New rapport hijackthis a analyser

[Juli3tte]

Voilà apres avoir suivi les indications de megataupe du mieux que j'ai pu je voudrais que vous analysiez mon rapport apres etre passer par Antivir ! Cependant il y a toujours ces pubs intempestives et ces programmes bizarres que j'arrive pas a supprimer dans mon ajout/suppresion programmes :s !

Merci d'avance

 

f HijackThis v1.99.1

Scan saved at 23:08:53, on 07/04/2006

Platform: Windows 2000 SP3 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe

C:\Program Files\Fichiers communs\Network Associates\McShield\Mcshield.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\system32\stisvc.exe

C:\WINNT\system32\SUSS.EXE

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\Program Files\Network Associates\VirusScan\VsStat.exe

C:\Program Files\Network Associates\VirusScan\Vshwin32.exe

C:\Program Files\Network Associates\VirusScan\Avconsol.exe

C:\WINNT\system32\rundll32.exe

C:\WINNT\Explorer.EXE

C:\program files\tapinfo\tapinfo.exe

C:\Program Files\ZipMail\zmailLN.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE

C:\Program Files\MessengerPlus! 3\MsgPlus.exe

C:\Program Files\a-squared\a2guard.exe

C:\Program Files\Microsoft Office\Office\WINWORD.EXE

C:\WINNT\msagent\AgentSvr.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Hijack This\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://e-toile.edf.fr

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsoft.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://e-toile.edf.fr

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par EDF Gaz de France

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [Tapinfo] "c:\program files\tapinfo\tapinfo.exe"

O4 - HKLM\..\Run: [Notes5.10] C:\Program Files\Notes\params\ParHKLM.exe

O4 - HKLM\..\Run: [VNCServer] "C:\Program Files\ORL\VNC\WinVNC.exe" -ServiceHelper

O4 - HKLM\..\Run: [ZipMail LN System Tray add-on] "C:\Program Files\ZipMail\zmailLN.exe" 033 hidden

O4 - HKLM\..\Run: [zipmail] C:\Program Files\ZipMail\params\ZipMail_Par.exe

O4 - HKLM\..\Run: [PARAMIE6] C:\Program Files\Internet Explorer\IE Install\ParamIE6.exe

O4 - HKLM\..\Run: [GAI Maj User GP421] "C:\Program Files\GP421\GAI\UpdtUsr.cmd"

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE

O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad9.exe

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a-squared\a2guard.exe"

O4 - HKCU\..\Run: [qmkq] C:\PROGRA~1\FICHIE~1\qmkq\qmkqm.exe

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Ouverture de Session.lnk = D:\WINNT\PDT\SCRIPTS\PDTRUN.CMD

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll

O14 - IERESET.INF: START_PAGE_URL=http://e-toile.edf.fr

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835

O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1,0,0,9...pdatePortal.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://jeux.wanadoo.fr/online2/zuma/zylomgamesplayer.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ldf.edfgdf.fr

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ldf.edfgdf.fr

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ldf.edfgdf.fr,edfgdf.fr,edf.fr,gdf.fr

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ldf.edfgdf.fr

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = ldf.edfgdf.fr,edfgdf.fr,edf.fr,gdf.fr

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ldf.edfgdf.fr,edfgdf.fr,edf.fr,gdf.fr

O20 - Winlogon Notify: policies - C:\WINNT\system32\hr2o05f3e.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe

O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

O23 - Service: McShield - Unknown owner - C:\Program Files\Fichiers communs\Network Associates\McShield\Mcshield.exe

O23 - Service: Agent TAP (TAP) - EDF-GDF - C:\PROGRAM FILES\TAP\tap2000.exe

[tornado]

Salut Juliette et bienvenue sur le forum sécu de zeb' ,

 

 

Petite remarque pour commencer :

 

f HijackThis v1.99.1

Scan saved at 23:08:53, on 07/04/2006

Platform: Windows 2000 SP3 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

 

Ton système, n'est pas à jour. Mincrosoft a sorti le sp4 pour Windows 2000 depuis pas mal de temps... tu le mettras en jour quand on aura fini la désinfection

 

 

Sinon, ton log hijackthis montre que tu infecté par différents malwares, donc Look2me, qui nécessite l'utilisation d'un outil spécial pour son éradication :

 

 

Télécharge L2mfix (de Shadowwar) de l'un de ces liens :

http://www.atribune.org/downloads/l2mfix.exe

http://www.downloads.subratam.org/l2mfix.exe

 

Sauvegarde-le sur ton Bureau et double-clique l2mfix.exe. Clique sur le bouton Install pour en extraire le contenu et suis les directives, puis ouvre le nouveau dossier "l2mfix" qui se trouve sur le Bureau. Double-clique l2mfix.bat et choisis l'option #1 pour Run Find Log en tapant 1 et ensuite Entrée. Le scan débutera sans générer d'indications, puis, après une minute ou deux, un fichier texte apparaîtra. Copie/colle le contenu de ce rapport ("report.txt") dans ta prochaine réponse.

 

IMPORTANT : NE PAS lancer l'option #2 OU autres fichiers situés dans le dossier "l2mfix" sans l'avis d'un conseiller !

 

Par contre, si une erreur s'affiche en lançant l'option #1, similaire à ceci : ''C:\windows\system32\cmd.exe

C:\windows\system32\autoexec.nt the system file is not suitable for running ms-dos and microsoft windows applications. Choose close to terminate the application.."...alors utilise l'option #5 ou le lien web fourni dans le dossier "l2mfix" afin de résoudre cette erreur. Ne pas lancer d'autres options avant d'avoir réglé ce pépin.

 

 

 

 

Bonne chance

 

 

PS: Serait-ce le pc de ton boulot ?

[Juli3tte]

Salut Juliette et bienvenue sur le forum sécu de zeb' ,

Petite remarque pour commencer :

Ton système, n'est pas à jour. Mincrosoft a sorti le sp4 pour Windows 2000 depuis pas mal de temps... tu le mettras en jour quand on aura fini la désinfection

Sinon, ton log hijackthis montre que tu infecté par différents malwares, donc Look2me, qui nécessite l'utilisation d'un outil spécial pour son éradication :

Télécharge L2mfix (de Shadowwar) de l'un de ces liens :

http://www.atribune.org/downloads/l2mfix.exe

http://www.downloads.subratam.org/l2mfix.exe

 

Sauvegarde-le sur ton Bureau et double-clique l2mfix.exe. Clique sur le bouton Install pour en extraire le contenu et suis les directives, puis ouvre le nouveau dossier "l2mfix" qui se trouve sur le Bureau. Double-clique l2mfix.bat et choisis l'option #1 pour Run Find Log en tapant 1 et ensuite Entrée. Le scan débutera sans générer d'indications, puis, après une minute ou deux, un fichier texte apparaîtra. Copie/colle le contenu de ce rapport ("report.txt") dans ta prochaine réponse.

 

IMPORTANT : NE PAS lancer l'option #2 OU autres fichiers situés dans le dossier "l2mfix" sans l'avis d'un conseiller !

 

Par contre, si une erreur s'affiche en lançant l'option #1, similaire à ceci : ''C:\windows\system32\cmd.exe

C:\windows\system32\autoexec.nt the system file is not suitable for running ms-dos and microsoft windows applications. Choose close to terminate the application.."...alors utilise l'option #5 ou le lien web fourni dans le dossier "l2mfix" afin de résoudre cette erreur. Ne pas lancer d'autres options avant d'avoir réglé ce pépin.

Bonne chance

PS: Serait-ce le pc de ton boulot ?

 

Ok ok je vais essayer tout ça x)! Non un pc de mon boulot mais il est chez moi XD c'est mon frère qui me l'a ramener donc voilà ^^ !

 

Merci d'avance, bonne soirée

[Juli3tte]

Euh j'ai fait le scan mais il est disont tres long donc voilà

 

L2MFIX find log 032106

These are the registry keys present

**********************************************************************************

Winlogon/notify:

Windows Registry Editor Version 5.00

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

"Asynchronous"=dword:00000000

"DllName"=""

"Impersonate"=dword:00000000

"Logon"="WinLogon"

"Logoff"="WinLogoff"

"Shutdown"="WinShutdown"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\policies]

"Asynchronous"=dword:00000000

"DllName"="C:\\WINNT\\system32\\hr2o05f3e.dll"

"Impersonate"=dword:00000000

"Logon"="WinLogon"

"Logoff"="WinLogoff"

"Shutdown"="WinShutdown"

 

**********************************************************************************

useragent:

Windows Registry Editor Version 5.00

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

"{5AA71117-5F22-E5A7-F949-384FAEA07848}"=""

 

**********************************************************************************

Shell Extension key:

Windows Registry Editor Version 5.00

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

"{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"

"{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"

"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"

"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"

"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'interpr‚teur de commandes pour le partage"

"{41E300E0-78B6-11ce-849B-444553540000}"="Extension du Panneau de configuration PlusPack"

"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"

"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage ?cran du Panneau de configuration"

"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"

"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"

"{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'interpr‚teur de commandes"

"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"

"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'interpr‚teur de commandes pour les objets Microsoft Windows Network"

"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"

"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"

"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'interpr‚teur de commandes pour la compression de fichiers"

"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension du shell d'imprimante Web"

"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"

"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"

"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"

"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"

"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"

"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"

"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"

"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'interpr‚teur de commandes pour le partage"

"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"

"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extension de l'interpr‚teur de commande pour Windows Script Host"

"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"

"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"

"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau et accŠs … distance"

"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"

"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"

"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"

"{1A9BA3A0-143A-11CF-8350-444553540000}"="Dossier favori du shell"

"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"="Poste de travail"

"{86747AC0-42A0-1069-A2E6-08002B30309D}"="Porte-documents"

"{0AFACED1-E828-11D1-9187-B532F1E9575D}"="Raccourci vers le dossier"

"{12518493-00B2-11d2-9FA5-9E3420524153}"="Volume mont‚"

"{21B22460-3AEA-1069-A2DC-08002B30309D}"="Extension de la page de propri‚t‚s des fichiers"

"{B091E540-83E3-11CF-A713-0020AFD79762}"="Page des types de fichiers"

"{FBF23B41-E3F0-101B-8488-00AA003E56F8}"="Gestionnaire des types de fichiers MIME"

"{C2FBB630-2971-11d1-A18C-00C04FD75D13}"="Service Copier vers Microsoft"

"{C2FBB631-2971-11d1-A18C-00C04FD75D13}"="Service D‚placer vers Microsoft"

"{13709620-C279-11CE-A49E-444553540000}"="Service d'automatisation de l'interface"

"{62112AA1-EBE4-11cf-A5FB-0020AFE7292D}"="Shell Automation Folder View"

"{4622AD11-FF23-11d0-8D34-00A0C90F2719}"="Menu D‚marrer"

"{7BA4C740-9E81-11CF-99D3-00AA004AE837}"="Service SendTo Microsoft"

"{D969A300-E7FF-11d0-A93B-00A0C90F2719}"="Service Nouvel objet Microsoft"

"{09799AFB-AD67-11d1-ABCD-00C04FC30936}"="Ouvrir avec le gestionnaire de menu contextuel"

"{3FC0B520-68A9-11D0-8D77-00C04FD70822}"="Afficher les extensions HTML du Panneau de configuration"

"{75048700-EF1F-11D0-9888-006097DEACF9}"="ActiveDesktop"

"{6D5313C0-8C62-11D1-B2CD-006097DF8C11}"="Extension de la page de propri‚t‚s des options des dossiers"

"{57651662-CE3E-11D0-8D77-00C04FC99D61}"="CmdFileIcon"

"{4657278A-411B-11d2-839A-00C04FD918D0}"="Application d'aide du systŠme pour le glisser-d‚placer"

"{A470F8CF-A1E8-4f65-8335-227475AA5C46}"="Ajouter l'‚l‚ment de cryptage dans les menus contextuels de l'Explorateur"

"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"

"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="?tat du t‚l‚chargement"

"{568804CA-CBD7-11d0-9816-00C04FD91972}"="Menu Dossier Bureau"

"{5b4dae26-b807-11d0-9815-00c04fd91972}"="Bande de menus"

"{8278F931-2A3E-11d2-838F-00C04FD918D0}"="Suivi du menu Shell"

"{E13EF4E4-D2F2-11d0-9816-00C04FD91972}"="Menu Site"

"{ECD4FC4F-521C-11D0-B792-00A0C90312E1}"="Menu Barre du Bureau"

"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"

"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"

"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"

"{D82BE2B0-5764-11D0-A96E-00C04FD705A2}"="IShellFolderBand"

"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"

"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"

"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"

"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"

"{0E5CBF21-D15F-11d0-8301-00AA005B4383}"="&Liens"

"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"

"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"

"{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"

"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"

"{7487cd30-f71a-11d0-9ea7-00805f714772}"="Image miniature"

"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"

"{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"

"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"

"{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"

"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"

"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"

"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"

"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"

"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"

"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"

"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"

"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"

"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"

"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"

"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"

"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"

"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"

"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"

"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"

"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"

"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"

"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"

"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"

"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"

"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"

"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"

"{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"

"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"

"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"

"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"

"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"

"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"

"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"

"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"

"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"

"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"

"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"

"{8BEBB290-52D0-11D0-B7F4-00C04FD706EC}"="Miniatures"

"{EAB841A0-9550-11CF-8C16-00805F1408F3}"="Extracteur de miniatures HTML"

"{1AEB1360-5AFC-11D0-B806-00C04FD706EC}"="Extracteur de miniatures des filtres graphiques Office"

"{9DBD2C50-62AD-11D0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"

"{500202A0-731E-11D0-B829-00C04FD706EC}"="LNK file thumbnail interface delegator"

"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'application du shell"

"{0B124F8C-91F0-11D1-B8B5-006008059382}"="?num‚rateur d'applications install‚es"

"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"

"{fe1290f0-cfbd-11cf-a330-00aa00c16e65}"="Directory Namespace"

"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"

"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"

"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"

"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"

"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"

"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"

"{450D8FBA-AD25-11D0-98A8-0800361B1103}"="MyDocs Folder"

"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"

"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"

"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"

"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Menu Fichiers hors connexion"

"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Options du dossier Fichiers hors connexion"

"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"

"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"

"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"

"{E0D79304-84BE-11CE-9641-444553540000}"="WinZip"

"{E0D79305-84BE-11CE-9641-444553540000}"="WinZip"

"{E0D79306-84BE-11CE-9641-444553540000}"="WinZip"

"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"

"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"

"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"

"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"

"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses"

"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"

"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"

"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"

"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"

"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"

"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"

"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"

"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"

"{32714800-2E5F-11d0-8B85-00AA0044F941}"=""

"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"

"{18BC77C2-179E-4BC4-8F9F-820A4DA801AA}"=""

"{A4B17818-D4C4-4E1B-99A9-57CD98F8AA35}"=""

"{AB77609F-2178-4E6F-9C4B-44AC179D937A}"="aý Context Menu Shell Extension"

"{6DE1F0A3-95CD-44DD-A4A9-1497010E1572}"=""

"{4B9EAF8A-155B-44E6-9149-08432CB91D92}"=""

"{5527D986-15D7-476A-9BE5-7281282FF795}"=""

"{27CC2315-BB23-498D-B9C0-A55C86B504D7}"=""

"{96C6C45C-EFB6-4EAC-880C-AD89929157BC}"=""

"{146488DA-C31E-4DA8-8DB1-A627D56ED5B6}"=""

"{CE55D5D7-29B4-4370-BEBC-157650483A3D}"=""

"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"="Shell Extension for Malware scanning"

"{DB4C77A2-315A-4F54-B4A1-3BAB40DE83BE}"=""

"{ED10DCC2-8D23-4A40-A140-BCA76DC6490C}"=""

"{FC2BFECE-BEDD-4553-9D7D-C4BD605D6478}"=""

"{AEEEFCE1-6349-498A-8D37-AB4628A026B6}"=""

 

**********************************************************************************

HKEY ROOT CLASSIDS:

Windows Registry Editor Version 5.00

 

[HKEY_CLASSES_ROOT\CLSID\{32714800-2E5F-11d0-8B85-00AA0044F941}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{32714800-2E5F-11d0-8B85-00AA0044F941}\InProcServer32]

@="C:\\Program Files\\Outlook Express\\wabfind.dll"

"ThreadingModel"="Apartment"

 

Windows Registry Editor Version 5.00

 

[HKEY_CLASSES_ROOT\CLSID\{6DE1F0A3-95CD-44DD-A4A9-1497010E1572}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{6DE1F0A3-95CD-44DD-A4A9-1497010E1572}\Implemented Categories]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{6DE1F0A3-95CD-44DD-A4A9-1497010E1572}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{6DE1F0A3-95CD-44DD-A4A9-1497010E1572}\InprocServer32]

@="C:\\WINNT\\system32\\guard.tmp"

"ThreadingModel"="Apartment"

 

Windows Registry Editor Version 5.00

 

[HKEY_CLASSES_ROOT\CLSID\{4B9EAF8A-155B-44E6-9149-08432CB91D92}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{4B9EAF8A-155B-44E6-9149-08432CB91D92}\Implemented Categories]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{4B9EAF8A-155B-44E6-9149-08432CB91D92}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{4B9EAF8A-155B-44E6-9149-08432CB91D92}\InprocServer32]

@="C:\\WINNT\\system32\\bc549.dll"

"ThreadingModel"="Apartment"

 

Windows Registry Editor Version 5.00

 

[HKEY_CLASSES_ROOT\CLSID\{27CC2315-BB23-498D-B9C0-A55C86B504D7}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{27CC2315-BB23-498D-B9C0-A55C86B504D7}\Implemented Categories]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{27CC2315-BB23-498D-B9C0-A55C86B504D7}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{27CC2315-BB23-498D-B9C0-A55C86B504D7}\InprocServer32]

@="C:\\WINNT\\system32\\amtxprxy.dll"

"ThreadingModel"="Apartment"

 

Windows Registry Editor Version 5.00

 

[HKEY_CLASSES_ROOT\CLSID\{96C6C45C-EFB6-4EAC-880C-AD89929157BC}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{96C6C45C-EFB6-4EAC-880C-AD89929157BC}\Implemented Categories]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{96C6C45C-EFB6-4EAC-880C-AD89929157BC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{96C6C45C-EFB6-4EAC-880C-AD89929157BC}\InprocServer32]

@="C:\\WINNT\\system32\\guard.tmp"

"ThreadingModel"="Apartment"

 

Windows Registry Editor Version 5.00

 

[HKEY_CLASSES_ROOT\CLSID\{146488DA-C31E-4DA8-8DB1-A627D56ED5B6}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{146488DA-C31E-4DA8-8DB1-A627D56ED5B6}\Implemented Categories]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{146488DA-C31E-4DA8-8DB1-A627D56ED5B6}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{146488DA-C31E-4DA8-8DB1-A627D56ED5B6}\InprocServer32]

@="C:\\WINNT\\system32\\KHDCA.DLL"

"ThreadingModel"="Apartment"

 

Windows Registry Editor Version 5.00

 

[HKEY_CLASSES_ROOT\CLSID\{CE55D5D7-29B4-4370-BEBC-157650483A3D}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{CE55D5D7-29B4-4370-BEBC-157650483A3D}\Implemented Categories]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{CE55D5D7-29B4-4370-BEBC-157650483A3D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{CE55D5D7-29B4-4370-BEBC-157650483A3D}\InprocServer32]

@="C:\\WINNT\\system32\\smi_ci.dll"

"ThreadingModel"="Apartment"

 

Windows Registry Editor Version 5.00

 

[HKEY_CLASSES_ROOT\CLSID\{DB4C77A2-315A-4F54-B4A1-3BAB40DE83BE}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{DB4C77A2-315A-4F54-B4A1-3BAB40DE83BE}\Implemented Categories]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{DB4C77A2-315A-4F54-B4A1-3BAB40DE83BE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{DB4C77A2-315A-4F54-B4A1-3BAB40DE83BE}\InprocServer32]

@="C:\\WINNT\\system32\\NKERROR.DLL"

"ThreadingModel"="Apartment"

 

Windows Registry Editor Version 5.00

 

[HKEY_CLASSES_ROOT\CLSID\{ED10DCC2-8D23-4A40-A140-BCA76DC6490C}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{ED10DCC2-8D23-4A40-A140-BCA76DC6490C}\Implemented Categories]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{ED10DCC2-8D23-4A40-A140-BCA76DC6490C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{ED10DCC2-8D23-4A40-A140-BCA76DC6490C}\InprocServer32]

@="C:\\WINNT\\system32\\guard.tmp"

"ThreadingModel"="Apartment"

 

Windows Registry Editor Version 5.00

 

[HKEY_CLASSES_ROOT\CLSID\{FC2BFECE-BEDD-4553-9D7D-C4BD605D6478}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{FC2BFECE-BEDD-4553-9D7D-C4BD605D6478}\Implemented Categories]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{FC2BFECE-BEDD-4553-9D7D-C4BD605D6478}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{FC2BFECE-BEDD-4553-9D7D-C4BD605D6478}\InprocServer32]

@="C:\\WINNT\\system32\\MLJINT35.DLL"

"ThreadingModel"="Apartment"

 

Windows Registry Editor Version 5.00

 

[HKEY_CLASSES_ROOT\CLSID\{AEEEFCE1-6349-498A-8D37-AB4628A026B6}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{AEEEFCE1-6349-498A-8D37-AB4628A026B6}\Implemented Categories]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{AEEEFCE1-6349-498A-8D37-AB4628A026B6}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{AEEEFCE1-6349-498A-8D37-AB4628A026B6}\InprocServer32]

@="C:\\WINNT\\system32\\guard.tmp"

"ThreadingModel"="Apartment"

 

**********************************************************************************

Files Found are not all bad files:

 

C:\WINNT\SYSTEM32\

cdral.dll Fri 24 Feb 2006 23:44:38 A.... 45 056 44,00 K

cdrtc.dll Fri 24 Feb 2006 23:44:38 A.... 49 152 48,00 K

en82l1~1.dll Fri 7 Apr 2006 10:05:38 ..S.R 236 224 230,69 K

gdu32.dll Fri 7 Apr 2006 10:09:40 ..S.R 236 224 230,69 K

hr2o05~1.dll Fri 7 Apr 2006 13:29:08 ..S.R 236 224 230,69 K

jycript.dll Fri 7 Apr 2006 9:53:36 ..S.R 236 224 230,69 K

khdca.dll Sun 2 Apr 2006 22:03:16 ..S.R 236 224 230,69 K

legitc~1.dll Tue 14 Feb 2006 10:20:14 A.... 550 120 537,23 K

lvpu09~1.dll Thu 6 Apr 2006 17:35:08 ..S.R 236 235 230,70 K

mljint35.dll Fri 7 Apr 2006 23:01:40 ..S.R 236 224 230,69 K

mndart32.dll Fri 7 Apr 2006 13:28:08 ..S.R 236 224 230,69 K

msc42.dll Thu 6 Apr 2006 17:37:36 ..S.R 234 272 228,78 K

mvj8l9~1.dll Fri 7 Apr 2006 22:59:14 ..S.R 234 012 228,53 K

nkerror.dll Thu 6 Apr 2006 18:42:00 A.... 236 224 230,69 K

qt-dx331.dll Sat 21 Jan 2006 0:46:12 A.... 3 596 288 3,43 M

smlscr.dll Thu 6 Apr 2006 17:34:06 ..S.R 236 235 230,70 K

 

16 items found: 16 files (11 H/S), 0 directories.

Total of file sizes: 7 071 162 bytes 6,74 M

Locate .tmp files:

 

No matches found.

**********************************************************************************

Directory Listing of system files:

Le volume dans le lecteur C s'appelle SYSTEM

Le num‚ro de s‚rie du volume est D001-2062

 

R‚pertoire de C:\WINNT\System32

 

07/04/2006 23:01 236ÿ224 MLJINT35.DLL

07/04/2006 22:59 234ÿ012 mvj8l91u1.dll

07/04/2006 13:29 236ÿ224 hr2o05f3e.dll

07/04/2006 13:28 236ÿ224 mndart32.dll

07/04/2006 10:09 236ÿ224 gdu32.dll

07/04/2006 10:05 236ÿ224 en82l1lo1.dll

07/04/2006 09:53 236ÿ224 jycript.dll

06/04/2006 17:37 234ÿ272 msc42.dll

06/04/2006 17:35 236ÿ235 lvpu0979e.dll

06/04/2006 17:34 236ÿ235 SmlScr.dll

02/04/2006 22:03 236ÿ224 KHDCA.DLL

28/03/2006 12:45 <DIR> dllcache

11 fichier(s) 2ÿ594ÿ322 octets

1 R‚p(s) 21ÿ866ÿ012ÿ160 octets libres

[tornado]

Re,

 

 

C'est normal qu'il soit "long"...

 

Maintenant, tu peux passer à l'option 2 du fix, pour supprimer les fichiers liés à l'infection:

 

 

Ferme toutes les applications en cours, car cette étape nécessite un redémarrage.

 

Du dossier l2mfix situé sur ton Bureau, double-clique l2mfix.bat et choisis l'option #2 pour Run Fix en tapant 2 et ensuite "Entrée". Les icônes du Bureau vont disparaître (tout à fait normal). L2mfix poursuivra le scan et lorsque terminé, il sera prêt à redémarrer le PC. Appuie sur n'importe quelle touche pour redémarrer. Après le redémarrage, un fichier texte devrait apparaître. Copie/colle le contenu de ce rapport dans ta prochaine réponse, et poste un nouveau rapport HijackThis! également.

 

IMPORTANT: NE PAS lancer d'autres fichiers situés dans le dossier "l2mfix" sans l'avis d'un conseiller ! Ne pas lancer cet outil en mode Sans Échec !!

**Si le fichier texte (rapport) n'apparaît pas au redémarrage, double-clique sur le fichier texte ("log.txt") situé dans le dossier "l2mfix".

 

 

 

 

A+

[Juli3tte]

VOICI MON RAPPORT L2MFIX ::

 

L2mfix 032106

Creating Account.

La commande s'est termin‚e correctement.

 

 

Adding Administrative privleges.

Checking for L2MFix account(0=no 1=yes):

1

Granting SeDebugPrivilege to L2MFIX ... successful

 

Running From:

C:\WINNT\system32

 

Killing Processes!

 

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03

Copyright© 2002-2003 Craig.Peacock@beyondlogic.org

Killing PID 152 'smss.exe'

 

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03

Copyright© 2002-2003 Craig.Peacock@beyondlogic.org

Killing PID 176 'winlogon.exe'

Killing PID 176 'winlogon.exe'

Error 0x5 : Accès refusé.

 

 

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03

Copyright© 2002-2003 Craig.Peacock@beyondlogic.org

Killing PID 1140 'explorer.exe'

Killing PID 1140 'explorer.exe'

Error 0x5 : Accès refusé.

 

 

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03

Copyright© 2002-2003 Craig.Peacock@beyondlogic.org

Killing PID 1300 'rundll32.exe'

Killing PID 1300 'rundll32.exe'

Error 0x5 : Accès refusé.

 

Restoring Sedebugprivilege:

Granting SeDebugPrivilege to Administrateurs ... successful

 

Scanning First Pass. Please Wait!

 

First Pass Completed

 

Second Pass Scanning

 

Second pass Completed!

1 fichier(s) copi‚(s).

1 fichier(s) copi‚(s).

1 fichier(s) copi‚(s).

1 fichier(s) copi‚(s).

1 fichier(s) copi‚(s).

1 fichier(s) copi‚(s).

1 fichier(s) copi‚(s).

1 fichier(s) copi‚(s).

1 fichier(s) copi‚(s).

1 fichier(s) copi‚(s).

1 fichier(s) copi‚(s).

1 fichier(s) copi‚(s).

1 fichier(s) copi‚(s).

Deleting: C:\WINNT\system32\cTbinet.dll

Successfully Deleted: C:\WINNT\system32\cTbinet.dll

Deleting: C:\WINNT\system32\en82l1lo1.dll

Successfully Deleted: C:\WINNT\system32\en82l1lo1.dll

Deleting: C:\WINNT\system32\gdu32.dll

Successfully Deleted: C:\WINNT\system32\gdu32.dll

Deleting: C:\WINNT\system32\jycript.dll

Successfully Deleted: C:\WINNT\system32\jycript.dll

Deleting: C:\WINNT\system32\KHDCA.DLL

Successfully Deleted: C:\WINNT\system32\KHDCA.DLL

Deleting: C:\WINNT\system32\l60ulgd9160.dll

Successfully Deleted: C:\WINNT\system32\l60ulgd9160.dll

Deleting: C:\WINNT\system32\lvpu0979e.dll

Successfully Deleted: C:\WINNT\system32\lvpu0979e.dll

Deleting: C:\WINNT\system32\mndart32.dll

Successfully Deleted: C:\WINNT\system32\mndart32.dll

Deleting: C:\WINNT\system32\msc42.dll

Successfully Deleted: C:\WINNT\system32\msc42.dll

Deleting: C:\WINNT\system32\mvj8l91u1.dll

Successfully Deleted: C:\WINNT\system32\mvj8l91u1.dll

Deleting: C:\WINNT\system32\NKERROR.DLL

Successfully Deleted: C:\WINNT\system32\NKERROR.DLL

Deleting: C:\WINNT\system32\SmlScr.dll

Successfully Deleted: C:\WINNT\system32\SmlScr.dll

Deleting: C:\WINNT\system32\guard.tmp

Successfully Deleted: C:\WINNT\system32\guard.tmp

 

msg11?.dll

0 fichier(s) copi‚(s).

Desktop.ini sucessfully removed

 

 

 

 

Restoring Windows Update Certificates.:

 

The following Is the Current Export of the Winlogon notify key:

****************************************************************************

Windows Registry Editor Version 5.00

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]

"Asynchronous"=dword:00000000

"Impersonate"=dword:00000000

"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\

6c,00,00,00

"Logoff"="ChainWlxLogoffEvent"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]

"Asynchronous"=dword:00000000

"Impersonate"=dword:00000000

"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\

6c,00,6c,00,00,00

"Logoff"="CryptnetWlxLogoffEvent"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]

"DLLName"="cscdll.dll"

"Logon"="WinlogonLogonEvent"

"Logoff"="WinlogonLogoffEvent"

"ScreenSaver"="WinlogonScreenSaverEvent"

"Startup"="WinlogonStartupEvent"

"Shutdown"="WinlogonShutdownEvent"

"StartShell"="WinlogonStartShellEvent"

"Impersonate"=dword:00000000

"Asynchronous"=dword:00000001

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ExtShellViews]

"Asynchronous"=dword:00000000

"DllName"="C:\\WINNT\\system32\\mvj8l91u1.dll"

"Impersonate"=dword:00000000

"Logon"="WinLogon"

"Logoff"="WinLogoff"

"Shutdown"="WinShutdown"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]

"Logoff"="WLEventLogoff"

"Impersonate"=dword:00000000

"Asynchronous"=dword:00000001

"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\

6c,00,6c,00,00,00

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]

"DLLName"="WlNotify.dll"

"Lock"="SensLockEvent"

"Logon"="SensLogonEvent"

"Logoff"="SensLogoffEvent"

"Safe"=dword:00000001

"MaxWait"=dword:00000258

"StartScreenSaver"="SensStartScreenSaverEvent"

"StopScreenSaver"="SensStopScreenSaverEvent"

"Startup"="SensStartupEvent"

"Shutdown"="SensShutdownEvent"

"StartShell"="SensStartShellEvent"

"Unlock"="SensUnlockEvent"

"Impersonate"=dword:00000001

"Asynchronous"=dword:00000001

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]

"DLLName"="wzcdlg.dll"

"Logon"="WZCEventLogon"

"Logoff"="WZCEventLogoff"

"Impersonate"=dword:00000000

"Asynchronous"=dword:00000000

 

 

The following are the files found:

****************************************************************************

C:\WINNT\system32\cTbinet.dll

C:\WINNT\system32\en82l1lo1.dll

C:\WINNT\system32\gdu32.dll

C:\WINNT\system32\jycript.dll

C:\WINNT\system32\KHDCA.DLL

C:\WINNT\system32\l60ulgd9160.dll

C:\WINNT\system32\lvpu0979e.dll

C:\WINNT\system32\mndart32.dll

C:\WINNT\system32\msc42.dll

C:\WINNT\system32\mvj8l91u1.dll

C:\WINNT\system32\NKERROR.DLL

C:\WINNT\system32\SmlScr.dll

C:\WINNT\system32\guard.tmp

 

Registry Entries that were Deleted:

Please verify that the listing looks ok.

If there was something deleted wrongly there are backups in the backreg folder.

****************************************************************************

Windows Registry Editor Version 5.00

 

[HKEY_CLASSES_ROOT\CLSID\{32714800-2E5F-11d0-8B85-00AA0044F941}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{32714800-2E5F-11d0-8B85-00AA0044F941}\InProcServer32]

@="C:\\Program Files\\Outlook Express\\wabfind.dll"

"ThreadingModel"="Apartment"

 

Windows Registry Editor Version 5.00

 

[HKEY_CLASSES_ROOT\CLSID\{6DE1F0A3-95CD-44DD-A4A9-1497010E1572}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{6DE1F0A3-95CD-44DD-A4A9-1497010E1572}\Implemented Categories]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{6DE1F0A3-95CD-44DD-A4A9-1497010E1572}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{6DE1F0A3-95CD-44DD-A4A9-1497010E1572}\InprocServer32]

@="C:\\WINNT\\system32\\guard.tmp"

"ThreadingModel"="Apartment"

 

Windows Registry Editor Version 5.00

 

[HKEY_CLASSES_ROOT\CLSID\{4B9EAF8A-155B-44E6-9149-08432CB91D92}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{4B9EAF8A-155B-44E6-9149-08432CB91D92}\Implemented Categories]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{4B9EAF8A-155B-44E6-9149-08432CB91D92}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{4B9EAF8A-155B-44E6-9149-08432CB91D92}\InprocServer32]

@="C:\\WINNT\\system32\\bc549.dll"

"ThreadingModel"="Apartment"

 

Windows Registry Editor Version 5.00

 

[HKEY_CLASSES_ROOT\CLSID\{27CC2315-BB23-498D-B9C0-A55C86B504D7}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{27CC2315-BB23-498D-B9C0-A55C86B504D7}\Implemented Categories]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{27CC2315-BB23-498D-B9C0-A55C86B504D7}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{27CC2315-BB23-498D-B9C0-A55C86B504D7}\InprocServer32]

@="C:\\WINNT\\system32\\amtxprxy.dll"

"ThreadingModel"="Apartment"

 

Windows Registry Editor Version 5.00

 

[HKEY_CLASSES_ROOT\CLSID\{96C6C45C-EFB6-4EAC-880C-AD89929157BC}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{96C6C45C-EFB6-4EAC-880C-AD89929157BC}\Implemented Categories]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{96C6C45C-EFB6-4EAC-880C-AD89929157BC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{96C6C45C-EFB6-4EAC-880C-AD89929157BC}\InprocServer32]

@="C:\\WINNT\\system32\\guard.tmp"

"ThreadingModel"="Apartment"

 

Windows Registry Editor Version 5.00

 

[HKEY_CLASSES_ROOT\CLSID\{146488DA-C31E-4DA8-8DB1-A627D56ED5B6}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{146488DA-C31E-4DA8-8DB1-A627D56ED5B6}\Implemented Categories]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{146488DA-C31E-4DA8-8DB1-A627D56ED5B6}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{146488DA-C31E-4DA8-8DB1-A627D56ED5B6}\InprocServer32]

@="C:\\WINNT\\system32\\KHDCA.DLL"

"ThreadingModel"="Apartment"

 

Windows Registry Editor Version 5.00

 

[HKEY_CLASSES_ROOT\CLSID\{CE55D5D7-29B4-4370-BEBC-157650483A3D}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{CE55D5D7-29B4-4370-BEBC-157650483A3D}\Implemented Categories]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{CE55D5D7-29B4-4370-BEBC-157650483A3D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{CE55D5D7-29B4-4370-BEBC-157650483A3D}\InprocServer32]

@="C:\\WINNT\\system32\\smi_ci.dll"

"ThreadingModel"="Apartment"

 

Windows Registry Editor Version 5.00

 

[HKEY_CLASSES_ROOT\CLSID\{DB4C77A2-315A-4F54-B4A1-3BAB40DE83BE}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{DB4C77A2-315A-4F54-B4A1-3BAB40DE83BE}\Implemented Categories]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{DB4C77A2-315A-4F54-B4A1-3BAB40DE83BE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{DB4C77A2-315A-4F54-B4A1-3BAB40DE83BE}\InprocServer32]

@="C:\\WINNT\\system32\\NKERROR.DLL"

"ThreadingModel"="Apartment"

 

Windows Registry Editor Version 5.00

 

[HKEY_CLASSES_ROOT\CLSID\{ED10DCC2-8D23-4A40-A140-BCA76DC6490C}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{ED10DCC2-8D23-4A40-A140-BCA76DC6490C}\Implemented Categories]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{ED10DCC2-8D23-4A40-A140-BCA76DC6490C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{ED10DCC2-8D23-4A40-A140-BCA76DC6490C}\InprocServer32]

@="C:\\WINNT\\system32\\guard.tmp"

"ThreadingModel"="Apartment"

 

Windows Registry Editor Version 5.00

 

[HKEY_CLASSES_ROOT\CLSID\{FC2BFECE-BEDD-4553-9D7D-C4BD605D6478}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{FC2BFECE-BEDD-4553-9D7D-C4BD605D6478}\Implemented Categories]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{FC2BFECE-BEDD-4553-9D7D-C4BD605D6478}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{FC2BFECE-BEDD-4553-9D7D-C4BD605D6478}\InprocServer32]

@="C:\\WINNT\\system32\\cTbinet.dll"

"ThreadingModel"="Apartment"

 

Windows Registry Editor Version 5.00

 

[HKEY_CLASSES_ROOT\CLSID\{AEEEFCE1-6349-498A-8D37-AB4628A026B6}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{AEEEFCE1-6349-498A-8D37-AB4628A026B6}\Implemented Categories]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{AEEEFCE1-6349-498A-8D37-AB4628A026B6}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{AEEEFCE1-6349-498A-8D37-AB4628A026B6}\InprocServer32]

@="C:\\WINNT\\system32\\guard.tmp"

"ThreadingModel"="Apartment"

 

REGEDIT4

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

"{32714800-2E5F-11d0-8B85-00AA0044F941}"=-

"{18BC77C2-179E-4BC4-8F9F-820A4DA801AA}"=-

"{A4B17818-D4C4-4E1B-99A9-57CD98F8AA35}"=-

"{6DE1F0A3-95CD-44DD-A4A9-1497010E1572}"=-

"{4B9EAF8A-155B-44E6-9149-08432CB91D92}"=-

"{5527D986-15D7-476A-9BE5-7281282FF795}"=-

"{27CC2315-BB23-498D-B9C0-A55C86B504D7}"=-

"{96C6C45C-EFB6-4EAC-880C-AD89929157BC}"=-

"{146488DA-C31E-4DA8-8DB1-A627D56ED5B6}"=-

"{CE55D5D7-29B4-4370-BEBC-157650483A3D}"=-

"{DB4C77A2-315A-4F54-B4A1-3BAB40DE83BE}"=-

"{ED10DCC2-8D23-4A40-A140-BCA76DC6490C}"=-

"{FC2BFECE-BEDD-4553-9D7D-C4BD605D6478}"=-

"{AEEEFCE1-6349-498A-8D37-AB4628A026B6}"=-

[-HKEY_CLASSES_ROOT\CLSID\{32714800-2E5F-11d0-8B85-00AA0044F941}]

[-HKEY_CLASSES_ROOT\CLSID\{18BC77C2-179E-4BC4-8F9F-820A4DA801AA}]

[-HKEY_CLASSES_ROOT\CLSID\{A4B17818-D4C4-4E1B-99A9-57CD98F8AA35}]

[-HKEY_CLASSES_ROOT\CLSID\{6DE1F0A3-95CD-44DD-A4A9-1497010E1572}]

[-HKEY_CLASSES_ROOT\CLSID\{4B9EAF8A-155B-44E6-9149-08432CB91D92}]

[-HKEY_CLASSES_ROOT\CLSID\{5527D986-15D7-476A-9BE5-7281282FF795}]

[-HKEY_CLASSES_ROOT\CLSID\{27CC2315-BB23-498D-B9C0-A55C86B504D7}]

[-HKEY_CLASSES_ROOT\CLSID\{96C6C45C-EFB6-4EAC-880C-AD89929157BC}]

[-HKEY_CLASSES_ROOT\CLSID\{146488DA-C31E-4DA8-8DB1-A627D56ED5B6}]

[-HKEY_CLASSES_ROOT\CLSID\{CE55D5D7-29B4-4370-BEBC-157650483A3D}]

[-HKEY_CLASSES_ROOT\CLSID\{DB4C77A2-315A-4F54-B4A1-3BAB40DE83BE}]

[-HKEY_CLASSES_ROOT\CLSID\{ED10DCC2-8D23-4A40-A140-BCA76DC6490C}]

[-HKEY_CLASSES_ROOT\CLSID\{FC2BFECE-BEDD-4553-9D7D-C4BD605D6478}]

[-HKEY_CLASSES_ROOT\CLSID\{AEEEFCE1-6349-498A-8D37-AB4628A026B6}]

REGEDIT4

 

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

****************************************************************************

Desktop.ini Contents:

****************************************************************************

****************************************************************************

Checking for L2MFix account(0=no 1=yes):

0

Zipping up files for submission:

adding: dlls/cTbinet.dll (152 bytes security) (deflated 4%)

adding: dlls/en82l1lo1.dll (152 bytes security) (deflated 5%)

adding: dlls/gdu32.dll (152 bytes security) (deflated 5%)

adding: dlls/guard.tmp (152 bytes security) (deflated 4%)

adding: dlls/jycript.dll (152 bytes security) (deflated 5%)

adding: dlls/KHDCA.DLL (152 bytes security) (deflated 5%)

adding: dlls/l60ulgd9160.dll (152 bytes security) (deflated 5%)

adding: dlls/lvpu0979e.dll (152 bytes security) (deflated 5%)

adding: dlls/mndart32.dll (152 bytes security) (deflated 5%)

adding: dlls/msc42.dll (152 bytes security) (deflated 4%)

adding: dlls/mvj8l91u1.dll (152 bytes security) (deflated 4%)

adding: dlls/NKERROR.DLL (152 bytes security) (deflated 5%)

adding: dlls/SmlScr.dll (152 bytes security) (deflated 5%)

adding: backregs/146488DA-C31E-4DA8-8DB1-A627D56ED5B6.reg (188 bytes security) (deflated 70%)

adding: backregs/27CC2315-BB23-498D-B9C0-A55C86B504D7.reg (188 bytes security) (deflated 70%)

adding: backregs/32714800-2E5F-11d0-8B85-00AA0044F941.reg (188 bytes security) (deflated 54%)

adding: backregs/4B9EAF8A-155B-44E6-9149-08432CB91D92.reg (188 bytes security) (deflated 70%)

adding: backregs/6DE1F0A3-95CD-44DD-A4A9-1497010E1572.reg (188 bytes security) (deflated 70%)

adding: backregs/96C6C45C-EFB6-4EAC-880C-AD89929157BC.reg (188 bytes security) (deflated 70%)

adding: backregs/AEEEFCE1-6349-498A-8D37-AB4628A026B6.reg (188 bytes security) (deflated 70%)

adding: backregs/CE55D5D7-29B4-4370-BEBC-157650483A3D.reg (188 bytes security) (deflated 70%)

adding: backregs/DB4C77A2-315A-4F54-B4A1-3BAB40DE83BE.reg (188 bytes security) (deflated 70%)

adding: backregs/ED10DCC2-8D23-4A40-A140-BCA76DC6490C.reg (188 bytes security) (deflated 70%)

adding: backregs/FC2BFECE-BEDD-4553-9D7D-C4BD605D6478.reg (188 bytes security) (deflated 70%)

adding: backregs/notibac.reg (152 bytes security) (deflated 72%)

adding: backregs/shell.reg (152 bytes security) (deflated 74%)

 

 

 

VOICI MON RAPPORT HIjACK THIS ::

 

Logfile of HijackThis v1.99.1

Scan saved at 19:53:47, on 08/04/2006

Platform: Windows 2000 SP3 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\csrss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe

C:\Program Files\Fichiers communs\Network Associates\McShield\Mcshield.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\system32\stisvc.exe

C:\WINNT\system32\SUSS.EXE

C:\Program Files\Network Associates\VirusScan\VsStat.exe

C:\Program Files\Network Associates\VirusScan\Vshwin32.exe

C:\Program Files\Network Associates\VirusScan\Avconsol.exe

C:\PROGRAM FILES\TAP\tap2000.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\Explorer.EXE

C:\WINNT\system32\notepad.exe

C:\program files\tapinfo\tapinfo.exe

C:\Program Files\ZipMail\zmailLN.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE

C:\Program Files\MessengerPlus! 3\MsgPlus.exe

C:\Program Files\a-squared\a2guard.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Hijack This\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://e-toile.edf.fr

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsoft.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://e-toile.edf.fr

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par EDF Gaz de France

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [Tapinfo] "c:\program files\tapinfo\tapinfo.exe"

O4 - HKLM\..\Run: [Notes5.10] C:\Program Files\Notes\params\ParHKLM.exe

O4 - HKLM\..\Run: [VNCServer] "C:\Program Files\ORL\VNC\WinVNC.exe" -ServiceHelper

O4 - HKLM\..\Run: [ZipMail LN System Tray add-on] "C:\Program Files\ZipMail\zmailLN.exe" 033 hidden

O4 - HKLM\..\Run: [zipmail] C:\Program Files\ZipMail\params\ZipMail_Par.exe

O4 - HKLM\..\Run: [PARAMIE6] C:\Program Files\Internet Explorer\IE Install\ParamIE6.exe

O4 - HKLM\..\Run: [GAI Maj User GP421] "C:\Program Files\GP421\GAI\UpdtUsr.cmd"

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE

O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad9.exe

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a-squared\a2guard.exe"

O4 - HKCU\..\Run: [qmkq] C:\PROGRA~1\FICHIE~1\qmkq\qmkqm.exe

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Ouverture de Session.lnk = D:\WINNT\PDT\SCRIPTS\PDTRUN.CMD

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll

O14 - IERESET.INF: START_PAGE_URL=http://e-toile.edf.fr

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835

O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1,0,0,9...pdatePortal.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://jeux.wanadoo.fr/online2/zuma/zylomgamesplayer.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ldf.edfgdf.fr

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ldf.edfgdf.fr

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ldf.edfgdf.fr,edfgdf.fr,edf.fr,gdf.fr

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ldf.edfgdf.fr

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = ldf.edfgdf.fr,edfgdf.fr,edf.fr,gdf.fr

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ldf.edfgdf.fr,edfgdf.fr,edf.fr,gdf.fr

O20 - Winlogon Notify: ExtShellViews - C:\WINNT\system32\mvj8l91u1.dll (file missing)

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe

O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

O23 - Service: McShield - Unknown owner - C:\Program Files\Fichiers communs\Network Associates\McShield\Mcshield.exe

O23 - Service: Agent TAP (TAP) - EDF-GDF - C:\PROGRAM FILES\TAP\tap2000.exe

 

 

VOILA MERCII ENCORE ^x^

[naheulbeuk]

bonsoir,

 

refais un scan hijackthis coche et fix ces lignes :

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [Tapinfo] "c:\program files\tapinfo\tapinfo.exe"

O4 - HKLM\..\Run: [Notes5.10] C:\Program Files\Notes\params\ParHKLM.exe

O4 - HKLM\..\Run: [VNCServer] "C:\Program Files\ORL\VNC\WinVNC.exe" -ServiceHelper

O4 - HKLM\..\Run: [ZipMail LN System Tray add-on] "C:\Program Files\ZipMail\zmailLN.exe" 033 hidden

O4 - HKLM\..\Run: [zipmail] C:\Program Files\ZipMail\params\ZipMail_Par.exe

O4 - HKLM\..\Run: [PARAMIE6] C:\Program Files\Internet Explorer\IE Install\ParamIE6.exe

O4 - HKLM\..\Run: [GAI Maj User GP421] "C:\Program Files\GP421\GAI\UpdtUsr.cmd"

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE

O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad9.exe

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a-squared\a2guard.exe"

O4 - HKCU\..\Run: [qmkq] C:\PROGRA~1\FICHIE~1\qmkq\qmkqm.exe

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Ouverture de Session.lnk = D:\WINNT\PDT\SCRIPTS\PDTRUN.CMD

O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1,0,0,9...pdatePortal.cab

 

ferme hijackthis et redémarre ton pc !

 

repost un nouveau rapport hijackthis

+ fais un scan panda en ligne :

ici

et post moi le rapport de ce scan ici une fois terminé !

 

A+

[Juli3tte]

C'est fait j'ai fixer tout ce que tu as préciser, Voici mon nouveau SCAN & je suis en train de faire analyser mon pc avec Panda !

 

Logfile of HijackThis v1.99.1

Scan saved at 21:15:08, on 08/04/2006

Platform: Windows 2000 SP3 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe

C:\Program Files\Fichiers communs\Network Associates\McShield\Mcshield.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\system32\stisvc.exe

C:\WINNT\system32\SUSS.EXE

C:\Program Files\Network Associates\VirusScan\VsStat.exe

C:\Program Files\Network Associates\VirusScan\Vshwin32.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\Program Files\Network Associates\VirusScan\Avconsol.exe

C:\WINNT\Explorer.EXE

C:\Program Files\Hijack This\HijackThis.exe

C:\Program Files\Mozilla Firefox\firefox.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://e-toile.edf.fr

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsoft.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://e-toile.edf.fr

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par EDF Gaz de France

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll

O14 - IERESET.INF: START_PAGE_URL=http://e-toile.edf.fr

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://jeux.wanadoo.fr/online2/zuma/zylomgamesplayer.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ldf.edfgdf.fr

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ldf.edfgdf.fr

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ldf.edfgdf.fr,edfgdf.fr,edf.fr,gdf.fr

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ldf.edfgdf.fr

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = ldf.edfgdf.fr,edfgdf.fr,edf.fr,gdf.fr

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ldf.edfgdf.fr,edfgdf.fr,edf.fr,gdf.fr

O20 - Winlogon Notify: ExtShellViews - C:\WINNT\system32\mvj8l91u1.dll (file missing)

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe

O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

O23 - Service: McShield - Unknown owner - C:\Program Files\Fichiers communs\Network Associates\McShield\Mcshield.exe

O23 - Service: Agent TAP (TAP) - EDF-GDF - C:\PROGRAM FILES\TAP\tap2000.exe

[naheulbeuk]

coucou,

comment se porte ta bécane ? faut maintenant que tu mettes ton système à jour sur windows update !

A+

[Juli3tte]

coucou,

comment se porte ta bécane ? faut maintenant que tu mettes ton système à jour sur windows update !

A+

 

 

Euuh . . . o__O J'ai pas trop compris ce que tu a voulu dire par "comment se porte ta bécane" XD !

Et comment mettre a jour windows ? :s sa aussi je n'ai pas trop compris . . . {Désolé j'ai un peu du mal}