inherited ACE can not be revoked here!
 
 
Registry permissions set too:
 
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
 
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI)    ALLOW  Full access  AUTORITE NT\SYSTEM
(IO)    ALLOW  Full access  AUTORITE NT\SYSTEM
(NI)    ALLOW  Full access  AUTORITE NT\SYSTEM
(IO)    ALLOW  Full access  AUTORITE NT\SYSTEM
(ID-NI) ALLOW  Read         BUILTIN\Utilisateurs
(ID-IO) ALLOW  Read         BUILTIN\Utilisateurs
(ID-NI) ALLOW  Full access  BUILTIN\Administrateurs
(ID-IO) ALLOW  Full access  BUILTIN\Administrateurs
(ID-NI) ALLOW  Full access  AUTORITE NT\SYSTEM
(ID-IO) ALLOW  Full access  AUTORITE NT\SYSTEM
(ID-IO) ALLOW  Full access  CREATEUR PROPRIETAIRE
 
 
Restoring Sedebugprivilege:
 
 Granting SeDebugPrivilege to Administrators   ... failed (GetAccountSid(Administrators)=1332  
 
deleting local copy: f40o0ed3eh0.dll    
deleting local copy: j6j6lg1s16.dll    
deleting local copy: m228lcfu1f28.dll    
deleting local copy: m6nqlg5516.dll    
deleting local copy: nuwrseng.dll    
deleting local copy: guard.tmp    
 
The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
  6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
  6c,00,6c,00,00,00
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
 
 
The following are the files found:  
****************************************************************************
C:\WINDOWS\system32\f40o0ed3eh0.dll  
C:\WINDOWS\system32\j6j6lg1s16.dll  
C:\WINDOWS\system32\m228lcfu1f28.dll  
C:\WINDOWS\system32\m6nqlg5516.dll  
C:\WINDOWS\system32\nuwrseng.dll  
C:\WINDOWS\system32\guard.tmp  
 
Registry Entries that were Deleted:  
Please verify that the listing looks ok.  
If there was something deleted wrongly there are backups in the backreg folder.  
****************************************************************************
REGEDIT4
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{809DFDA9-01AC-4A38-8E10-3A57AB0BBDDD}"=-
"{4C35660D-2D7F-43FC-890F-EA8373E08F2F}"=-
"{050AF355-E746-4B32-BD00-AAA4FB5E17E5}"=-
"{135E819E-DD01-479B-B3E1-5E680D7FC43E}"=-
"{279DD381-BF7D-40D9-8E51-3CB0625CF5C7}"=-
[-HKEY_CLASSES_ROOT\CLSID\{809DFDA9-01AC-4A38-8E10-3A57AB0BBDDD}]
[-HKEY_CLASSES_ROOT\CLSID\{4C35660D-2D7F-43FC-890F-EA8373E08F2F}]
[-HKEY_CLASSES_ROOT\CLSID\{050AF355-E746-4B32-BD00-AAA4FB5E17E5}]
[-HKEY_CLASSES_ROOT\CLSID\{135E819E-DD01-479B-B3E1-5E680D7FC43E}]
[-HKEY_CLASSES_ROOT\CLSID\{279DD381-BF7D-40D9-8E51-3CB0625CF5C7}]
REGEDIT4
 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:  
****************************************************************************
****************************************************************************


Reply

Marsh Posté le 25-06-2005 à 18:28:08    

stonangel a écrit :

Re, télécharge  L2Mfix  
http://www.atribune.org/downloads/l2mfix.exe  
ou http://www.downloads.subratam.org/l2mfix.exe:
 
- télécharger sur le bureau et double-cliquer sur le fichier L2Mfix.exe
- cliquer sur le bouton "Install" pour dézipper
---
- ouvrir le dossier L2Mfix créé sur le bureau
- double-cliquer sur L2Mfix.bat et choisir l'option 1 Run Find Log (entrer 1)
- après 1 ou 2 minutes de recherche, il y a ouverture du Bloc-note ; poster le contenu sur le forum.
(ne pas utiliser l'option 2 ni aucun autre fichier du dossier L2Mfix)
--- (examen log... non, log en cas de pb)
- fermer tous les programmes parce qu'il va y avoir reboot automatique
- ouvrir le dossier L2Mfix créé sur le bureau
- double-cliquer sur L2Mfix.bat, choisir l'option 2 Run Fix (entrer 2) et appuyer sur n'importe quelle touche pour redémarrer l'ordinateur
Après redémarrage, le bureau et les icônes vont apparaître puis disparaître, c'est normal !
- L2Mfix va rescanner le disque ; après 1 ou 2 minutes de recherche, ouverture du Bloc-note ; poster le contenu sur le forum en même temps qu'un nouveau rapport HijackThis.
(n'utiliser aucun autre fichier du dossier L2Mfix)


et le dernier rapport HJT :
Logfile of HijackThis v1.99.1
Scan saved at 18:26:44, on 25/06/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\VeriSign\NAVI\naviagent.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Hijackthis\HijackThis1991.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://freebox.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://freebox.free.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =  
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =  
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st800\DSLMON.exe
O8 - Extra context menu item: Ouvrir l'image dans &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1036\phdintl.dll/phdContext.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Aide i-Nav - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra 'Tools' menuitem: Aide i-Nav - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra 'Tools' menuitem: Options i-Nav - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://freebox.free.fr/
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f003.mail.caramail.lycos.fr [...] loader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1D761415-3A76-4D5F-B4A2-F9447A091C55}: NameServer = 212.27.54.252 212.27.32.177
O17 - HKLM\System\CS1\Services\Tcpip\..\{1D761415-3A76-4D5F-B4A2-F9447A091C55}: NameServer = 212.27.54.252 212.27.32.177
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: ADSLAutoconnect - Unknown owner - C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe" -z (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: VeriSign Updater (navi) - VeriSign, Inc. - C:\Program Files\VeriSign\NAVI\naviagent.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
 

Reply

Marsh Posté le 25-06-2005 à 18:28:24    

Je regarde ton rapport réponse dans un moment.


Message édité par stonangel le 25-06-2005 à 18:29:25
Reply

Marsh Posté le 25-06-2005 à 18:30:07    

celui que tu as là vient juste d'être fait, mais je peux en refaire un si tu veux

Reply

Marsh Posté le 25-06-2005 à 18:30:07   

Reply

Marsh Posté le 25-06-2005 à 18:36:52    

Re, désactive Tea Timer le temps des corrections, démarre en mode sans échec, assure toi d'avoir accès à tous les fichiers:
 

Citation :

Démarrer, Poste de travail ou autre dossier, Menu Outils, Option des dossiers, onglet Affichage :  
Activer la case : Afficher les fichiers et dossiers cachés
Désactiver la case : Masquer les extensions des fichiers dont le type est connu
Désactiver la case : Masquer les fichiers protégés du système d'exploitation
Puis Appliquer


 
Démarre Hijackthis Do a system scan only, assure toi que la case Make Backups before fixing items est activée et coche les lignes suivantes:
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =  
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =  
O20 - AppInit_DLLs: MsgPlusLoader.dll  
 
Ferme toutes les fenêtres, tous les programmes et clique sur Fix checked
 
Renomme le fichier suivant (dans System32)
 
MsgPlusLoader.dll en MsgPlusLoader-dll.anc(nom tiret extension point anc)
si pas de dysfonctionnement tu pourras le supprimer
 
Recache les fichiers système afin de ne pas faire d'erreur à l'avenir en sélectionnant ne pas afficher les fichiers cachés ou les fichiers système.
 
Redémarre normalement et dis ce qu'il en est.
 

Reply

Marsh Posté le 25-06-2005 à 19:07:45    

bon, tout fonctionne, et il semble que je n'ai plus cette m.... Je croise les doigts lol
Un grand merci pour ta patience et ton aide !!!

Reply

Marsh Posté le 25-06-2005 à 19:15:16    

:jap: Avec plaisir, de toute façon tu peux aussi dans les paramètres avancés développer le fichier Hosts de SSD et éviter à un certain nombre d'url de "s'incruster"
 
Oublié... Vide la quarantaine d'Ewido.


Message édité par stonangel le 25-06-2005 à 19:19:48
Reply

Marsh Posté le 25-06-2005 à 19:28:40    

Les paramètres avancés de kwa, passke ça ça m'intéresse de trouver les hosts ?

Reply

Marsh Posté le 25-06-2005 à 19:36:06    

Ouvre Spybot Search & Destroy> Mode avancé> Outils> Activer fichiers Hosts> Fichier Hosts> Clique sur la croix verte Ajouter liste Hosts SSD

Reply

Marsh Posté le 25-06-2005 à 20:09:57    

oki, encore un grand merci !!!

Reply

Sujets relatifs:

Leave a Replay

Make sure you enter the(*)required information where indicate.HTML code is not allowed