Aller au contenu

herisson38

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    79

  • Inscription

  • Dernière visite

Tout ce qui a été posté par herisson38

  1. herisson38
    Bonjour, voila !! j'ai suivi a la lettre !!! 1ER RAPPORT : L2mfix Beta 120905 Creating Account. La commande s'est termin‚e correctement. Adding Administrative privleges. Checking for L2MFix account(0=no 1=yes): 1 Granting SeDebugPrivilege to L2MFIX ... successful Running From: C:\WINDOWS\system32 Killing Processes! Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright© 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 532 'smss.exe' Killing PID 532 'smss.exe' Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright© 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 620 'winlogon.exe' Killing PID 620 'winlogon.exe' Killing PID 620 'winlogon.exe' Killing PID 620 'winlogon.exe' Killing PID 620 'winlogon.exe' Killing PID 620 'winlogon.exe' Killing PID 620 'winlogon.exe' Killing PID 620 'winlogon.exe' Killing PID 620 'winlogon.exe' Killing PID 620 'winlogon.exe' Killing PID 620 'winlogon.exe' Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright© 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 1708 'explorer.exe' Killing PID 1708 'explorer.exe' Killing PID 1708 'explorer.exe' Killing PID 1708 'explorer.exe' Killing PID 1708 'explorer.exe' Killing PID 1708 'explorer.exe' Killing PID 1708 'explorer.exe' Killing PID 1708 'explorer.exe' Killing PID 1708 'explorer.exe' Killing PID 1708 'explorer.exe' Killing PID 1708 'explorer.exe' Killing PID 1708 'explorer.exe' Killing PID 1708 'explorer.exe' Killing PID 1708 'explorer.exe' Killing PID 1708 'explorer.exe' Killing PID 1708 'explorer.exe' Killing PID 1708 'explorer.exe' Killing PID 1708 'explorer.exe' Killing PID 1708 'explorer.exe' Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright© 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 1416 'rundll32.exe' Killing PID 1416 'rundll32.exe' Killing PID 1416 'rundll32.exe' Killing PID 1416 'rundll32.exe' Granting SeDebugPrivilege to Administrators ... failed (GetAccountSid(Administrators)=1332 Granting SeDebugPrivilege to Administrateurs ... successful Granting SeDebugPrivilege to Administrat÷rer ... failed (GetAccountSid(Administrat÷rer)=1332 Granting SeDebugPrivilege to Administradores ... failed (GetAccountSid(Administradores)=1332 Granting SeDebugPrivilege to Amministratore ... failed (GetAccountSid(Amministratore)=1332 Granting SeDebugPrivilege to Administratoren ... failed (GetAccountSid(Administratoren)=1332 Scanning First Pass. Please Wait! First Pass Completed Second Pass Scanning Second pass Completed! Backing Up: C:\WINDOWS\system32\ahvpack.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\cgseqchk.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\cugmgr32.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\damsvinn.dLL 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\dCvclnt.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\dfwsock.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\ennsl1571.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\f8j20i1oe8.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\f8l00i3me8.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\fnntext.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\gttuname.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\hqd.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\hrrq0595e.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\igseng.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\ir2ml5f11.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\irnol5531.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\iZssam.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\kcdhe.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\kmdkaz.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\l0p2la7o1d.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\l48mlel11hq.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\lqexpand.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\lv2209foe.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\lvns0957e.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\m0rmla911d.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\m4ls0e37eh.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\m8rm0i91e8.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\maoa.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\mknetobj.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\mql_hp.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\mvdtctm.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\n0p4la7q1d.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\n46q0ej5eho.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\n4l80e3ueh.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\nTl80e3ueh.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\pSutoenr.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\r8r60i9se8.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\scgina.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\teappcmp.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\uorv80a.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\uurdpa.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\vkajet32.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\vnpodbc.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\vwajet32.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\winotify.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\wvhfr.dll 1 fichier(s) copi‚(s). deleting: C:\WINDOWS\system32\ahvpack.dll Successfully Deleted: C:\WINDOWS\system32\ahvpack.dll deleting: C:\WINDOWS\system32\cgseqchk.dll Successfully Deleted: C:\WINDOWS\system32\cgseqchk.dll deleting: C:\WINDOWS\system32\cugmgr32.dll Successfully Deleted: C:\WINDOWS\system32\cugmgr32.dll deleting: C:\WINDOWS\system32\damsvinn.dLL Successfully Deleted: C:\WINDOWS\system32\damsvinn.dLL deleting: C:\WINDOWS\system32\dCvclnt.dll Successfully Deleted: C:\WINDOWS\system32\dCvclnt.dll deleting: C:\WINDOWS\system32\dfwsock.dll Successfully Deleted: C:\WINDOWS\system32\dfwsock.dll deleting: C:\WINDOWS\system32\ennsl1571.dll Successfully Deleted: C:\WINDOWS\system32\ennsl1571.dll deleting: C:\WINDOWS\system32\f8j20i1oe8.dll Successfully Deleted: C:\WINDOWS\system32\f8j20i1oe8.dll deleting: C:\WINDOWS\system32\f8l00i3me8.dll Successfully Deleted: C:\WINDOWS\system32\f8l00i3me8.dll deleting: C:\WINDOWS\system32\fnntext.dll Successfully Deleted: C:\WINDOWS\system32\fnntext.dll deleting: C:\WINDOWS\system32\gttuname.dll Successfully Deleted: C:\WINDOWS\system32\gttuname.dll deleting: C:\WINDOWS\system32\hqd.dll Successfully Deleted: C:\WINDOWS\system32\hqd.dll deleting: C:\WINDOWS\system32\hrrq0595e.dll Successfully Deleted: C:\WINDOWS\system32\hrrq0595e.dll deleting: C:\WINDOWS\system32\igseng.dll Successfully Deleted: C:\WINDOWS\system32\igseng.dll deleting: C:\WINDOWS\system32\ir2ml5f11.dll Successfully Deleted: C:\WINDOWS\system32\ir2ml5f11.dll deleting: C:\WINDOWS\system32\irnol5531.dll Successfully Deleted: C:\WINDOWS\system32\irnol5531.dll deleting: C:\WINDOWS\system32\iZssam.dll Successfully Deleted: C:\WINDOWS\system32\iZssam.dll deleting: C:\WINDOWS\system32\kcdhe.dll Successfully Deleted: C:\WINDOWS\system32\kcdhe.dll deleting: C:\WINDOWS\system32\kmdkaz.dll Successfully Deleted: C:\WINDOWS\system32\kmdkaz.dll deleting: C:\WINDOWS\system32\l0p2la7o1d.dll Successfully Deleted: C:\WINDOWS\system32\l0p2la7o1d.dll deleting: C:\WINDOWS\system32\l48mlel11hq.dll Successfully Deleted: C:\WINDOWS\system32\l48mlel11hq.dll deleting: C:\WINDOWS\system32\lqexpand.dll Successfully Deleted: C:\WINDOWS\system32\lqexpand.dll deleting: C:\WINDOWS\system32\lv2209foe.dll Successfully Deleted: C:\WINDOWS\system32\lv2209foe.dll deleting: C:\WINDOWS\system32\lvns0957e.dll Successfully Deleted: C:\WINDOWS\system32\lvns0957e.dll deleting: C:\WINDOWS\system32\m0rmla911d.dll Successfully Deleted: C:\WINDOWS\system32\m0rmla911d.dll deleting: C:\WINDOWS\system32\m4ls0e37eh.dll Successfully Deleted: C:\WINDOWS\system32\m4ls0e37eh.dll deleting: C:\WINDOWS\system32\m8rm0i91e8.dll Successfully Deleted: C:\WINDOWS\system32\m8rm0i91e8.dll deleting: C:\WINDOWS\system32\maoa.dll Successfully Deleted: C:\WINDOWS\system32\maoa.dll deleting: C:\WINDOWS\system32\mknetobj.dll Successfully Deleted: C:\WINDOWS\system32\mknetobj.dll deleting: C:\WINDOWS\system32\mql_hp.dll Successfully Deleted: C:\WINDOWS\system32\mql_hp.dll deleting: C:\WINDOWS\system32\mvdtctm.dll Successfully Deleted: C:\WINDOWS\system32\mvdtctm.dll deleting: C:\WINDOWS\system32\n0p4la7q1d.dll Successfully Deleted: C:\WINDOWS\system32\n0p4la7q1d.dll deleting: C:\WINDOWS\system32\n46q0ej5eho.dll Successfully Deleted: C:\WINDOWS\system32\n46q0ej5eho.dll deleting: C:\WINDOWS\system32\n4l80e3ueh.dll Successfully Deleted: C:\WINDOWS\system32\n4l80e3ueh.dll deleting: C:\WINDOWS\system32\nTl80e3ueh.dll Successfully Deleted: C:\WINDOWS\system32\nTl80e3ueh.dll deleting: C:\WINDOWS\system32\pSutoenr.dll Successfully Deleted: C:\WINDOWS\system32\pSutoenr.dll deleting: C:\WINDOWS\system32\r8r60i9se8.dll Successfully Deleted: C:\WINDOWS\system32\r8r60i9se8.dll deleting: C:\WINDOWS\system32\scgina.dll Successfully Deleted: C:\WINDOWS\system32\scgina.dll deleting: C:\WINDOWS\system32\teappcmp.dll Successfully Deleted: C:\WINDOWS\system32\teappcmp.dll deleting: C:\WINDOWS\system32\uorv80a.dll Successfully Deleted: C:\WINDOWS\system32\uorv80a.dll deleting: C:\WINDOWS\system32\uurdpa.dll Successfully Deleted: C:\WINDOWS\system32\uurdpa.dll deleting: C:\WINDOWS\system32\vkajet32.dll Successfully Deleted: C:\WINDOWS\system32\vkajet32.dll deleting: C:\WINDOWS\system32\vnpodbc.dll Successfully Deleted: C:\WINDOWS\system32\vnpodbc.dll deleting: C:\WINDOWS\system32\vwajet32.dll Successfully Deleted: C:\WINDOWS\system32\vwajet32.dll deleting: C:\WINDOWS\system32\winotify.dll Successfully Deleted: C:\WINDOWS\system32\winotify.dll deleting: C:\WINDOWS\system32\wvhfr.dll Successfully Deleted: C:\WINDOWS\system32\wvhfr.dll Zipping up files for submission: zip warning: name not matched: guard.tmp zip error: Nothing to do! (backup.zip) adding: Documents and Settings/Seabra Alvaro/Bureau/l2mfix/backregs/notibac.reg (164 bytes security) (deflated 87%) adding: Documents and Settings/Seabra Alvaro/Bureau/l2mfix/backregs/shell.reg (164 bytes security) (deflated 73%) Restoring Sedebugprivilege: Restoring Windows Update Certificates.: deleting local copy: ahvpack.dll deleting local copy: cgseqchk.dll deleting local copy: cugmgr32.dll deleting local copy: damsvinn.dLL deleting local copy: dCvclnt.dll deleting local copy: dfwsock.dll deleting local copy: ennsl1571.dll deleting local copy: f8j20i1oe8.dll deleting local copy: f8l00i3me8.dll deleting local copy: fnntext.dll deleting local copy: gttuname.dll deleting local copy: hqd.dll deleting local copy: hrrq0595e.dll deleting local copy: igseng.dll deleting local copy: ir2ml5f11.dll deleting local copy: irnol5531.dll deleting local copy: iZssam.dll deleting local copy: kcdhe.dll deleting local copy: kmdkaz.dll deleting local copy: l0p2la7o1d.dll deleting local copy: l48mlel11hq.dll deleting local copy: lqexpand.dll deleting local copy: lv2209foe.dll deleting local copy: lvns0957e.dll deleting local copy: m0rmla911d.dll deleting local copy: m4ls0e37eh.dll deleting local copy: m8rm0i91e8.dll deleting local copy: maoa.dll deleting local copy: mknetobj.dll deleting local copy: mql_hp.dll deleting local copy: mvdtctm.dll deleting local copy: n0p4la7q1d.dll deleting local copy: n46q0ej5eho.dll deleting local copy: n4l80e3ueh.dll deleting local copy: nTl80e3ueh.dll deleting local copy: pSutoenr.dll deleting local copy: r8r60i9se8.dll deleting local copy: scgina.dll deleting local copy: teappcmp.dll deleting local copy: uorv80a.dll deleting local copy: uurdpa.dll deleting local copy: vkajet32.dll deleting local copy: vnpodbc.dll deleting local copy: vwajet32.dll deleting local copy: winotify.dll deleting local copy: wvhfr.dll The following Is the Current Export of the Winlogon notify key: **************************************************************************** Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\BITS] "Asynchronous"=dword:00000000 "DllName"="C:\\WINDOWS\\system32\\m0rmla911d.dll" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\byxxx] "Asynchronous"=dword:00000001 "DllName"="C:\\WINDOWS\\System32\\byxxx.dll" "Impersonate"=dword:00000000 "Startup"="SysLogon" "Logoff"="SysLogoff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif] "DLLName"="wzcdlg.dll" "Logon"="WZCEventLogon" "Logoff"="WZCEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000000 The following are the files found: **************************************************************************** C:\WINDOWS\system32\ahvpack.dll C:\WINDOWS\system32\cgseqchk.dll C:\WINDOWS\system32\cugmgr32.dll C:\WINDOWS\system32\damsvinn.dLL C:\WINDOWS\system32\dCvclnt.dll C:\WINDOWS\system32\dfwsock.dll C:\WINDOWS\system32\ennsl1571.dll C:\WINDOWS\system32\f8j20i1oe8.dll C:\WINDOWS\system32\f8l00i3me8.dll C:\WINDOWS\system32\fnntext.dll C:\WINDOWS\system32\gttuname.dll C:\WINDOWS\system32\hqd.dll C:\WINDOWS\system32\hrrq0595e.dll C:\WINDOWS\system32\igseng.dll C:\WINDOWS\system32\ir2ml5f11.dll C:\WINDOWS\system32\irnol5531.dll C:\WINDOWS\system32\iZssam.dll C:\WINDOWS\system32\kcdhe.dll C:\WINDOWS\system32\kmdkaz.dll C:\WINDOWS\system32\l0p2la7o1d.dll C:\WINDOWS\system32\l48mlel11hq.dll C:\WINDOWS\system32\lqexpand.dll C:\WINDOWS\system32\lv2209foe.dll C:\WINDOWS\system32\lvns0957e.dll C:\WINDOWS\system32\m0rmla911d.dll C:\WINDOWS\system32\m4ls0e37eh.dll C:\WINDOWS\system32\m8rm0i91e8.dll C:\WINDOWS\system32\maoa.dll C:\WINDOWS\system32\mknetobj.dll C:\WINDOWS\system32\mql_hp.dll C:\WINDOWS\system32\mvdtctm.dll C:\WINDOWS\system32\n0p4la7q1d.dll C:\WINDOWS\system32\n46q0ej5eho.dll C:\WINDOWS\system32\n4l80e3ueh.dll C:\WINDOWS\system32\nTl80e3ueh.dll C:\WINDOWS\system32\pSutoenr.dll C:\WINDOWS\system32\r8r60i9se8.dll C:\WINDOWS\system32\scgina.dll C:\WINDOWS\system32\teappcmp.dll C:\WINDOWS\system32\uorv80a.dll C:\WINDOWS\system32\uurdpa.dll C:\WINDOWS\system32\vkajet32.dll C:\WINDOWS\system32\vnpodbc.dll C:\WINDOWS\system32\vwajet32.dll C:\WINDOWS\system32\winotify.dll C:\WINDOWS\system32\wvhfr.dll Registry Entries that were Deleted: Please verify that the listing looks ok. If there was something deleted wrongly there are backups in the backreg folder. **************************************************************************** Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{A3442736-583A-4F68-ACBE-650C04BAA1AB}] @="" [HKEY_CLASSES_ROOT\CLSID\{A3442736-583A-4F68-ACBE-650C04BAA1AB}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{A3442736-583A-4F68-ACBE-650C04BAA1AB}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{A3442736-583A-4F68-ACBE-650C04BAA1AB}\InprocServer32] @="C:\\WINDOWS\\system32\\winotify.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{16F1002D-7D86-42F1-8770-0E8755BA68F8}] @="" [HKEY_CLASSES_ROOT\CLSID\{16F1002D-7D86-42F1-8770-0E8755BA68F8}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{16F1002D-7D86-42F1-8770-0E8755BA68F8}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{16F1002D-7D86-42F1-8770-0E8755BA68F8}\InprocServer32] @="C:\\WINDOWS\\system32\\cgseqchk.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{33E8DEDB-D688-4FA1-AE36-744F51269326}] @="" [HKEY_CLASSES_ROOT\CLSID\{33E8DEDB-D688-4FA1-AE36-744F51269326}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{33E8DEDB-D688-4FA1-AE36-744F51269326}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{33E8DEDB-D688-4FA1-AE36-744F51269326}\InprocServer32] @="C:\\WINDOWS\\system32\\dCvclnt.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{8E1DE036-EF66-4FD6-B3FC-398B782D0ED5}] @="" [HKEY_CLASSES_ROOT\CLSID\{8E1DE036-EF66-4FD6-B3FC-398B782D0ED5}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{8E1DE036-EF66-4FD6-B3FC-398B782D0ED5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{8E1DE036-EF66-4FD6-B3FC-398B782D0ED5}\InprocServer32] @="C:\\WINDOWS\\system32\\dfwsock.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{B0F0AAA9-69A6-43E3-A002-0900BA9C4E61}] @="" [HKEY_CLASSES_ROOT\CLSID\{B0F0AAA9-69A6-43E3-A002-0900BA9C4E61}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{B0F0AAA9-69A6-43E3-A002-0900BA9C4E61}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{B0F0AAA9-69A6-43E3-A002-0900BA9C4E61}\InprocServer32] @="C:\\WINDOWS\\system32\\vkajet32.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{396075C5-B8F2-423F-A317-E8323C80FA69}] @="" [HKEY_CLASSES_ROOT\CLSID\{396075C5-B8F2-423F-A317-E8323C80FA69}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{396075C5-B8F2-423F-A317-E8323C80FA69}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{396075C5-B8F2-423F-A317-E8323C80FA69}\InprocServer32] @="C:\\WINDOWS\\system32\\teappcmp.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{59313572-04CB-4296-A477-8AD21B4CBEC4}] @="" [HKEY_CLASSES_ROOT\CLSID\{59313572-04CB-4296-A477-8AD21B4CBEC4}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{59313572-04CB-4296-A477-8AD21B4CBEC4}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{59313572-04CB-4296-A477-8AD21B4CBEC4}\InprocServer32] @="C:\\WINDOWS\\system32\\guard.tmp" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{806942EE-5FA0-48CB-8201-837C94435456}] @="" [HKEY_CLASSES_ROOT\CLSID\{806942EE-5FA0-48CB-8201-837C94435456}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{806942EE-5FA0-48CB-8201-837C94435456}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{806942EE-5FA0-48CB-8201-837C94435456}\InprocServer32] @="C:\\WINDOWS\\system32\\scgina.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{DB8067A6-6836-4F0F-AB38-E9E570B91332}] @="" [HKEY_CLASSES_ROOT\CLSID\{DB8067A6-6836-4F0F-AB38-E9E570B91332}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{DB8067A6-6836-4F0F-AB38-E9E570B91332}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{DB8067A6-6836-4F0F-AB38-E9E570B91332}\InprocServer32] @="C:\\WINDOWS\\system32\\pSutoenr.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{AE2A350D-33AE-4264-AB24-C39DA44959E9}] @="" [HKEY_CLASSES_ROOT\CLSID\{AE2A350D-33AE-4264-AB24-C39DA44959E9}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{AE2A350D-33AE-4264-AB24-C39DA44959E9}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{AE2A350D-33AE-4264-AB24-C39DA44959E9}\InprocServer32] @="C:\\WINDOWS\\system32\\uorv80a.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{1A133A57-03B5-4945-A142-88B51138DEB8}] @="" [HKEY_CLASSES_ROOT\CLSID\{1A133A57-03B5-4945-A142-88B51138DEB8}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{1A133A57-03B5-4945-A142-88B51138DEB8}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{1A133A57-03B5-4945-A142-88B51138DEB8}\InprocServer32] @="C:\\WINDOWS\\system32\\guard.tmp" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{B4D3C635-A656-46BD-8316-D58FD52946BA}] @="" [HKEY_CLASSES_ROOT\CLSID\{B4D3C635-A656-46BD-8316-D58FD52946BA}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{B4D3C635-A656-46BD-8316-D58FD52946BA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{B4D3C635-A656-46BD-8316-D58FD52946BA}\InprocServer32] @="C:\\WINDOWS\\system32\\kmdkaz.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{DC024900-3F54-4180-834B-93D055B53E48}] @="" [HKEY_CLASSES_ROOT\CLSID\{DC024900-3F54-4180-834B-93D055B53E48}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{DC024900-3F54-4180-834B-93D055B53E48}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{DC024900-3F54-4180-834B-93D055B53E48}\InprocServer32] @="C:\\WINDOWS\\system32\\damsvinn.dLL" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{E3254A37-8CEC-4F58-A8AB-7553B07883BD}] @="" [HKEY_CLASSES_ROOT\CLSID\{E3254A37-8CEC-4F58-A8AB-7553B07883BD}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{E3254A37-8CEC-4F58-A8AB-7553B07883BD}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{E3254A37-8CEC-4F58-A8AB-7553B07883BD}\InprocServer32] @="C:\\WINDOWS\\system32\\lqexpand.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{988B51C4-149B-4FEE-975B-293EFE301662}] @="" [HKEY_CLASSES_ROOT\CLSID\{988B51C4-149B-4FEE-975B-293EFE301662}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{988B51C4-149B-4FEE-975B-293EFE301662}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{988B51C4-149B-4FEE-975B-293EFE301662}\InprocServer32] @="C:\\WINDOWS\\system32\\iZssam.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{0E7B6F1F-FECD-403E-9C3B-7CE56BAF4F56}] @="" [HKEY_CLASSES_ROOT\CLSID\{0E7B6F1F-FECD-403E-9C3B-7CE56BAF4F56}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{0E7B6F1F-FECD-403E-9C3B-7CE56BAF4F56}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{0E7B6F1F-FECD-403E-9C3B-7CE56BAF4F56}\InprocServer32] @="C:\\WINDOWS\\system32\\mql_hp.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{4F035F34-7489-450C-9355-399B2CCA7114}] @="" [HKEY_CLASSES_ROOT\CLSID\{4F035F34-7489-450C-9355-399B2CCA7114}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{4F035F34-7489-450C-9355-399B2CCA7114}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{4F035F34-7489-450C-9355-399B2CCA7114}\InprocServer32] @="C:\\WINDOWS\\system32\\fnntext.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{9F0048CC-0118-4FEB-9E51-3117F58881CF}] @="" [HKEY_CLASSES_ROOT\CLSID\{9F0048CC-0118-4FEB-9E51-3117F58881CF}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{9F0048CC-0118-4FEB-9E51-3117F58881CF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{9F0048CC-0118-4FEB-9E51-3117F58881CF}\InprocServer32] @="C:\\WINDOWS\\system32\\mvdtctm.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{880F2FF9-D15B-45E3-B62B-BFEE14092CF6}] @="" [HKEY_CLASSES_ROOT\CLSID\{880F2FF9-D15B-45E3-B62B-BFEE14092CF6}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{880F2FF9-D15B-45E3-B62B-BFEE14092CF6}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{880F2FF9-D15B-45E3-B62B-BFEE14092CF6}\InprocServer32] @="C:\\WINDOWS\\system32\\guard.tmp" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{350DEE64-F7BB-4699-9CD4-1BDECE32F540}] @="" [HKEY_CLASSES_ROOT\CLSID\{350DEE64-F7BB-4699-9CD4-1BDECE32F540}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{350DEE64-F7BB-4699-9CD4-1BDECE32F540}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{350DEE64-F7BB-4699-9CD4-1BDECE32F540}\InprocServer32] @="C:\\WINDOWS\\system32\\nTl80e3ueh.dll" "ThreadingModel"="Apartment" REGEDIT4 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{4CCC8988-6CEF-4494-B633-C551730DEB29}"= "{A3442736-583A-4F68-ACBE-650C04BAA1AB}"= "{16F1002D-7D86-42F1-8770-0E8755BA68F8}"= "{33E8DEDB-D688-4FA1-AE36-744F51269326}"= "{8E1DE036-EF66-4FD6-B3FC-398B782D0ED5}"= "{B0F0AAA9-69A6-43E3-A002-0900BA9C4E61}"= "{9FC45132-AAAB-4328-B124-8A5366DFCD81}"= "{396075C5-B8F2-423F-A317-E8323C80FA69}"= "{59313572-04CB-4296-A477-8AD21B4CBEC4}"= "{806942EE-5FA0-48CB-8201-837C94435456}"= "{DB8067A6-6836-4F0F-AB38-E9E570B91332}"= "{AE2A350D-33AE-4264-AB24-C39DA44959E9}"= "{1A133A57-03B5-4945-A142-88B51138DEB8}"= "{B4D3C635-A656-46BD-8316-D58FD52946BA}"= "{DC024900-3F54-4180-834B-93D055B53E48}"= "{E3254A37-8CEC-4F58-A8AB-7553B07883BD}"= "{988B51C4-149B-4FEE-975B-293EFE301662}"= "{0E7B6F1F-FECD-403E-9C3B-7CE56BAF4F56}"= "{4F035F34-7489-450C-9355-399B2CCA7114}"= "{9F0048CC-0118-4FEB-9E51-3117F58881CF}"= "{880F2FF9-D15B-45E3-B62B-BFEE14092CF6}"= "{350DEE64-F7BB-4699-9CD4-1BDECE32F540}"= [-HKEY_CLASSES_ROOT\CLSID\{4CCC8988-6CEF-4494-B633-C551730DEB29}] [-HKEY_CLASSES_ROOT\CLSID\{A3442736-583A-4F68-ACBE-650C04BAA1AB}] [-HKEY_CLASSES_ROOT\CLSID\{16F1002D-7D86-42F1-8770-0E8755BA68F8}] [-HKEY_CLASSES_ROOT\CLSID\{33E8DEDB-D688-4FA1-AE36-744F51269326}] [-HKEY_CLASSES_ROOT\CLSID\{8E1DE036-EF66-4FD6-B3FC-398B782D0ED5}] [-HKEY_CLASSES_ROOT\CLSID\{B0F0AAA9-69A6-43E3-A002-0900BA9C4E61}] [-HKEY_CLASSES_ROOT\CLSID\{9FC45132-AAAB-4328-B124-8A5366DFCD81}] [-HKEY_CLASSES_ROOT\CLSID\{396075C5-B8F2-423F-A317-E8323C80FA69}] [-HKEY_CLASSES_ROOT\CLSID\{59313572-04CB-4296-A477-8AD21B4CBEC4}] [-HKEY_CLASSES_ROOT\CLSID\{806942EE-5FA0-48CB-8201-837C94435456}] [-HKEY_CLASSES_ROOT\CLSID\{DB8067A6-6836-4F0F-AB38-E9E570B91332}] [-HKEY_CLASSES_ROOT\CLSID\{AE2A350D-33AE-4264-AB24-C39DA44959E9}] [-HKEY_CLASSES_ROOT\CLSID\{1A133A57-03B5-4945-A142-88B51138DEB8}] [-HKEY_CLASSES_ROOT\CLSID\{B4D3C635-A656-46BD-8316-D58FD52946BA}] [-HKEY_CLASSES_ROOT\CLSID\{DC024900-3F54-4180-834B-93D055B53E48}] [-HKEY_CLASSES_ROOT\CLSID\{E3254A37-8CEC-4F58-A8AB-7553B07883BD}] [-HKEY_CLASSES_ROOT\CLSID\{988B51C4-149B-4FEE-975B-293EFE301662}] [-HKEY_CLASSES_ROOT\CLSID\{0E7B6F1F-FECD-403E-9C3B-7CE56BAF4F56}] [-HKEY_CLASSES_ROOT\CLSID\{4F035F34-7489-450C-9355-399B2CCA7114}] [-HKEY_CLASSES_ROOT\CLSID\{9F0048CC-0118-4FEB-9E51-3117F58881CF}] [-HKEY_CLASSES_ROOT\CLSID\{880F2FF9-D15B-45E3-B62B-BFEE14092CF6}] [-HKEY_CLASSES_ROOT\CLSID\{350DEE64-F7BB-4699-9CD4-1BDECE32F540}] REGEDIT4 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] **************************************************************************** Desktop.ini Contents: **************************************************************************** **************************************************************************** C:\WINDOWS\System32\0E7B6F1F-FECD-403E-9C3B-7CE56BAF4F56.reg C:\WINDOWS\System32\16F1002D-7D86-42F1-8770-0E8755BA68F8.reg C:\WINDOWS\System32\1A133A57-03B5-4945-A142-88B51138DEB8.reg C:\WINDOWS\System32\33E8DEDB-D688-4FA1-AE36-744F51269326.reg C:\WINDOWS\System32\350DEE64-F7BB-4699-9CD4-1BDECE32F540.reg C:\WINDOWS\System32\396075C5-B8F2-423F-A317-E8323C80FA69.reg C:\WINDOWS\System32\4F035F34-7489-450C-9355-399B2CCA7114.reg C:\WINDOWS\System32\59313572-04CB-4296-A477-8AD21B4CBEC4.reg C:\WINDOWS\System32\806942EE-5FA0-48CB-8201-837C94435456.reg C:\WINDOWS\System32\880F2FF9-D15B-45E3-B62B-BFEE14092CF6.reg C:\WINDOWS\System32\8E1DE036-EF66-4FD6-B3FC-398B782D0ED5.reg C:\WINDOWS\System32\988B51C4-149B-4FEE-975B-293EFE301662.reg C:\WINDOWS\System32\9F0048CC-0118-4FEB-9E51-3117F58881CF.reg C:\WINDOWS\System32\A3442736-583A-4F68-ACBE-650C04BAA1AB.reg C:\WINDOWS\System32\AE2A350D-33AE-4264-AB24-C39DA44959E9.reg C:\WINDOWS\System32\B0F0AAA9-69A6-43E3-A002-0900BA9C4E61.reg C:\WINDOWS\System32\B4D3C635-A656-46BD-8316-D58FD52946BA.reg C:\WINDOWS\System32\DB8067A6-6836-4F0F-AB38-E9E570B91332.reg C:\WINDOWS\System32\DC024900-3F54-4180-834B-93D055B53E48.reg C:\WINDOWS\System32\E3254A37-8CEC-4F58-A8AB-7553B07883BD.reg Checking for L2MFix account(0=no 1=yes): 0 adding: dlls/ahvpack.dll (164 bytes security) (deflated 5%) adding: dlls/cgseqchk.dll (164 bytes security) (deflated 4%) adding: dlls/cugmgr32.dll (164 bytes security) (deflated 4%) adding: dlls/damsvinn.dLL (164 bytes security) (deflated 4%) adding: dlls/dCvclnt.dll (164 bytes security) (deflated 4%) adding: dlls/dfwsock.dll (164 bytes security) (deflated 5%) adding: dlls/ennsl1571.dll (164 bytes security) (deflated 4%) adding: dlls/f8j20i1oe8.dll (164 bytes security) (deflated 5%) adding: dlls/f8l00i3me8.dll (164 bytes security) (deflated 4%) adding: dlls/fnntext.dll (164 bytes security) (deflated 5%) adding: dlls/gttuname.dll (164 bytes security) (deflated 4%) adding: dlls/hqd.dll (164 bytes security) (deflated 5%) adding: dlls/hrrq0595e.dll (164 bytes security) (deflated 6%) adding: dlls/igseng.dll (164 bytes security) (deflated 5%) adding: dlls/ir2ml5f11.dll (164 bytes security) (deflated 5%) adding: dlls/irnol5531.dll (164 bytes security) (deflated 5%) adding: dlls/iZssam.dll (164 bytes security) (deflated 4%) adding: dlls/kcdhe.dll (164 bytes security) (deflated 5%) adding: dlls/kmdkaz.dll (164 bytes security) (deflated 5%) adding: dlls/l0p2la7o1d.dll (164 bytes security) (deflated 5%) adding: dlls/l48mlel11hq.dll (164 bytes security) (deflated 5%) adding: dlls/lqexpand.dll (164 bytes security) (deflated 5%) adding: dlls/lv2209foe.dll (164 bytes security) (deflated 4%) adding: dlls/lvns0957e.dll (164 bytes security) (deflated 5%) adding: dlls/m0rmla911d.dll (164 bytes security) (deflated 5%) adding: dlls/m4ls0e37eh.dll (164 bytes security) (deflated 5%) adding: dlls/m8rm0i91e8.dll (164 bytes security) (deflated 4%) adding: dlls/maoa.dll (164 bytes security) (deflated 5%) adding: dlls/mknetobj.dll (164 bytes security) (deflated 4%) adding: dlls/mql_hp.dll (164 bytes security) (deflated 5%) adding: dlls/mvdtctm.dll (164 bytes security) (deflated 5%) adding: dlls/n0p4la7q1d.dll (164 bytes security) (deflated 5%) adding: dlls/n46q0ej5eho.dll (164 bytes security) (deflated 5%) adding: dlls/n4l80e3ueh.dll (164 bytes security) (deflated 5%) adding: dlls/nTl80e3ueh.dll (164 bytes security) (deflated 5%) adding: dlls/pSutoenr.dll (164 bytes security) (deflated 5%) adding: dlls/r8r60i9se8.dll (164 bytes security) (deflated 5%) adding: dlls/scgina.dll (164 bytes security) (deflated 5%) adding: dlls/teappcmp.dll (164 bytes security) (deflated 5%) adding: dlls/uorv80a.dll (164 bytes security) (deflated 5%) adding: dlls/uurdpa.dll (164 bytes security) (deflated 5%) adding: dlls/vkajet32.dll (164 bytes security) (deflated 5%) adding: dlls/vnpodbc.dll (164 bytes security) (deflated 5%) adding: dlls/vwajet32.dll (164 bytes security) (deflated 5%) adding: dlls/winotify.dll (164 bytes security) (deflated 4%) adding: dlls/wvhfr.dll (164 bytes security) (deflated 5%) 2EME RAPPORT: Logfile of HijackThis v1.99.1 Scan saved at 21:07:44, on 12/12/2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\System32\atievxx.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\System32\ctfmon.exe C:\Documents and Settings\Seabra Alvaro\Mes documents\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: ATLDistrib Object - {3FE36807-69ED-45D1-B9BE-85C0E3F75B6A} - C:\WINDOWS\System32\byxxx.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [NTSF MICROSOFT SYSTEM] ntsfd.exe O4 - HKLM\..\RunServices: [MSN Checker] msnchecker.exe O4 - HKLM\..\RunServices: [NTSF MICROSOFT SYSTEM] ntsfd.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [NTSF MICROSOFT SYSTEM] ntsfd.exe O4 - HKCU\..\RunServices: [MSN Checker] msnchecker.exe O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: BITS - C:\WINDOWS\system32\m0rmla911d.dll (file missing) O20 - Winlogon Notify: byxxx - C:\WINDOWS\System32\byxxx.dll O21 - SSODL: winmgmt - {07CB7C7A-90D4-A868-EED7-E7E77B138A44} - C:\WINDOWS\help\clipbrd.hlp O23 - Service: AntiVir Scheduler (AntiVirScheduler) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: MicroSoft Media Tools - Unknown owner - C:\WINDOWS\MSmedia.exe O23 - Service: Service Hosts (ServiceHost) - Unknown owner - C:\WINDOWS\shost.exe (file missing) merci encore ...
  2. herisson38
    salut ! merci pour tes infos et voici les rapports demander Logfile of HijackThis v1.99.1 Scan saved at 00:04:06, on 12/12/2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\System32\atievxx.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\explorer.exe C:\Documents and Settings\Seabra Alvaro\Mes documents\HijackThis.exe C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: ATLDistrib Object - {3FE36807-69ED-45D1-B9BE-85C0E3F75B6A} - C:\WINDOWS\System32\byxxx.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [NTSF MICROSOFT SYSTEM] ntsfd.exe O4 - HKLM\..\RunServices: [MSN Checker] msnchecker.exe O4 - HKLM\..\RunServices: [NTSF MICROSOFT SYSTEM] ntsfd.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [NTSF MICROSOFT SYSTEM] ntsfd.exe O4 - HKCU\..\RunServices: [MSN Checker] msnchecker.exe O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: byxxx - C:\WINDOWS\System32\byxxx.dll O20 - Winlogon Notify: Unimodem - C:\WINDOWS\system32\l82s0if7e82.dll O21 - SSODL: winmgmt - {07CB7C7A-90D4-A868-EED7-E7E77B138A44} - C:\WINDOWS\help\clipbrd.hlp O23 - Service: AntiVir Scheduler (AntiVirScheduler) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: MicroSoft Media Tools - Unknown owner - C:\WINDOWS\MSmedia.exe O23 - Service: Service Hosts (ServiceHost) - Unknown owner - C:\WINDOWS\shost.exe (file missing) VundoFix V2.15 by Atri -------------------------------------------------------------------------------------- Listing files contained in the vundofix folder. -------------------------------------------------------------------------------------- killvundo.bat process.exe ReadMe.txt vundo.reg vundofix.txt -------------------------------------------------------------------------------------- Filepaths entered -------------------------------------------------------------------------------------- The filepath entered was c:\windows\system32\byxxx.dll The second filepath entered was c:\windows\system32\xxxyb.* -------------------------------------------------------------------------------------- Log from Process -------------------------------------------------------------------------------------- Killing PID 532 'smss.exe' Error 0x6 : Descripteur non valide Killing PID 1840 'explorer.exe' Killing PID 1840 'explorer.exe' Killing PID 1840 'explorer.exe' Killing PID 1840 'explorer.exe' Killing PID 1840 'explorer.exe' Killing PID 620 'winlogon.exe' Error 0x6 : Descripteur non valide -------------------------------------------------------------------------------------- Could not delete c:\windows\system32\byxxx.dll. c:\windows\system32\xxxyb.* Deleted sucessfully. Fixing Registry -------------------------------------------------------------------------------------- en effet c'est tres long!!!!! L2MFIX find log 120905 These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] "Asynchronous"=dword:00000000 "DllName"="" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\byxxx] "Asynchronous"=dword:00000001 "DllName"="C:\\WINDOWS\\System32\\byxxx.dll" "Impersonate"=dword:00000000 "Startup"="SysLogon" "Logoff"="SysLogoff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Unimodem] "Asynchronous"=dword:00000000 "DllName"="C:\\WINDOWS\\system32\\l82s0if7e82.dll" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "{F4D51973-BE69-D07E-56B8-16E88D967762}"="" ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia" "{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM" "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS" "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile" "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage" "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension" "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration" "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage ?cran du Panneau de configuration" "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration" "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS" "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚" "{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement" "{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette" "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows" "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM" "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM" "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers" "{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web" "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI" "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage" "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents" "{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal" "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts" "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC" "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes" "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage" "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension" "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO" "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign" "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau" "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau" "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo" "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo" "{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo" "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo" "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo" "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension" "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Extension de la page de propri‚t‚s de mise … jour automatique" "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows" "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft" "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler" "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension" "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es" "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer" "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher" "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support" "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support" "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..." "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet" "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique" "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices" "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration" "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler" "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler" "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler" "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler" "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler" "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor" "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft" "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="?tat du t‚l‚chargement" "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu" "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚" "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy" "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft" "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche" "{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band" "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche" "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web" "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre" "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse" "{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse" "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft" "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor" "{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU" "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU" "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible" "{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante" "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses" "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft" "{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft" "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft" "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes" "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp" "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau" "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite" "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur" "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global" "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band" "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service" "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer" "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture" "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut" "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service" "{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique" "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook" "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4" "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook" "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC" "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC" "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet" "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space" "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band" "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache" "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck" "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr" "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription" "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler" "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent" "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent" "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent" "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent" "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent" "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler" "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement" "{0B124F8F-91F0-11D1-B8B5-006008059382}"="?num‚rateur d'applications install‚es" "{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin" "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs" "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory" "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI" "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)" "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML" "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler" "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web" "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web" "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell" "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport" "{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs" "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler" "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target" "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview" "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext" "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control" "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control" "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control" "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control" "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control" "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI" "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object" "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find" "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find" "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI" "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs" "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook" "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target" "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties" "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu" "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options" "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion" "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler" "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell" "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%" "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler" "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer" "{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..." "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler" "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler" "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler" "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"="AVG7 Shell Extension" "{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}"="AVG7 Find Extension" "{4CCC8988-6CEF-4494-B633-C551730DEB29}"="" "{A3442736-583A-4F68-ACBE-650C04BAA1AB}"="" "{16F1002D-7D86-42F1-8770-0E8755BA68F8}"="" "{33E8DEDB-D688-4FA1-AE36-744F51269326}"="" "{8E1DE036-EF66-4FD6-B3FC-398B782D0ED5}"="" "{B0F0AAA9-69A6-43E3-A002-0900BA9C4E61}"="" "{9FC45132-AAAB-4328-B124-8A5366DFCD81}"="" "{396075C5-B8F2-423F-A317-E8323C80FA69}"="" "{59313572-04CB-4296-A477-8AD21B4CBEC4}"="" "{A5B83E36-5D16-47E8-BADB-6EE748B33093}"="TZ Shredder Context Menu" "{806942EE-5FA0-48CB-8201-837C94435456}"="" "{DB8067A6-6836-4F0F-AB38-E9E570B91332}"="" "{AE2A350D-33AE-4264-AB24-C39DA44959E9}"="" "{1A133A57-03B5-4945-A142-88B51138DEB8}"="" "{B4D3C635-A656-46BD-8316-D58FD52946BA}"="" "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"="Shell Extension for Malware scanning" "{DC024900-3F54-4180-834B-93D055B53E48}"="" "{E3254A37-8CEC-4F58-A8AB-7553B07883BD}"="" "{988B51C4-149B-4FEE-975B-293EFE301662}"="" "{0E7B6F1F-FECD-403E-9C3B-7CE56BAF4F56}"="" "{4F035F34-7489-450C-9355-399B2CCA7114}"="" "{9F0048CC-0118-4FEB-9E51-3117F58881CF}"="" "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne" "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne" "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object" "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu" "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties" "{880F2FF9-D15B-45E3-B62B-BFEE14092CF6}"="" "{350DEE64-F7BB-4699-9CD4-1BDECE32F540}"="" ********************************************************************************** HKEY ROOT CLASSIDS: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{A3442736-583A-4F68-ACBE-650C04BAA1AB}] @="" [HKEY_CLASSES_ROOT\CLSID\{A3442736-583A-4F68-ACBE-650C04BAA1AB}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{A3442736-583A-4F68-ACBE-650C04BAA1AB}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{A3442736-583A-4F68-ACBE-650C04BAA1AB}\InprocServer32] @="C:\\WINDOWS\\system32\\winotify.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{16F1002D-7D86-42F1-8770-0E8755BA68F8}] @="" [HKEY_CLASSES_ROOT\CLSID\{16F1002D-7D86-42F1-8770-0E8755BA68F8}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{16F1002D-7D86-42F1-8770-0E8755BA68F8}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{16F1002D-7D86-42F1-8770-0E8755BA68F8}\InprocServer32] @="C:\\WINDOWS\\system32\\cgseqchk.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{33E8DEDB-D688-4FA1-AE36-744F51269326}] @="" [HKEY_CLASSES_ROOT\CLSID\{33E8DEDB-D688-4FA1-AE36-744F51269326}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{33E8DEDB-D688-4FA1-AE36-744F51269326}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{33E8DEDB-D688-4FA1-AE36-744F51269326}\InprocServer32] @="C:\\WINDOWS\\system32\\dCvclnt.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{8E1DE036-EF66-4FD6-B3FC-398B782D0ED5}] @="" [HKEY_CLASSES_ROOT\CLSID\{8E1DE036-EF66-4FD6-B3FC-398B782D0ED5}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{8E1DE036-EF66-4FD6-B3FC-398B782D0ED5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{8E1DE036-EF66-4FD6-B3FC-398B782D0ED5}\InprocServer32] @="C:\\WINDOWS\\system32\\dfwsock.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{B0F0AAA9-69A6-43E3-A002-0900BA9C4E61}] @="" [HKEY_CLASSES_ROOT\CLSID\{B0F0AAA9-69A6-43E3-A002-0900BA9C4E61}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{B0F0AAA9-69A6-43E3-A002-0900BA9C4E61}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{B0F0AAA9-69A6-43E3-A002-0900BA9C4E61}\InprocServer32] @="C:\\WINDOWS\\system32\\vkajet32.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{396075C5-B8F2-423F-A317-E8323C80FA69}] @="" [HKEY_CLASSES_ROOT\CLSID\{396075C5-B8F2-423F-A317-E8323C80FA69}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{396075C5-B8F2-423F-A317-E8323C80FA69}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{396075C5-B8F2-423F-A317-E8323C80FA69}\InprocServer32] @="C:\\WINDOWS\\system32\\teappcmp.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{59313572-04CB-4296-A477-8AD21B4CBEC4}] @="" [HKEY_CLASSES_ROOT\CLSID\{59313572-04CB-4296-A477-8AD21B4CBEC4}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{59313572-04CB-4296-A477-8AD21B4CBEC4}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{59313572-04CB-4296-A477-8AD21B4CBEC4}\InprocServer32] @="C:\\WINDOWS\\system32\\guard.tmp" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{806942EE-5FA0-48CB-8201-837C94435456}] @="" [HKEY_CLASSES_ROOT\CLSID\{806942EE-5FA0-48CB-8201-837C94435456}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{806942EE-5FA0-48CB-8201-837C94435456}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{806942EE-5FA0-48CB-8201-837C94435456}\InprocServer32] @="C:\\WINDOWS\\system32\\scgina.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{DB8067A6-6836-4F0F-AB38-E9E570B91332}] @="" [HKEY_CLASSES_ROOT\CLSID\{DB8067A6-6836-4F0F-AB38-E9E570B91332}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{DB8067A6-6836-4F0F-AB38-E9E570B91332}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{DB8067A6-6836-4F0F-AB38-E9E570B91332}\InprocServer32] @="C:\\WINDOWS\\system32\\pSutoenr.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{AE2A350D-33AE-4264-AB24-C39DA44959E9}] @="" [HKEY_CLASSES_ROOT\CLSID\{AE2A350D-33AE-4264-AB24-C39DA44959E9}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{AE2A350D-33AE-4264-AB24-C39DA44959E9}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{AE2A350D-33AE-4264-AB24-C39DA44959E9}\InprocServer32] @="C:\\WINDOWS\\system32\\uorv80a.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{1A133A57-03B5-4945-A142-88B51138DEB8}] @="" [HKEY_CLASSES_ROOT\CLSID\{1A133A57-03B5-4945-A142-88B51138DEB8}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{1A133A57-03B5-4945-A142-88B51138DEB8}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{1A133A57-03B5-4945-A142-88B51138DEB8}\InprocServer32] @="C:\\WINDOWS\\system32\\guard.tmp" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{B4D3C635-A656-46BD-8316-D58FD52946BA}] @="" [HKEY_CLASSES_ROOT\CLSID\{B4D3C635-A656-46BD-8316-D58FD52946BA}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{B4D3C635-A656-46BD-8316-D58FD52946BA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{B4D3C635-A656-46BD-8316-D58FD52946BA}\InprocServer32] @="C:\\WINDOWS\\system32\\kmdkaz.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{DC024900-3F54-4180-834B-93D055B53E48}] @="" [HKEY_CLASSES_ROOT\CLSID\{DC024900-3F54-4180-834B-93D055B53E48}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{DC024900-3F54-4180-834B-93D055B53E48}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{DC024900-3F54-4180-834B-93D055B53E48}\InprocServer32] @="C:\\WINDOWS\\system32\\damsvinn.dLL" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{E3254A37-8CEC-4F58-A8AB-7553B07883BD}] @="" [HKEY_CLASSES_ROOT\CLSID\{E3254A37-8CEC-4F58-A8AB-7553B07883BD}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{E3254A37-8CEC-4F58-A8AB-7553B07883BD}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{E3254A37-8CEC-4F58-A8AB-7553B07883BD}\InprocServer32] @="C:\\WINDOWS\\system32\\lqexpand.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{988B51C4-149B-4FEE-975B-293EFE301662}] @="" [HKEY_CLASSES_ROOT\CLSID\{988B51C4-149B-4FEE-975B-293EFE301662}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{988B51C4-149B-4FEE-975B-293EFE301662}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{988B51C4-149B-4FEE-975B-293EFE301662}\InprocServer32] @="C:\\WINDOWS\\system32\\iZssam.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{0E7B6F1F-FECD-403E-9C3B-7CE56BAF4F56}] @="" [HKEY_CLASSES_ROOT\CLSID\{0E7B6F1F-FECD-403E-9C3B-7CE56BAF4F56}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{0E7B6F1F-FECD-403E-9C3B-7CE56BAF4F56}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{0E7B6F1F-FECD-403E-9C3B-7CE56BAF4F56}\InprocServer32] @="C:\\WINDOWS\\system32\\mql_hp.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{4F035F34-7489-450C-9355-399B2CCA7114}] @="" [HKEY_CLASSES_ROOT\CLSID\{4F035F34-7489-450C-9355-399B2CCA7114}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{4F035F34-7489-450C-9355-399B2CCA7114}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{4F035F34-7489-450C-9355-399B2CCA7114}\InprocServer32] @="C:\\WINDOWS\\system32\\fnntext.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{9F0048CC-0118-4FEB-9E51-3117F58881CF}] @="" [HKEY_CLASSES_ROOT\CLSID\{9F0048CC-0118-4FEB-9E51-3117F58881CF}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{9F0048CC-0118-4FEB-9E51-3117F58881CF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{9F0048CC-0118-4FEB-9E51-3117F58881CF}\InprocServer32] @="C:\\WINDOWS\\system32\\mvdtctm.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{880F2FF9-D15B-45E3-B62B-BFEE14092CF6}] @="" [HKEY_CLASSES_ROOT\CLSID\{880F2FF9-D15B-45E3-B62B-BFEE14092CF6}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{880F2FF9-D15B-45E3-B62B-BFEE14092CF6}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{880F2FF9-D15B-45E3-B62B-BFEE14092CF6}\InprocServer32] @="C:\\WINDOWS\\system32\\guard.tmp" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{350DEE64-F7BB-4699-9CD4-1BDECE32F540}] @="" [HKEY_CLASSES_ROOT\CLSID\{350DEE64-F7BB-4699-9CD4-1BDECE32F540}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{350DEE64-F7BB-4699-9CD4-1BDECE32F540}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{350DEE64-F7BB-4699-9CD4-1BDECE32F540}\InprocServer32] @="C:\\WINDOWS\\system32\\ksdes.dll" "ThreadingModel"="Apartment" ********************************************************************************** Files Found are not all bad files: C:\WINDOWS\SYSTEM32\ ahvpack.dll Sat 10 Dec 2005 9:26:30 A.S.R 235 790 230,26 K byxxx.dll Tue 6 Dec 2005 19:35:44 ..... 557 108 544,05 K cbawx.dll Mon 5 Dec 2005 19:54:04 A.SH. 557 108 544,05 K cbaxw.dll Mon 5 Dec 2005 22:45:56 A.SH. 27 661 27,01 K cgseqchk.dll Sun 4 Dec 2005 16:01:36 A.S.R 234 525 229,03 K cugmgr32.dll Fri 9 Dec 2005 23:43:50 A.S.R 233 807 228,32 K damsvinn.dll Fri 9 Dec 2005 23:26:58 A.S.R 233 807 228,32 K dcvclnt.dll Sun 4 Dec 2005 18:10:16 A.S.R 234 272 228,78 K ddaba.dll Mon 5 Dec 2005 21:01:44 A.SH. 27 661 27,01 K dfwsock.dll Mon 5 Dec 2005 20:56:18 A.S.R 235 856 230,33 K efcaw.dll Mon 5 Dec 2005 20:05:06 A.SH. 27 661 27,01 K ennsl1~1.dll Sun 4 Dec 2005 23:45:18 A.S.R 234 272 228,78 K f8j20i~1.dll Mon 5 Dec 2005 19:46:10 A.S.R 235 912 230,38 K f8l00i~1.dll Sun 4 Dec 2005 20:50:16 A.S.R 234 525 229,03 K fcyax.dll Sun 4 Dec 2005 19:38:32 A.SH. 27 661 27,01 K fnntext.dll Sun 11 Dec 2005 14:41:14 A.S.R 234 353 228,86 K gttuname.dll Sat 10 Dec 2005 10:13:44 A.S.R 233 480 228,01 K hgdcy.dll Sun 4 Dec 2005 22:39:32 A.SH. 27 661 27,01 K hggda.dll Mon 5 Dec 2005 19:51:02 A.SH. 27 661 27,01 K hqd.dll Tue 6 Dec 2005 21:59:10 A.S.R 236 980 231,43 K hrrq05~1.dll Sun 11 Dec 2005 17:29:50 A.... 236 959 231,40 K igseng.dll Sat 10 Dec 2005 9:56:38 A.S.R 235 790 230,26 K ir2ml5~1.dll Fri 9 Dec 2005 23:19:30 A.S.R 236 968 231,41 K izssam.dll Sun 11 Dec 2005 12:23:02 A.S.R 233 508 228,04 K kcdhe.dll Sun 11 Dec 2005 18:39:44 ..S.R 234 353 228,86 K khfcy.dll Mon 5 Dec 2005 23:08:22 A.SH. 27 661 27,01 K kmdkaz.dll Fri 9 Dec 2005 17:59:18 A.S.R 236 968 231,41 K ksdes.dll Sun 11 Dec 2005 23:39:38 ..S.R 234 353 228,86 K l0p2la~1.dll Sun 11 Dec 2005 20:38:22 ..S.R 234 361 228,87 K l48mle~1.dll Sat 10 Dec 2005 10:13:42 A.S.R 234 664 229,16 K l82s0i~1.dll Sun 11 Dec 2005 19:15:32 ..S.R 234 353 228,86 K lqexpand.dll Fri 9 Dec 2005 23:57:36 A.S.R 234 921 229,41 K lv2209~1.dll Mon 5 Dec 2005 22:56:26 A.S.R 234 076 228,59 K lvns09~1.dll Sun 11 Dec 2005 22:24:06 ..S.R 234 353 228,86 K m0rmla~1.dll Sun 11 Dec 2005 23:16:02 ..S.R 234 353 228,86 K m4ls0e~1.dll Sun 11 Dec 2005 22:14:22 ..S.R 234 353 228,86 K m8rm0i~1.dll Sun 11 Dec 2005 13:04:02 A.S.R 233 508 228,04 K maoa.dll Sun 11 Dec 2005 17:12:30 A.S.R 234 353 228,86 K mknetobj.dll Sat 10 Dec 2005 0:21:18 A.S.R 233 807 228,32 K mljgg.dll Mon 5 Dec 2005 22:18:28 A.SH. 27 661 27,01 K mql_hp.dll Sun 11 Dec 2005 13:10:56 A.S.R 234 353 228,86 K msvcp71.dll Sun 4 Dec 2005 12:12:14 A.... 499 712 488,00 K msvcr71.dll Sun 4 Dec 2005 12:12:14 A.... 348 160 340,00 K mvdtctm.dll Sun 11 Dec 2005 19:19:16 ..S.R 234 361 228,87 K n0p4la~1.dll Sat 10 Dec 2005 10:19:10 A.S.R 234 978 229,47 K n46q0e~1.dll Sat 10 Dec 2005 0:34:46 A.S.R 236 354 230,81 K n4l80e~1.dll Sat 10 Dec 2005 0:29:44 A.S.R 235 790 230,26 K psutoenr.dll Thu 8 Dec 2005 21:56:00 A.S.R 236 968 231,41 K qomjj.dll Sun 4 Dec 2005 14:24:30 A.SH. 27 661 27,01 K qopnl.dll Sun 4 Dec 2005 23:32:28 A.SH. 27 661 27,01 K r8r60i~1.dll Tue 6 Dec 2005 22:03:12 A.S.R 236 980 231,43 K scgina.dll Thu 8 Dec 2005 21:09:28 A.S.R 236 968 231,41 K sirenacm.dll Thu 13 Oct 2005 0:11:06 A.... 118 784 116,00 K ssqpq.dll Mon 5 Dec 2005 22:56:28 A.SH. 27 661 27,01 K teappcmp.dll Tue 6 Dec 2005 19:46:28 A.S.R 236 968 231,41 K uorv80a.dll Thu 8 Dec 2005 22:37:26 A.S.R 236 968 231,41 K urqon.dll Sun 4 Dec 2005 13:02:00 A.SH. 27 661 27,01 K uurdpa.dll Sun 11 Dec 2005 17:09:00 A.S.R 235 137 229,63 K vkajet32.dll Mon 5 Dec 2005 22:41:54 A.S.R 236 419 230,88 K vnpodbc.dll Fri 9 Dec 2005 23:37:08 A.S.R 234 921 229,41 K vtssq.dll Tue 6 Dec 2005 19:33:12 A.SH. 27 661 27,01 K vwajet32.dll Sun 11 Dec 2005 17:15:08 A.S.R 236 364 230,82 K winotify.dll Sun 4 Dec 2005 14:20:52 A.S.R 234 272 228,78 K wvhfr.dll Sat 10 Dec 2005 0:29:44 A.S.R 234 956 229,45 K wvwtt.dll Sun 4 Dec 2005 16:04:34 A.SH. 27 661 27,01 K 65 items found: 65 files (60 H/S), 0 directories. Total of file sizes: 13 284 463 bytes 12,67 M Locate .tmp files: C:\WINDOWS\SYSTEM32\ xxxyb.tmp Sun 11 Dec 2005 23:56:46 ..SH. 373 742 364,98 K 1 item found: 1 file (1 H/S), 0 directories. Total of file sizes: 373 742 bytes 364,98 K ********************************************************************************** Directory Listing of system files: Le volume dans le lecteur C n'a pas de nom. Le num‚ro de s‚rie du volume est DC61-48BB R‚pertoire de C:\WINDOWS\System32 12/12/2005 00:37 373ÿ742 xxxyb.ini2 11/12/2005 23:56 373ÿ742 xxxyb.tmp 11/12/2005 23:46 373ÿ099 xxxyb.bak1 11/12/2005 23:39 234ÿ353 ksdes.dll 11/12/2005 23:16 234ÿ353 m0rmla911d.dll 11/12/2005 22:24 234ÿ353 lvns0957e.dll 11/12/2005 22:14 234ÿ353 m4ls0e37eh.dll 11/12/2005 20:38 234ÿ361 l0p2la7o1d.dll 11/12/2005 19:19 234ÿ361 mvdtctm.dll 11/12/2005 19:15 234ÿ353 l82s0if7e82.dll 11/12/2005 18:39 234ÿ353 kcdhe.dll 11/12/2005 18:34 <REP> dllcache 11/12/2005 17:15 236ÿ364 vwajet32.dll 11/12/2005 17:12 234ÿ353 maoa.dll 11/12/2005 17:08 235ÿ137 uurdpa.dll 11/12/2005 14:41 234ÿ353 fnntext.dll 11/12/2005 13:10 234ÿ353 mql_hp.dll 11/12/2005 13:04 233ÿ508 m8rm0i91e8.dll 11/12/2005 12:23 233ÿ508 iZssam.dll 10/12/2005 10:19 234ÿ978 n0p4la7q1d.dll 10/12/2005 10:13 233ÿ480 gttuname.dll 10/12/2005 10:13 234ÿ664 l48mlel11hq.dll 10/12/2005 09:56 235ÿ790 igseng.dll 10/12/2005 09:26 235ÿ790 ahvpack.dll 10/12/2005 00:34 236ÿ354 n46q0ej5eho.dll 10/12/2005 00:29 234ÿ956 wvhfr.dll 10/12/2005 00:29 235ÿ790 n4l80e3ueh.dll 10/12/2005 00:21 233ÿ807 mknetobj.dll 09/12/2005 23:57 234ÿ921 lqexpand.dll 09/12/2005 23:43 233ÿ807 cugmgr32.dll 09/12/2005 23:37 234ÿ921 vnpodbc.dll 09/12/2005 23:26 233ÿ807 damsvinn.dLL 09/12/2005 23:19 236ÿ968 ir2ml5f11.dll 09/12/2005 17:59 236ÿ968 kmdkaz.dll 08/12/2005 22:37 236ÿ968 uorv80a.dll 08/12/2005 21:55 236ÿ968 pSutoenr.dll 08/12/2005 21:09 236ÿ968 scgina.dll 06/12/2005 22:03 236ÿ980 r8r60i9se8.dll 06/12/2005 21:59 236ÿ980 hqd.dll 06/12/2005 19:46 236ÿ968 teappcmp.dll 06/12/2005 19:33 27ÿ661 vtssq.dll 05/12/2005 23:08 27ÿ661 khfcy.dll 05/12/2005 22:56 27ÿ661 ssqpq.dll 05/12/2005 22:56 234ÿ076 lv2209foe.dll 05/12/2005 22:45 27ÿ661 cbaxw.dll 05/12/2005 22:41 236ÿ419 vkajet32.dll 05/12/2005 22:18 27ÿ661 mljgg.dll 05/12/2005 21:01 27ÿ661 ddaba.dll 05/12/2005 20:56 235ÿ856 dfwsock.dll 05/12/2005 20:05 27ÿ661 efcaw.dll 05/12/2005 19:56 338 xwabc.ini 05/12/2005 19:54 557ÿ108 cbawx.dll 05/12/2005 19:51 27ÿ661 hggda.dll 05/12/2005 19:46 235ÿ912 f8j20i1oe8.dll 04/12/2005 23:45 234ÿ272 ennsl1571.dll 04/12/2005 23:32 27ÿ661 qopnl.dll 04/12/2005 22:39 27ÿ661 hgdcy.dll 04/12/2005 20:50 234ÿ525 f8l00i3me8.dll 04/12/2005 19:38 27ÿ661 fcyax.dll 04/12/2005 18:10 234ÿ272 dCvclnt.dll 04/12/2005 16:04 27ÿ661 wvwtt.dll 04/12/2005 16:01 234ÿ525 cgseqchk.dll 04/12/2005 14:24 27ÿ661 qomjj.dll 04/12/2005 14:20 234ÿ272 winotify.dll 04/12/2005 13:03 <REP> Microsoft 04/12/2005 13:01 27ÿ661 urqon.dll 64 fichier(s) 12ÿ644ÿ661 octets 2 R‚p(s) 4ÿ527ÿ767ÿ552 octets libres voila !! du charrabia pour moi au faite dans ms ins config et ms dns service etaient deja arreter mais pas desactivees alors j'ai seulement desactiver j'espere que j'ai pas fais de betises?
  3. herisson38
    j'ai appliquer a la lettre vos procedure jusqu'au mode sans echec j'arrive bien a le relancer mais le bureau n'apparait pas alors je ne peu aller sur l'exploreur windows l'ecran reste noir avec sur les 4 coins le l'ecran ecrit "mode sans echec" ????? j'ai aussi essayer avec le lien que vous m'avez donner et sa fais la meme chose ?? j'espere que sa n'est pas trop grave?
  4. herisson38
    tout d'abord un grand merci pour la reponse ultra rapide de mes soucis de popup. Quel talent !!!! je pars de suite avec mes remedes et reviendrais afin d'avoir vos conseils pour eviter que sa ne se reproduisent a bientot et merci encore... HERISSON
  5. herisson38
    Salut !! je suis victime de winfixer comment se debarrasse de ces popups qui bloque tout ?? merci d'avance voici mon log : Logfile of HijackThis v1.99.1 Scan saved at 19:04:43, on 09/12/2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\atievxx.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\helper.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\Documents and Settings\Mes documents\HijackThis.exe C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: ATLDistrib Object - {3FE36807-69ED-45D1-B9BE-85C0E3F75B6A} - C:\WINDOWS\System32\byxxx.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\RunServices: [MSN Checker] msnchecker.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\RunServices: [MSN Checker] msnchecker.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: byxxx - C:\WINDOWS\System32\byxxx.dll O20 - Winlogon Notify: Reliability - C:\WINDOWS\system32\o4ns0e57eh.dll O21 - SSODL: winmgmt - {07CB7C7A-90D4-A868-EED7-E7E77B138A44} - C:\WINDOWS\help\clipbrd.hlp O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: MS Ins Config (MSiCFG) - Unknown owner - C:\WINDOWS\msiconfig.exe (file missing) O23 - Service: MS Dns Service (WinNet) - Unknown owner - C:\WINDOWS\system32\wincntrl.exe (file missing)
×
×
  • Créer...