Ouverture continuelle de site internet....
Résolu/Fermé
LUDOVI
Messages postés
15
Date d'inscription
samedi 4 mars 2006
Statut
Membre
Dernière intervention
4 novembre 2006
-
5 mars 2006 à 20:40
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 - 5 mars 2006 à 21:28
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 - 5 mars 2006 à 21:28
A voir également:
- Ouverture continuelle de site internet....
- Site de telechargement - Guide
- Site de vente entre particulier - Guide
- Site inaccessible - Guide
- Gps sans internet - Guide
- Site de partage de photos - Guide
3 réponses
green day
Messages postés
26371
Date d'inscription
vendredi 30 septembre 2005
Statut
Modérateur, Contributeur sécurité
Dernière intervention
27 décembre 2019
2 162
5 mars 2006 à 20:54
5 mars 2006 à 20:54
Salut Ludo !
il aurait fallut continuer sur l'autre poste mais bon ...
maintenant :
*Phase 2 :
- Quitter le net, le navigateur, et toutes autres fenêtres d'applications ;
- Double-cliquer sur l2mfix.bat ;
- Choisir OPTION 2 (Run fix) et valider par la touche [Entrée] ;
- A l'invite, appuyer sur une touche du clavier pour redémarrer le PC ;
=> Au redémarrage, le nettoyage de L2mFix se poursuit, puis génère le résultat du nettoyage en ouvrant le Bloc-notes ; se reconnecter pour le poster au forum.
bon courage, @+
il aurait fallut continuer sur l'autre poste mais bon ...
maintenant :
*Phase 2 :
- Quitter le net, le navigateur, et toutes autres fenêtres d'applications ;
- Double-cliquer sur l2mfix.bat ;
- Choisir OPTION 2 (Run fix) et valider par la touche [Entrée] ;
- A l'invite, appuyer sur une touche du clavier pour redémarrer le PC ;
=> Au redémarrage, le nettoyage de L2mFix se poursuit, puis génère le résultat du nettoyage en ouvrant le Bloc-notes ; se reconnecter pour le poster au forum.
bon courage, @+
LUDOVI
Messages postés
15
Date d'inscription
samedi 4 mars 2006
Statut
Membre
Dernière intervention
4 novembre 2006
5 mars 2006 à 21:18
5 mars 2006 à 21:18
Bonsoir green day
Voicile resultat du second scan run fix sur l2mfix....
Que dois je faire maintenant???
Cdt
LL2mfix 010406
Creating Account.
Le compte existe d‚j….
Vous obtiendrez une aide suppl‚mentaire en entrant NET HELPMSG 2224.
Adding Administrative privleges.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful
Running From:
C:\WINDOWS\system32
Killing Processes!
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 700 'smss.exe'
Error 0x5 : Accès refusé.
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 792 'winlogon.exe'
Killing PID 792 'winlogon.exe'
Killing PID 792 'winlogon.exe'
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 508 'explorer.exe'
Killing PID 508 'explorer.exe'
Killing PID 508 'explorer.exe'
Killing PID 508 'explorer.exe'
Killing PID 508 'explorer.exe'
Killing PID 508 'explorer.exe'
Killing PID 508 'explorer.exe'
Killing PID 508 'explorer.exe'
Killing PID 508 'explorer.exe'
Killing PID 508 'explorer.exe'
Killing PID 508 'explorer.exe'
Killing PID 508 'explorer.exe'
Killing PID 508 'explorer.exe'
Killing PID 508 'explorer.exe'
Killing PID 508 'explorer.exe'
Killing PID 508 'explorer.exe'
Killing PID 508 'explorer.exe'
Killing PID 508 'explorer.exe'
Killing PID 508 'explorer.exe'
Killing PID 508 'explorer.exe'
Killing PID 508 'explorer.exe'
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 460 'rundll32.exe'
Error 0x6 : Descripteur non valide
Restoring Sedebugprivilege:
Running From:
C:\WINDOWS\system32
Killing Processes!
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 700 'smss.exe'
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 792 'winlogon.exe'
Killing PID 792 'winlogon.exe'
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 268 'explorer.exe'
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 636 'rundll32.exe'
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administrateurs ... successful
Scanning First Pass. Please Wait!
First Pass Completed
Second Pass Scanning
Second pass Completed!
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
Deleting: C:\WINDOWS\system32\__delete_on_reboot__wJ5inf16.dll
Successfully Deleted: C:\WINDOWS\system32\__delete_on_reboot__wJ5inf16.dll
Deleting: C:\WINDOWS\system32\ibvu9_32.dll
Successfully Deleted: C:\WINDOWS\system32\ibvu9_32.dll
Deleting: C:\WINDOWS\system32\jtpq0775e.dll
Successfully Deleted: C:\WINDOWS\system32\jtpq0775e.dll
Deleting: C:\WINDOWS\system32\lv8o09l3e.dll
Successfully Deleted: C:\WINDOWS\system32\lv8o09l3e.dll
msg11?.dll
0 fichier(s) copi‚(s).
Desktop.ini sucessfully removed
Restoring Windows Update Certificates.:
The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IPConfTSP]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\en66l1js1.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SideBySide]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\ibvu9_32.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
The following are the files found:
****************************************************************************
C:\WINDOWS\system32\__delete_on_reboot__wJ5inf16.dll
C:\WINDOWS\system32\ibvu9_32.dll
C:\WINDOWS\system32\jtpq0775e.dll
C:\WINDOWS\system32\lv8o09l3e.dll
Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{469BF070-00A6-4BAD-94CB-EB8A7763BF56}]
@=""
"IDEx"="ADDR"
[HKEY_CLASSES_ROOT\CLSID\{469BF070-00A6-4BAD-94CB-EB8A7763BF56}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{469BF070-00A6-4BAD-94CB-EB8A7763BF56}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{469BF070-00A6-4BAD-94CB-EB8A7763BF56}\InprocServer32]
@="C:\\WINDOWS\\system32\\mlcshext.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{DD595706-F76F-4B61-8CD5-75A18459D265}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{DD595706-F76F-4B61-8CD5-75A18459D265}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{DD595706-F76F-4B61-8CD5-75A18459D265}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{DD595706-F76F-4B61-8CD5-75A18459D265}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{639A055F-2E90-4266-8C9D-966C431221E4}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{639A055F-2E90-4266-8C9D-966C431221E4}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{639A055F-2E90-4266-8C9D-966C431221E4}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{639A055F-2E90-4266-8C9D-966C431221E4}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{48AA9D8E-63B3-467F-BA0C-794ECE9D33DE}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{48AA9D8E-63B3-467F-BA0C-794ECE9D33DE}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{48AA9D8E-63B3-467F-BA0C-794ECE9D33DE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{48AA9D8E-63B3-467F-BA0C-794ECE9D33DE}\InprocServer32]
@="C:\\WINDOWS\\system32\\ibvu9_32.dll"
"ThreadingModel"="Apartment"
REGEDIT4
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{7B8C410F-B003-401B-BB09-2C88DC3C9677}"=-
"{4CD136BB-E91E-4E8D-A725-D4EB42145A33}"=-
"{80F7935C-F8DA-4D37-8CE7-88013893F64C}"=-
"{469BF070-00A6-4BAD-94CB-EB8A7763BF56}"=-
"{DD595706-F76F-4B61-8CD5-75A18459D265}"=-
"{639A055F-2E90-4266-8C9D-966C431221E4}"=-
"{48AA9D8E-63B3-467F-BA0C-794ECE9D33DE}"=-
[-HKEY_CLASSES_ROOT\CLSID\{7B8C410F-B003-401B-BB09-2C88DC3C9677}]
[-HKEY_CLASSES_ROOT\CLSID\{4CD136BB-E91E-4E8D-A725-D4EB42145A33}]
[-HKEY_CLASSES_ROOT\CLSID\{80F7935C-F8DA-4D37-8CE7-88013893F64C}]
[-HKEY_CLASSES_ROOT\CLSID\{469BF070-00A6-4BAD-94CB-EB8A7763BF56}]
[-HKEY_CLASSES_ROOT\CLSID\{DD595706-F76F-4B61-8CD5-75A18459D265}]
[-HKEY_CLASSES_ROOT\CLSID\{639A055F-2E90-4266-8C9D-966C431221E4}]
[-HKEY_CLASSES_ROOT\CLSID\{48AA9D8E-63B3-467F-BA0C-794ECE9D33DE}]
REGEDIT4
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
****************************************************************************
Checking for L2MFix account(0=no 1=yes):
0
Zipping up files for submission:
adding: dlls/__delete_on_reboot__wJ5inf16.dll (deflated 4%)
adding: dlls/ibvu9_32.dll (deflated 4%)
adding: dlls/jtpq0775e.dll (deflated 5%)
adding: dlls/lv8o09l3e.dll (deflated 5%)
adding: backregs/notibac.reg (deflated 88%)
adding: backregs/shell.reg (deflated 73%)
adding: backregs/469BF070-00A6-4BAD-94CB-EB8A7763BF56.reg (deflated 69%)
adding: backregs/DD595706-F76F-4B61-8CD5-75A18459D265.reg (deflated 70%)
adding: backregs/639A055F-2E90-4266-8C9D-966C431221E4.reg (deflated 70%)
adding: backregs/48AA9D8E-63B3-467F-BA0C-794ECE9D33DE.reg (deflated 70%)
Voicile resultat du second scan run fix sur l2mfix....
Que dois je faire maintenant???
Cdt
LL2mfix 010406
Creating Account.
Le compte existe d‚j….
Vous obtiendrez une aide suppl‚mentaire en entrant NET HELPMSG 2224.
Adding Administrative privleges.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful
Running From:
C:\WINDOWS\system32
Killing Processes!
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 700 'smss.exe'
Error 0x5 : Accès refusé.
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 792 'winlogon.exe'
Killing PID 792 'winlogon.exe'
Killing PID 792 'winlogon.exe'
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 508 'explorer.exe'
Killing PID 508 'explorer.exe'
Killing PID 508 'explorer.exe'
Killing PID 508 'explorer.exe'
Killing PID 508 'explorer.exe'
Killing PID 508 'explorer.exe'
Killing PID 508 'explorer.exe'
Killing PID 508 'explorer.exe'
Killing PID 508 'explorer.exe'
Killing PID 508 'explorer.exe'
Killing PID 508 'explorer.exe'
Killing PID 508 'explorer.exe'
Killing PID 508 'explorer.exe'
Killing PID 508 'explorer.exe'
Killing PID 508 'explorer.exe'
Killing PID 508 'explorer.exe'
Killing PID 508 'explorer.exe'
Killing PID 508 'explorer.exe'
Killing PID 508 'explorer.exe'
Killing PID 508 'explorer.exe'
Killing PID 508 'explorer.exe'
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 460 'rundll32.exe'
Error 0x6 : Descripteur non valide
Restoring Sedebugprivilege:
Running From:
C:\WINDOWS\system32
Killing Processes!
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 700 'smss.exe'
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 792 'winlogon.exe'
Killing PID 792 'winlogon.exe'
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 268 'explorer.exe'
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 636 'rundll32.exe'
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administrateurs ... successful
Scanning First Pass. Please Wait!
First Pass Completed
Second Pass Scanning
Second pass Completed!
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
Deleting: C:\WINDOWS\system32\__delete_on_reboot__wJ5inf16.dll
Successfully Deleted: C:\WINDOWS\system32\__delete_on_reboot__wJ5inf16.dll
Deleting: C:\WINDOWS\system32\ibvu9_32.dll
Successfully Deleted: C:\WINDOWS\system32\ibvu9_32.dll
Deleting: C:\WINDOWS\system32\jtpq0775e.dll
Successfully Deleted: C:\WINDOWS\system32\jtpq0775e.dll
Deleting: C:\WINDOWS\system32\lv8o09l3e.dll
Successfully Deleted: C:\WINDOWS\system32\lv8o09l3e.dll
msg11?.dll
0 fichier(s) copi‚(s).
Desktop.ini sucessfully removed
Restoring Windows Update Certificates.:
The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IPConfTSP]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\en66l1js1.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SideBySide]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\ibvu9_32.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
The following are the files found:
****************************************************************************
C:\WINDOWS\system32\__delete_on_reboot__wJ5inf16.dll
C:\WINDOWS\system32\ibvu9_32.dll
C:\WINDOWS\system32\jtpq0775e.dll
C:\WINDOWS\system32\lv8o09l3e.dll
Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{469BF070-00A6-4BAD-94CB-EB8A7763BF56}]
@=""
"IDEx"="ADDR"
[HKEY_CLASSES_ROOT\CLSID\{469BF070-00A6-4BAD-94CB-EB8A7763BF56}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{469BF070-00A6-4BAD-94CB-EB8A7763BF56}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{469BF070-00A6-4BAD-94CB-EB8A7763BF56}\InprocServer32]
@="C:\\WINDOWS\\system32\\mlcshext.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{DD595706-F76F-4B61-8CD5-75A18459D265}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{DD595706-F76F-4B61-8CD5-75A18459D265}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{DD595706-F76F-4B61-8CD5-75A18459D265}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{DD595706-F76F-4B61-8CD5-75A18459D265}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{639A055F-2E90-4266-8C9D-966C431221E4}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{639A055F-2E90-4266-8C9D-966C431221E4}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{639A055F-2E90-4266-8C9D-966C431221E4}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{639A055F-2E90-4266-8C9D-966C431221E4}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{48AA9D8E-63B3-467F-BA0C-794ECE9D33DE}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{48AA9D8E-63B3-467F-BA0C-794ECE9D33DE}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{48AA9D8E-63B3-467F-BA0C-794ECE9D33DE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{48AA9D8E-63B3-467F-BA0C-794ECE9D33DE}\InprocServer32]
@="C:\\WINDOWS\\system32\\ibvu9_32.dll"
"ThreadingModel"="Apartment"
REGEDIT4
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{7B8C410F-B003-401B-BB09-2C88DC3C9677}"=-
"{4CD136BB-E91E-4E8D-A725-D4EB42145A33}"=-
"{80F7935C-F8DA-4D37-8CE7-88013893F64C}"=-
"{469BF070-00A6-4BAD-94CB-EB8A7763BF56}"=-
"{DD595706-F76F-4B61-8CD5-75A18459D265}"=-
"{639A055F-2E90-4266-8C9D-966C431221E4}"=-
"{48AA9D8E-63B3-467F-BA0C-794ECE9D33DE}"=-
[-HKEY_CLASSES_ROOT\CLSID\{7B8C410F-B003-401B-BB09-2C88DC3C9677}]
[-HKEY_CLASSES_ROOT\CLSID\{4CD136BB-E91E-4E8D-A725-D4EB42145A33}]
[-HKEY_CLASSES_ROOT\CLSID\{80F7935C-F8DA-4D37-8CE7-88013893F64C}]
[-HKEY_CLASSES_ROOT\CLSID\{469BF070-00A6-4BAD-94CB-EB8A7763BF56}]
[-HKEY_CLASSES_ROOT\CLSID\{DD595706-F76F-4B61-8CD5-75A18459D265}]
[-HKEY_CLASSES_ROOT\CLSID\{639A055F-2E90-4266-8C9D-966C431221E4}]
[-HKEY_CLASSES_ROOT\CLSID\{48AA9D8E-63B3-467F-BA0C-794ECE9D33DE}]
REGEDIT4
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
****************************************************************************
Checking for L2MFix account(0=no 1=yes):
0
Zipping up files for submission:
adding: dlls/__delete_on_reboot__wJ5inf16.dll (deflated 4%)
adding: dlls/ibvu9_32.dll (deflated 4%)
adding: dlls/jtpq0775e.dll (deflated 5%)
adding: dlls/lv8o09l3e.dll (deflated 5%)
adding: backregs/notibac.reg (deflated 88%)
adding: backregs/shell.reg (deflated 73%)
adding: backregs/469BF070-00A6-4BAD-94CB-EB8A7763BF56.reg (deflated 69%)
adding: backregs/DD595706-F76F-4B61-8CD5-75A18459D265.reg (deflated 70%)
adding: backregs/639A055F-2E90-4266-8C9D-966C431221E4.reg (deflated 70%)
adding: backregs/48AA9D8E-63B3-467F-BA0C-794ECE9D33DE.reg (deflated 70%)
green day
Messages postés
26371
Date d'inscription
vendredi 30 septembre 2005
Statut
Modérateur, Contributeur sécurité
Dernière intervention
27 décembre 2019
2 162
5 mars 2006 à 21:28
5 mars 2006 à 21:28
Re !
1) reposte un rapport Hijackthis stp
2) scan en ligne
http://www.bitdefender.fr/bd/site/search.php#
colle rapport entier ( s'il y a quelque chose )
3 ) et dis nous où en sont tes soucis
@+
1) reposte un rapport Hijackthis stp
2) scan en ligne
http://www.bitdefender.fr/bd/site/search.php#
colle rapport entier ( s'il y a quelque chose )
3 ) et dis nous où en sont tes soucis
@+