Elite toolbar-hijackthis

Recherche :

Mot : Pseudo : Filtrer
Page : 1 2 3 4 Page Suivante Page Précédente Bas de page
Auteur	Sujet : Elite toolbar-hijackthis

phosphorus68

Pseudo à n°

Reprise du message précédent :
(hypothèse)
s'il est en mémoire, il peut agir sur ce que va afficher l'Explorateur en affichant un dossier.

Publicité

thony78

J'ai eu searchmiracle y a qq jours, vraiment une belle merde ce truc. En virant proprement tous les temps, en faisant le ménage avec hijackthis, adaware, spysweeper, en scannant le pc avec le mwav.exe et en foutant à la trappe ce que son freeware m'indiquait avec la killbox j'ai viré cette merde de searchmiracle (un popup tous les 30sec c invivable)

A noter que malgré cette horde d'anti spyware et trojans, il me reste le Vx2, et surement qq spywares dormants dans mes fichiers puisque j'ai tjrs des popup qui s'ouvrent, et une corbeille qui m'indique tout le temps 49 éléments à supprimer.

jujumo

Bonjour a tous,

je débute en informatique donc je ne suis pas très douée et j'ai egalement un soucis avec elite toolbar.
Il est installé dans mes programme et je n'arrive pas a le supprimer dans suppression programme.
J'ai fait un hijackthis et voila se qu'il m'indique:
Logfile of HijackThis v1.98.0
Scan saved at 12:31:00, on 01/22/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender8\vsserv.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\PowerPanel\Program\PcfMgr.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrateur\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmiracle.com/sp.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.search-exe.com/nph-s [...] stmpl1&fw=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.search-exe.com/nph-s [...] r1_srchbtn
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.search-exe.com/nph-s [...] stmpl1&fw=
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.search-exe.com/nph-s [...] stmpl1&fw=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.search-exe.com/nph-s [...] stmpl1&fw=
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.search-exe.com/nph-s [...] stmpl1&fw=
R3 - Default URLSearchHook is missing
F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINNT\SYSTEM32\Userinit.exe,
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINNT\EliteToolBar\EliteToolBar version 59.dll (file missing)
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: PowerPanel.lnk = C:\Program Files\PowerPanel\Program\PcfMgr.exe
O4 - Global Startup: Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Broken Internet access because of LSP provider 'c:\winnt\system32\aklsp.dll' missing
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ [...] loader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O20 - AppInit_DLLs: sockspy.dll

Aidez moi s'il vous plait.

jujumo

J'ai fais un peu de ménage et voici mon nouveau Hijackthis

Logfile of HijackThis v1.99.0
Scan saved at 19:19:55, on 01/24/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender8\vsserv.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\PowerPanel\Program\PcfMgr.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HijackThis.exe

O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O4 - HKLM\..\Run: [ntechin] C:\WINNT\system32\n20050308.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: PowerPanel.lnk = C:\Program Files\PowerPanel\Program\PcfMgr.exe
O4 - Global Startup: Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Broken Internet access because of LSP provider 'c:\winnt\system32\aklsp.dll' missing
O15 - Trusted IP range: 209.8.20.130
O15 - Trusted IP range: 209.8.20.130 (HKLM)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ [...] loader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O23 - Service: BitDefender Scan Server - Unknown - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique - Unknown - C:\WINNT\System32\dmadmin.exe
O23 - Service: EPSON Printer Status Agent2 - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Journal des événements - Unknown - C:\WINNT\system32\services.exe
O23 - Service: Fax - Unknown - C:\WINNT\system32\fxssvc.exe
O23 - Service: Service COM de gravage de CD IMAPI - Unknown - C:\WINNT\System32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting - Unknown - C:\WINNT\System32\mnmsrvc.exe
O23 - Service: DDE réseau - Unknown - C:\WINNT\system32\netdde.exe
O23 - Service: DSDM DDE réseau - Unknown - C:\WINNT\system32\netdde.exe
O23 - Service: Plug-and-Play - Unknown - C:\WINNT\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance - Unknown - C:\WINNT\system32\sessmgr.exe
O23 - Service: Prise en charge des cartes à puces - Unknown - C:\WINNT\System32\SCardSvr.exe
O23 - Service: Carte à puce - Unknown - C:\WINNT\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance - Unknown - C:\WINNT\system32\smlogsvc.exe
O23 - Service: Telnet - Unknown - C:\WINNT\System32\tlntsvr.exe
O23 - Service: Gestionnaire d'utilitaires - Unknown - C:\WINNT\System32\UtilMan.exe
O23 - Service: Cliché instantané de volume - Unknown - C:\WINNT\System32\vssvc.exe
O23 - Service: BitDefender Virus Shield - Unknown - C:\Program Files\Softwin\BitDefender8\vsserv.exe
O23 - Service: Carte de performance WMI - Unknown - C:\WINNT\System32\wbem\wmiapsrv.exe
O23 - Service: BitDefender Communicator - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

acrobaze

Ok. Télécharge ce fichier

Mets-le sur ton bureau.
Dézippe-le sur ton bureau.
Double-clique l2mfix.bat et choisis l'option 1 (et entrée).
Laisse-le travailler qq minutes et copie/colle le log final ici.

Ps : surtout, ne clique pas encore l'option 2..ni aucun autre fichier de l2mfix!!!

Message édité par acrobaze le 08-02-2005 à 20:30:09

bibi165

moi aussi j'ai des proleme avec des spy alors si quelqu'un^pouvaif m'aider ca serait sympa.

Voici ce que j'ai avec hijackthis

Logfile of HijackThis v1.99.0
Scan saved at 20:14:27, on 24/01/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\p6.exe
C:\WINDOWS\System32\svchost.exe
C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\Répertoire temporaire 1 pour hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.9online.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-fr9.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.9online.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-fr9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-fr9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-fr9.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr9.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
O4 - HKLM\..\Run: [MSNPluginSrvcs] p6.exe
O4 - HKLM\..\RunServices: [MSNPluginSrvcs] p6.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MSNPluginSrvcs] p6.exe
O4 - Global Startup: DSLMON.lnk.disabled
O4 - Global Startup: HP Digital Imaging Monitor.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk.disabled
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft. [...] 5797120093
O23 - Service: Symantec Event Manager - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique - Unknown - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Fax - Unknown - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: Service COM de gravage de CD IMAPI - Unknown - C:\WINDOWS\System32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting - Unknown - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Service Norton AntiVirus Auto-Protect - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Plug-and-Play - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance - Unknown - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Journaux et alertes de performance - Unknown - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume - Unknown - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI - Unknown - C:\WINDOWS\System32\wbem\wmiapsrv.exe

jujumo

Acrobaze a écrit :

Ok. Télécharge ce fichier.
Mets-le sur ton bureau.
Dézippe-le sur ton bureau.
Double-clique l2mfix.bat et choisis l'option 1 (et entrée).
Laisse-le travailler qq minutes et copie/colle le log final ici.

Ps : surtout, ne clique pas encore l'option 2..ni aucun autre fichier de l2mfix!!!

je ne connais âs grand chose en informatque!!:pt1cable: je suis débutante donc peux tu m'expliquer tout en détail.
Merci beaucoup pour ton aide.

jujumo

c'est bon j'ai fais ta manip
et voila le resultat

L2MFIX find log 1.02
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\StillImage]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINNT\\system32\\m8po0i73e8.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{D916A2A0-E313-4B49-AF2D-9B9D63FAF647}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Feuille de proprits du fichier multimdia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de scurit NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des proprits de OLE DocFile"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de scurit DS"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donnes endommages de l'environnement"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets rseau de Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'cran ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension icne HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de scurit des imprimantes"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interprteur de commandes pour l'environnement d'excution de scripts Windows"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions rseau"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tches planifies"
"{1A9BA3A0-143A-11CF-8350-444553540000}"="Dossier favori du shell"
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"="Poste de travail"
"{86747AC0-42A0-1069-A2E6-08002B30309D}"="Porte-documents"
"{0AFACED1-E828-11D1-9187-B532F1E9575D}"="Raccourci vers le dossier"
"{12518493-00B2-11d2-9FA5-9E3420524153}"="Volume mont"
"{21B22460-3AEA-1069-A2DC-08002B30309D}"="Extension de la page de proprits des fichiers"
"{B091E540-83E3-11CF-A713-0020AFD79762}"="Page des types de fichiers"
"{FBF23B41-E3F0-101B-8488-00AA003E56F8}"="Gestionnaire des types de fichiers MIME"
"{C2FBB630-2971-11d1-A18C-00C04FD75D13}"="Service Copier vers Microsoft"
"{C2FBB631-2971-11d1-A18C-00C04FD75D13}"="Service Dplacer vers Microsoft"
"{13709620-C279-11CE-A49E-444553540000}"="Service d'automatisation de l'interface"
"{62112AA1-EBE4-11cf-A5FB-0020AFE7292D}"="Shell Automation Folder View"
"{4622AD11-FF23-11d0-8D34-00A0C90F2719}"="Menu Dmarrer"
"{7BA4C740-9E81-11CF-99D3-00AA004AE837}"="Service SendTo Microsoft"
"{D969A300-E7FF-11d0-A93B-00A0C90F2719}"="Service Nouvel objet Microsoft"
"{09799AFB-AD67-11d1-ABCD-00C04FC30936}"="Ouvrir avec le gestionnaire de menu contextuel"
"{3FC0B520-68A9-11D0-8D77-00C04FD70822}"="Afficher les extensions HTML du Panneau de configuration"
"{75048700-EF1F-11D0-9888-006097DEACF9}"="ActiveDesktop"
"{6D5313C0-8C62-11D1-B2CD-006097DF8C11}"="Extension de la page de proprits des options des dossiers"
"{57651662-CE3E-11D0-8D77-00C04FC99D61}"="CmdFileIcon"
"{4657278A-411B-11d2-839A-00C04FD918D0}"="Application d'aide du systme pour le glisser-dplacer"
"{A470F8CF-A1E8-4f65-8335-227475AA5C46}"="Ajouter l'lment de cryptage dans les menus contextuels de l'Explorateur"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du tlchargement"
"{568804CA-CBD7-11d0-9816-00C04FD91972}"="Menu Shell Folder"
"{5b4dae26-b807-11d0-9815-00c04fd91972}"="Menu Band"
"{8278F931-2A3E-11d2-838F-00C04FD918D0}"="Tracking Shell Menu"
"{E13EF4E4-D2F2-11d0-9816-00C04FD91972}"="Menu Site"
"{ECD4FC4F-521C-11D0-B792-00A0C90312E1}"="Menu Desk Bar"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau tendu"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{D82BE2B0-5764-11D0-A96E-00C04FD705A2}"="IShellFolderBand"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet intgr de recherche"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
"{0E5CBF21-D15F-11d0-8301-00AA005B4383}"="&Liens"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Bote d'entre de l'adresse"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
"{7487cd30-f71a-11d0-9ea7-00805f714772}"="Thumbnail Image"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Paramtres du dossier global"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de dmarrage de la Suite IE4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{8BEBB290-52D0-11D0-B7F4-00C04FD706EC}"="Miniatures"
"{EAB841A0-9550-11CF-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
"{1AEB1360-5AFC-11D0-B806-00C04FD706EC}"="Extracteur de miniatures des filtres graphiques Office"
"{9DBD2C50-62AD-11D0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de rsum (DOCFILES)"
"{500202A0-731E-11D0-B829-00C04FD706EC}"="LNK file thumbnail interface delegator"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
"{0B124F8C-91F0-11D1-B8B5-006008059382}"="numrateur d'applications installes"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
"{fe1290f0-cfbd-11cf-a330-00aa00c16e65}"="Directory Namespace"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{450D8FBA-AD25-11D0-98A8-0800361B1103}"="MyDocs Folder"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{59850401-6664-101B-B21C-00AA004BA90B}"="Microsoft Office Binder Unbind"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{E0D79300-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79301-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79302-84BE-11CE-9641-444553540000}"="WinZip"
"{8e9d6600-f84a-11ce-8daa-00aa004a5691}"="Shell extensions for NetWare"
"{e3f2bac0-099f-11cf-8daa-00aa004a5691}"="Shell extensions for NetWare"
"{52c68510-09a0-11cf-8daa-00aa004a5691}"="Shell extensions for NetWare"
"{27B8190B-F489-4542-B3BA-DD3023EAA8E9}"=""
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{6A863F26-0103-4B61-B89F-7DEB8C41CD27}"=""
"{874B3A91-9A35-4116-9592-14260252ED88}"=""
"{D653647D-D607-4DF6-A5B8-48D2BA195F7B}"="BitDefender Antivirus v8"
"{5BEE76FB-65B0-436D-A0B3-514B4A490A26}"=""
"{CA920A2C-F167-4B34-AEC6-3E001C955EF4}"=""
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions rseau"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donnes Microsoft"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tches et menu Dmarrer"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Excuter..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier lectronique"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalise MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrs auto-ouvrante"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="numrateur d'applications installes"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
"{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}"="Dossier compress"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chane"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chane"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{0E26C7EA-804C-4D93-9F7A-2256977F24D7}"=""
"{96C1190D-A5E4-4822-AA55-4AAD29E08CDF}"=""
"{4D3CD168-B513-43B7-BA32-CE498A21CBA4}"=""
"{470668F8-6864-4002-8EA6-5BCF362CB3EB}"=""
"{88250AB9-7025-414C-B367-780EB726A334}"=""

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{27B8190B-F489-4542-B3BA-DD3023EAA8E9}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{27B8190B-F489-4542-B3BA-DD3023EAA8E9}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{27B8190B-F489-4542-B3BA-DD3023EAA8E9}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{27B8190B-F489-4542-B3BA-DD3023EAA8E9}\InprocServer32]
@="C:\\WINNT\\system32\\chmdlg32.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{0E26C7EA-804C-4D93-9F7A-2256977F24D7}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0E26C7EA-804C-4D93-9F7A-2256977F24D7}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0E26C7EA-804C-4D93-9F7A-2256977F24D7}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0E26C7EA-804C-4D93-9F7A-2256977F24D7}\InprocServer32]
@="C:\\WINNT\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{96C1190D-A5E4-4822-AA55-4AAD29E08CDF}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{96C1190D-A5E4-4822-AA55-4AAD29E08CDF}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{96C1190D-A5E4-4822-AA55-4AAD29E08CDF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{96C1190D-A5E4-4822-AA55-4AAD29E08CDF}\InprocServer32]
@="C:\\WINNT\\system32\\mz3216.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{4D3CD168-B513-43B7-BA32-CE498A21CBA4}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4D3CD168-B513-43B7-BA32-CE498A21CBA4}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4D3CD168-B513-43B7-BA32-CE498A21CBA4}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4D3CD168-B513-43B7-BA32-CE498A21CBA4}\InprocServer32]
@="C:\\WINNT\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{470668F8-6864-4002-8EA6-5BCF362CB3EB}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{470668F8-6864-4002-8EA6-5BCF362CB3EB}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{470668F8-6864-4002-8EA6-5BCF362CB3EB}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{470668F8-6864-4002-8EA6-5BCF362CB3EB}\InprocServer32]
@="C:\\WINNT\\system32\\sevsvc.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{88250AB9-7025-414C-B367-780EB726A334}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{88250AB9-7025-414C-B367-780EB726A334}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{88250AB9-7025-414C-B367-780EB726A334}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{88250AB9-7025-414C-B367-780EB726A334}\InprocServer32]
@="C:\\WINNT\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINNT\SYSTEM32\
eapmon2.dll Thu 30 Dec 2004 14:45:02 ..S.R 224 261 219,00 K
lcb.dll Sun 9 Jan 2005 12:09:28 ..S.R 225 931 220,63 K
szobject.dll Sat 8 Jan 2005 14:54:46 ..S.R 225 931 220,63 K
gnu32.dll Tue 18 Jan 2005 21:22:32 ..S.R 225 685 220,39 K
ddactfrm.dll Sun 19 Dec 2004 13:59:58 ..S.R 226 040 220,74 K
nmmsmgr.dll Wed 19 Jan 2005 20:10:30 ..S.R 225 685 220,39 K
slgtab.dll Fri 31 Dec 2004 9:58:16 ..S.R 224 599 219,33 K
rjhx32.dll Sat 1 Jan 2005 18:00:22 ..S.R 223 193 217,96 K
uqnphost.dll Tue 18 Jan 2005 19:34:48 A.... 224 308 219,05 K
abmparse.dll Sun 2 Jan 2005 18:32:02 ..S.R 224 739 219,47 K
drser.dll Mon 20 Dec 2004 16:37:20 ..S.R 222 433 217,22 K
dmnlobby.dll Thu 6 Jan 2005 19:20:08 ..S.R 224 847 219,57 K
cxodm.dll Mon 24 Jan 2005 17:49:00 ..S.R 225 154 219,88 K
sai.dll Tue 25 Jan 2005 14:20:02 ..S.R 223 090 217,86 K
biubeb.dll Tue 25 Jan 2005 14:47:48 A.... 24 576 24,00 K
dosync.dll Tue 25 Jan 2005 15:48:26 A.... 114 688 112,00 K
dlactfrm.dll Fri 28 Jan 2005 19:15:56 ..S.R 223 455 218,21 K
rjnd.dll Wed 26 Jan 2005 20:05:54 ..S.R 223 455 218,21 K
afwav.dll Fri 17 Dec 2004 22:14:32 ..S.R 224 639 219,37 K
en68l1~1.dll Mon 20 Dec 2004 19:15:54 ..S.R 222 902 217,68 K
osbcbcp.dll Mon 20 Dec 2004 19:42:42 ..S.R 222 902 217,68 K
mz3216.dll Tue 4 Jan 2005 18:02:20 A.... 223 147 217,91 K
asmeter.dll Fri 28 Jan 2005 14:22:00 ..S.R 223 455 218,21 K
olzoco.dll Fri 28 Jan 2005 19:16:04 A.... 5 632 5,50 K
en66l1~1.dll Sat 8 Jan 2005 14:54:46 ..S.R 223 038 217,81 K
sevsvc.dll Fri 28 Jan 2005 20:30:50 ..... 223 455 218,21 K
ir82l5~1.dll Mon 20 Dec 2004 19:39:32 ..S.R 222 902 217,68 K
cmadmin.dll Mon 20 Dec 2004 17:01:16 ..S.R 226 040 220,74 K
khdpl.dll Mon 20 Dec 2004 17:15:10 ..S.R 222 684 217,46 K
aaifile.dll Mon 20 Dec 2004 19:55:58 ..S.R 222 902 217,68 K
dxser.dll Mon 20 Dec 2004 18:17:12 ..S.R 222 684 217,46 K
oxe32.dll Mon 20 Dec 2004 20:22:22 ..S.R 222 902 217,68 K
eis.dll Mon 20 Dec 2004 20:37:38 ..S.R 222 902 217,68 K
ocethk32.dll Tue 21 Dec 2004 17:30:42 ..S.R 224 403 219,14 K
ajmfd.dll Tue 21 Dec 2004 18:05:18 ..S.R 224 403 219,14 K
wr2_32.dll Mon 20 Dec 2004 22:28:26 ..S.R 222 902 217,68 K
psspl.dll Mon 20 Dec 2004 21:45:00 ..S.R 222 902 217,68 K
cmral.dll Mon 20 Dec 2004 22:54:52 ..S.R 222 902 217,68 K
wsvdmod.dll Tue 21 Dec 2004 16:24:42 ..S.R 224 387 219,13 K
ippeers.dll Tue 21 Dec 2004 16:36:24 ..S.R 224 403 219,14 K
aeptif.dll Wed 22 Dec 2004 18:01:40 ..S.R 224 403 219,14 K
mestkprp.dll Fri 17 Dec 2004 22:36:48 ..S.R 224 639 219,37 K
sqofr.dll Fri 17 Dec 2004 22:45:54 ..S.R 225 834 220,54 K
efpchp.dll Thu 23 Dec 2004 14:06:38 ..S.R 224 796 219,53 K
atupd.dll Mon 13 Dec 2004 21:14:20 ..S.R 223 081 217,85 K
ktdmac.dll Tue 14 Dec 2004 14:32:08 ..S.R 224 874 219,60 K
cdrtc.dll Tue 23 Nov 2004 22:01:54 A.... 49 152 48,00 K
cdral.dll Tue 23 Nov 2004 22:01:54 A.... 45 056 44,00 K
tkfflt.dll Mon 13 Dec 2004 22:08:10 ..S.R 224 874 219,60 K
sdrobj.dll Thu 23 Dec 2004 10:23:20 ..S.R 224 403 219,14 K
r66ulg~1.dll Tue 28 Dec 2004 19:10:22 ..S.R 224 436 219,18 K
wdvdmod.dll Tue 28 Dec 2004 19:10:22 ..S.R 222 470 217,25 K
ljcalui.dll Wed 29 Dec 2004 12:29:48 ..S.R 222 470 217,25 K
enlul1~1.dll Sun 2 Jan 2005 18:27:34 ..S.R 223 173 217,94 K
drdlgs.dll Thu 30 Dec 2004 13:06:32 ..S.R 222 470 217,25 K
ktlul7~1.dll Wed 5 Jan 2005 11:08:10 ..S.R 224 746 219,48 K
iespolcy.dll Mon 20 Dec 2004 20:58:38 ..S.R 222 902 217,68 K
enrul1~1.dll Mon 20 Dec 2004 20:10:56 ..S.R 222 902 217,68 K
n8p4li~1.dll Mon 13 Dec 2004 20:46:42 ..S.R 225 712 220,42 K
sirobj.dll Tue 14 Dec 2004 7:52:48 ..S.R 224 874 219,60 K
gp2ql3~1.dll Sat 11 Dec 2004 22:48:52 ..S.R 225 232 219,95 K
s4880e~1.dll Mon 13 Dec 2004 10:44:44 ..S.R 222 650 217,43 K
lvrq09~1.dll Wed 15 Dec 2004 21:39:54 ..S.R 223 027 217,80 K
nqwdev.dll Thu 23 Dec 2004 10:40:48 ..S.R 224 796 219,53 K
dlnmpntw.dll Sun 26 Dec 2004 17:07:00 ..S.R 224 796 219,53 K
xzlugin.dll Sun 26 Dec 2004 21:46:52 ..S.R 226 075 220,77 K
akifil32.dll Sun 26 Dec 2004 22:20:18 ..S.R 226 075 220,77 K
sporder.dll Sat 11 Dec 2004 14:16:20 A.... 8 464 8,27 K
bsmhn.dll Sat 11 Dec 2004 12:50:58 A.... 4 096 4,00 K
axmlib.dll Thu 16 Dec 2004 17:32:42 ..S.R 224 022 218,77 K
buowselc.dll Tue 14 Dec 2004 21:33:10 ..S.R 225 949 220,65 K
hrn805~1.dll Sat 11 Dec 2004 13:17:10 ..S.R 224 087 218,83 K
lv6409~1.dll Sat 11 Dec 2004 14:16:00 ..S.R 224 523 219,26 K
irn0l5~1.dll Sat 11 Dec 2004 14:19:52 ..S.R 225 232 219,95 K
irp4l5~1.dll Sat 11 Dec 2004 14:49:18 ..S.R 225 232 219,95 K
ir42l5~1.dll Mon 13 Dec 2004 22:06:48 ..S.R 223 081 217,85 K
mydmo.dll Tue 14 Dec 2004 15:02:56 ..S.R 225 949 220,65 K
aza80e~1.dll Tue 14 Dec 2004 21:43:44 ..S.R 225 949 220,65 K
mv20l9~1.dll Thu 16 Dec 2004 10:35:28 ..S.R 223 027 217,80 K
aza0l5~1.dll Thu 23 Dec 2004 14:10:38 ..S.R 224 796 219,53 K
mxt2fw95.dll Sun 26 Dec 2004 23:11:00 ..S.R 226 075 220,77 K
n0p4la~1.dll Thu 16 Dec 2004 13:19:04 ..S.R 223 027 217,80 K
cputil.dll Thu 16 Dec 2004 17:52:38 ..S.R 224 022 218,77 K
cemsvcs.dll Thu 16 Dec 2004 18:05:04 ..S.R 224 022 218,77 K
nrtrap.dll Thu 16 Dec 2004 20:57:06 ..S.R 224 639 219,37 K
cvmcat.dll Thu 16 Dec 2004 21:32:28 ..S.R 224 639 219,37 K
g4jole~1.dll Thu 16 Dec 2004 18:02:42 ..S.R 224 022 218,77 K
mjdemui.dll Mon 27 Dec 2004 19:47:08 ..S.R 226 290 220,98 K
vtt3216.dll Thu 16 Dec 2004 18:17:08 ..S.R 224 022 218,77 K
oifox32.dll Fri 17 Dec 2004 11:49:24 ..S.R 224 639 219,37 K
s6rslg~1.dll Thu 16 Dec 2004 18:30:30 ..S.R 224 022 218,77 K
gyjole~1.dll Fri 17 Dec 2004 22:59:50 ..S.R 222 528 217,31 K
mdfutil.dll Mon 27 Dec 2004 19:39:16 ..S.R 223 566 218,32 K
cspbk32.dll Sun 26 Dec 2004 23:27:52 ..S.R 226 075 220,77 K
o2840c~1.dll Mon 27 Dec 2004 19:47:08 ..S.R 222 449 217,23 K
chmdlg32.dll Mon 27 Dec 2004 20:27:18 ..S.R 226 290 220,98 K
mqvcp50.dll Mon 27 Dec 2004 21:34:12 ..S.R 226 290 220,98 K
sockspy.dll Mon 27 Dec 2004 20:21:42 A.... 73 728 72,00 K
lvl009~1.dll Mon 27 Dec 2004 20:10:48 ..S.R 222 227 217,02 K
q8860i~1.dll Sat 18 Dec 2004 0:07:52 ..S.R 222 528 217,31 K
ikaksie.dll Sat 18 Dec 2004 11:52:42 ..S.R 224 337 219,08 K
daspex.dll Wed 22 Dec 2004 21:43:02 A.... 224 403 219,14 K
nttdtect.dll Sun 19 Dec 2004 13:16:04 ..S.R 224 337 219,08 K
idrtprio.dll Sun 26 Dec 2004 22:10:40 ..S.R 226 075 220,77 K
sglwoa.dll Mon 27 Dec 2004 19:26:54 ..S.R 222 754 217,53 K
nbcmps.dll Sun 26 Dec 2004 23:58:50 ..S.R 222 754 217,53 K
wkdmlog.dll Mon 27 Dec 2004 0:10:56 ..S.R 222 754 217,53 K
hrn605~1.dll Tue 18 Jan 2005 20:20:28 ..S.R 224 308 219,05 K
mv24l9~1.dll Tue 25 Jan 2005 14:20:02 ..S.R 224 519 219,25 K
i4jq0e~1.dll Mon 20 Dec 2004 20:35:22 ..S.R 222 902 217,68 K
d80m0i~1.dll Mon 20 Dec 2004 22:27:00 ..S.R 222 902 217,68 K
p6n8lg~1.dll Wed 22 Dec 2004 18:20:18 ..S.R 226 259 220,95 K
jt2207~1.dll Mon 27 Dec 2004 20:24:48 ..S.R 226 290 220,98 K
p6p6lg~1.dll Thu 13 Jan 2005 20:39:48 ..S.R 225 931 220,63 K
g8lmli~1.dll Tue 21 Dec 2004 16:36:24 ..S.R 225 541 220,25 K
lv6609~1.dll Sun 26 Dec 2004 21:26:10 ..S.R 225 465 220,18 K
c000la~1.dll Thu 23 Dec 2004 10:31:20 ..S.R 224 403 219,14 K
irnml5~1.dll Thu 23 Dec 2004 12:15:56 ..S.R 224 796 219,53 K
ktpul7~1.dll Sun 26 Dec 2004 22:20:18 ..S.R 223 196 217,96 K
irlql5~1.dll Sun 26 Dec 2004 23:09:12 ..S.R 226 075 220,77 K
hrj805~1.dll Sun 26 Dec 2004 23:20:50 ..S.R 222 615 217,39 K
k6nolg~1.dll Sun 26 Dec 2004 21:43:24 ..S.R 224 796 219,53 K
mudocs.dll Mon 20 Dec 2004 18:24:02 ..S.R 226 040 220,74 K
h6l2lg~1.dll Sun 26 Dec 2004 21:54:54 ..S.R 222 826 217,60 K
sy2stat.dll Mon 27 Dec 2004 7:27:28 ..S.R 222 754 217,53 K
j0l4la~1.dll Sun 26 Dec 2004 23:14:42 ..S.R 222 923 217,70 K
dg16gt.dll Sun 26 Dec 2004 23:20:50 ..S.R 226 075 220,77 K
mv42l9~1.dll Sun 26 Dec 2004 23:24:46 ..S.R 222 832 217,61 K
ic1xgdev.dll Sun 26 Dec 2004 23:24:46 ..S.R 226 075 220,77 K
irnol5~1.dll Sun 26 Dec 2004 23:27:52 ..S.R 222 885 217,66 K
r28slc~1.dll Sun 26 Dec 2004 23:55:12 ..S.R 226 075 220,77 K
aspmgr.dll Mon 20 Dec 2004 18:30:16 ..S.R 222 684 217,46 K
o0lu0a~1.dll Mon 27 Dec 2004 0:05:08 ..S.R 223 684 218,44 K
p66s0g~1.dll Mon 27 Dec 2004 0:06:08 ..S.R 222 754 217,53 K
g2220c~1.dll Mon 27 Dec 2004 7:27:28 ..S.R 222 976 217,75 K
kt6ul7~1.dll Sat 22 Jan 2005 21:13:16 ..S.R 223 783 218,54 K
fp0m03~1.dll Sun 2 Jan 2005 18:32:02 ..S.R 224 842 219,57 K
drd9.dll Sun 23 Jan 2005 13:41:16 ..S.R 225 154 219,88 K
ir2ol5~1.dll Sun 23 Jan 2005 13:49:16 ..S.R 225 154 219,88 K
lvp409~1.dll Wed 26 Jan 2005 20:05:54 ..S.R 223 934 218,68 K
azaml5~1.dll Fri 28 Jan 2005 14:40:02 ..S.R 223 455 218,21 K
aza805~1.dll Fri 28 Jan 2005 14:22:00 ..S.R 224 586 219,32 K
m8po0i~1.dll Fri 28 Jan 2005 14:32:00 ..S.R 223 455 218,21 K
lv2209~1.dll Fri 28 Jan 2005 19:31:56 ..S.R 223 455 218,21 K
k626lg~1.dll Mon 20 Dec 2004 19:08:10 ..S.R 226 040 220,74 K
mzpi.dll Mon 20 Dec 2004 19:09:26 ..S.R 222 902 217,68 K
i042la~1.dll Fri 28 Jan 2005 19:50:36 ..S.R 223 455 218,21 K
s688lg~1.dll Fri 28 Jan 2005 20:26:16 ..S.R 225 341 220,06 K
if1xcoin.dll Fri 28 Jan 2005 20:26:16 ..S.R 223 455 218,21 K
j82qli~1.dll Fri 28 Jan 2005 20:27:16 ..S.R 223 455 218,21 K
rvpsnd.dll Mon 20 Dec 2004 19:29:32 ..S.R 222 902 217,68 K

151 items found: 151 files (139 H/S), 0 directories.
Total of file sizes: 32 383 346 bytes 30,88 M
Locate .tmp files:

C:\WINNT\SYSTEM32\
guard.tmp Fri 28 Jan 2005 20:31:50 A.... 223 455 218,21 K

1 item found: 1 file, 0 directories.
Total of file sizes: 223 455 bytes 218,21 K
**********************************************************************************
Directory Listing of system files:
Le volume dans le lecteur C s'appelle VAIO
Le numro de srie du volume est 2019-17EF

Rpertoire de C:\WINNT\System32

01/28/2005 20:27 223ÿ455 j82qlif5182.dll
01/28/2005 20:26 223ÿ455 iF1xcoin.dll
01/28/2005 20:26 225ÿ341 s688lglu16q8.dll
01/28/2005 19:50 223ÿ455 i042laho1d4c.dll
01/28/2005 19:31 223ÿ455 lv2209foe.dll
01/28/2005 19:15 223ÿ455 dlactfrm.dll
01/28/2005 14:40 223ÿ455 azaml5511.dll
01/28/2005 14:32 223ÿ455 m8po0i73e8.dll
01/28/2005 14:22 223ÿ455 asmeter.dll
01/28/2005 14:22 224ÿ586 aza8051ue.dll
01/26/2005 20:05 223ÿ455 rjnd.dll
01/26/2005 20:05 223ÿ934 lvp4097qe.dll
01/25/2005 14:20 223ÿ090 sai.dll
01/25/2005 14:20 224ÿ519 mv24l9fq1.dll
01/24/2005 17:49 225ÿ154 cxodm.dll
01/23/2005 13:49 225ÿ154 ir2ol5f31.dll
01/23/2005 13:41 225ÿ154 dRd9.dll
01/22/2005 21:13 223ÿ783 kt6ul7j91.dll
01/19/2005 20:10 225ÿ685 nmmsmgr.dll
01/18/2005 21:22 225ÿ685 gnu32.dll
01/18/2005 20:20 224ÿ308 hrn6055se.dll
01/13/2005 20:39 225ÿ931 p6p6lg7s16.dll
01/09/2005 12:09 225ÿ931 lcb.dll
01/08/2005 14:54 223ÿ038 en66l1js1.dll
01/08/2005 14:54 225ÿ931 szobject.dll
01/06/2005 19:20 224ÿ847 dmnlobby.dll
01/05/2005 11:08 224ÿ746 ktlul7391.dll
01/02/2005 18:32 224ÿ842 fp0m03d1e.dll
01/02/2005 18:32 224ÿ739 abmparse.dll
01/02/2005 18:27 223ÿ173 enlul1391.dll
01/01/2005 18:00 223ÿ193 rjhx32.dll
12/31/2004 09:58 224ÿ599 slgtab.dll
12/30/2004 14:45 224ÿ261 EAPMON2.DLL
12/30/2004 13:06 222ÿ470 drdlgs.dll
12/29/2004 12:29 222ÿ470 ljcalui.dll
12/28/2004 19:10 222ÿ470 wdvdmod.dll
12/28/2004 19:10 224ÿ436 r66ulgj916o.dll
12/27/2004 21:34 226ÿ290 mqvcp50.dll
12/27/2004 20:27 226ÿ290 chmdlg32.dll
12/27/2004 20:24 226ÿ290 jt2207foe.dll
12/27/2004 20:10 222ÿ227 lvl0093me.dll
12/27/2004 19:47 226ÿ290 mjdemui.dll
12/27/2004 19:47 222ÿ449 o2840clqefqe0.dll
12/27/2004 19:39 223ÿ566 mdfutil.dll
12/27/2004 19:26 222ÿ754 sglwoa.dll
12/27/2004 07:27 222ÿ754 SY2stat.DLL
12/27/2004 07:27 222ÿ976 g2220cfoef2c0.dll
12/27/2004 00:10 222ÿ754 wkdmlog.dll
12/27/2004 00:06 222ÿ754 p66s0gj7e6o.dll
12/27/2004 00:05 223ÿ684 o0lu0a39ed.dll
12/26/2004 23:58 222ÿ754 NBCMPS.DLL
12/26/2004 23:55 226ÿ075 r28slcl71fq.dll
12/26/2004 23:27 222ÿ885 irnol5531.dll
12/26/2004 23:27 226ÿ075 cspbk32.dll
12/26/2004 23:24 222ÿ832 mv42l9ho1.dll
12/26/2004 23:24 226ÿ075 iC1xgdev.dll
12/26/2004 23:20 226ÿ075 dg16gt.dLL
12/26/2004 23:20 222ÿ615 hrj8051ue.dll
12/26/2004 23:14 222ÿ923 j0l4la3q1d.dll
12/26/2004 23:11 226ÿ075 MXT2FW95.DLL
12/26/2004 23:09 226ÿ075 irlql5351.dll
12/26/2004 22:20 223ÿ196 ktpul7791.dll
12/26/2004 22:20 226ÿ075 akifil32.dll
12/26/2004 22:10 226ÿ075 idrtprio.dll
12/26/2004 21:54 222ÿ826 h6l2lg3o16.dll
12/26/2004 21:46 226ÿ075 xzlugin.dll
12/26/2004 21:43 224ÿ796 k6nolg5316.dll
12/26/2004 21:26 225ÿ465 lv6609jse.dll
12/26/2004 17:07 224ÿ796 dlnmpntw.dll
12/23/2004 14:10 224ÿ796 aza0l55m1.dll
12/23/2004 14:06 224ÿ796 EFPCHP.DLL
12/23/2004 12:15 224ÿ796 irnml5511.dll
12/23/2004 10:40 224ÿ796 nqwdev.dll
12/23/2004 10:31 224ÿ403 c000ladm1d0a.dll
12/23/2004 10:23 224ÿ403 sdrobj.dll
12/22/2004 18:20 226ÿ259 p6n8lg5u16.dll
12/22/2004 18:01 224ÿ403 aeptif.dll
12/21/2004 18:05 224ÿ403 ajmfd.dll
12/21/2004 17:30 224ÿ403 ocethk32.dll
12/21/2004 16:36 224ÿ403 ippeers.dll
12/21/2004 16:36 225ÿ541 g8lmli3118.dll
12/21/2004 16:24 224ÿ387 wsvdmod.dll
12/20/2004 22:54 222ÿ902 cmral.dll
12/20/2004 22:28 222ÿ902 wr2_32.dll
12/20/2004 22:27 222ÿ902 d80m0id1e80.dll
12/20/2004 21:45 222ÿ902 psspl.dll
12/20/2004 20:58 222ÿ902 iEspolcy.dll
12/20/2004 20:37 222ÿ902 eis.dll
12/20/2004 20:35 222ÿ902 i4jq0e15eh.dll
12/20/2004 20:22 222ÿ902 oxe32.dll
12/20/2004 20:10 222ÿ902 enrul1991.dll
12/20/2004 19:55 222ÿ902 aaifile.dll
12/20/2004 19:42 222ÿ902 osbcbcp.dll
12/20/2004 19:39 222ÿ902 ir82l5lo1.dll
12/20/2004 19:29 222ÿ902 rvpsnd.dll
12/20/2004 19:15 222ÿ902 en68l1ju1.dll
12/20/2004 19:09 222ÿ902 MZPI.DLL
12/20/2004 19:08 226ÿ040 k626lgfs1626.dll
12/20/2004 18:30 222ÿ684 aspmgr.dll
12/20/2004 18:24 226ÿ040 mudocs.dll
12/20/2004 18:17 222ÿ684 dxser.dll
12/20/2004 17:15 222ÿ684 khdpl.dll
12/20/2004 17:01 226ÿ040 cmadmin.dll
12/20/2004 16:37 222ÿ433 drser.dll
12/19/2004 13:59 226ÿ040 ddactfrm.dll
12/19/2004 13:16 224ÿ337 nttdtect.dll
12/18/2004 11:52 224ÿ337 ikaksie.dll
12/18/2004 00:07 222ÿ528 q8860ilse8q60.dll
12/17/2004 22:59 222ÿ528 gYjole131h.dll
12/17/2004 22:45 225ÿ834 sqofr.dll
12/17/2004 22:36 224ÿ639 MESTKPRP.DLL
12/17/2004 22:14 224ÿ639 afwav.dll
12/17/2004 11:49 224ÿ639 oifox32.dll
12/16/2004 21:32 224ÿ639 cvmcat.dll
12/16/2004 20:57 224ÿ639 nrtrap.dll
12/16/2004 18:30 224ÿ022 s6rslg9716.dll
12/16/2004 18:17 224ÿ022 vtt3216.dll
12/16/2004 18:05 224ÿ022 cemsvcs.dll
12/16/2004 18:02 224ÿ022 g4jole131h.dll
12/16/2004 17:52 224ÿ022 cputil.dll
12/16/2004 17:32 224ÿ022 axmlib.dll
12/16/2004 13:19 223ÿ027 n0p4la7q1d.dll
12/16/2004 10:35 223ÿ027 mv20l9fm1.dll
12/15/2004 21:39 223ÿ027 lvrq0995e.dll
12/14/2004 21:43 225ÿ949 aza80eluehq80.dll
12/14/2004 21:33 225ÿ949 buowselc.dll
12/14/2004 15:02 225ÿ949 mydmo.dll
12/14/2004 14:32 224ÿ874 ktdmac.dll
12/14/2004 07:52 224ÿ874 sirobj.dll
12/13/2004 22:08 224ÿ874 tkfflt.dll
12/13/2004 22:06 223ÿ081 ir42l5ho1.dll
12/13/2004 21:14 223ÿ081 atupd.dll
12/13/2004 20:46 225ÿ712 n8p4li7q18.dll
12/13/2004 10:44 222ÿ650 s4880eluehq80.dll
12/11/2004 22:48 225ÿ232 gp2ql3f51.dll
12/11/2004 14:49 225ÿ232 irp4l57q1.dll
12/11/2004 14:19 225ÿ232 irn0l55m1.dll
12/11/2004 14:16 224ÿ523 lv6409jqe.dll
12/11/2004 13:17 224ÿ087 hrn8055ue.dll
04/08/2001 16:41 <REP> dllcache
09/30/1999 19:21 166ÿ672 mstext35.dll
09/28/1999 21:42 1ÿ050ÿ896 msjet35.dll
09/09/1999 22:06 252ÿ688 msexcl35.dll
09/09/1999 22:06 168ÿ720 msltus35.dll
08/25/1999 14:57 415ÿ504 msrepl35.dll
06/10/1999 09:34 24ÿ848 msjter35.dll
06/10/1999 09:34 123ÿ664 msjint35.dll
06/07/1999 18:59 250ÿ128 mspdox35.dll
04/25/1999 17:00 368ÿ912 Vbar332.dll
04/25/1999 17:00 287ÿ504 Msxbse35.dll
04/25/1999 17:00 252ÿ176 Msrd2x35.dll
150 fichier(s) 34ÿ524ÿ353 octets
1 Rp(s) 2ÿ731ÿ466ÿ752 octets libres

acrobaze

Ok. Doc maintenant :

- Ferme tes applications, il va y avoir un reboot.
- Tu double-cliques l2mfix.bat et cette fois-ci, tu choisis l'option 2 (taper 2 et entrée). Ne t'inquiète pas si le bureau ou les icônes disparaissent un instant. C'est normal.
Pareil, il y aura un fichier texte à la fin.

- Copie/colle ce fichier texte et un nouvel HijackThis, pour finir.

jujumo

Acrobaze a écrit :

voici le fichier texte:

L2Mfix 1.02

Running From:
C:\Documents and Settings\Administrateur\Bureau\l2mfix

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(ID-NI) ALLOW Read BUILTIN\Utilisateurs
(ID-IO) ALLOW Read BUILTIN\Utilisateurs
(ID-NI) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-IO) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-NI) ALLOW Full access BUILTIN\Administrateurs
(ID-IO) ALLOW Full access BUILTIN\Administrateurs
(ID-NI) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE

Setting registry permissions:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Denying C access for really "Everyone"
- adding new ACCESS DENY entry

Registry Permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(CI) DENY --C------- Tout le monde
(ID-NI) ALLOW Read BUILTIN\Utilisateurs
(ID-IO) ALLOW Read BUILTIN\Utilisateurs
(ID-NI) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-IO) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-NI) ALLOW Full access BUILTIN\Administrateurs
(ID-IO) ALLOW Full access BUILTIN\Administrateurs
(ID-NI) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE

Setting up for Reboot

Starting Reboot!

C:\Documents and Settings\Administrateur\Bureau\l2mfix
System Rebooted!

Running From:
C:\Documents and Settings\Administrateur\Bureau\l2mfix

killing explorer and rundll32.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1612 'explorer.exe'
Killing PID 1612 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 160 'rundll32.exe'

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!
Backing Up: C:\WINNT\system32\EAPMON2.DLL
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\lcb.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\szobject.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\gnu32.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\ddactfrm.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\nmmsmgr.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\slgtab.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\rjhx32.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\uqnphost.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\abmparse.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\drser.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\dmnlobby.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\cxodm.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\sai.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\dlactfrm.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\rjnd.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\afwav.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\mkratelc.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\en68l1ju1.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\osbcbcp.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\mz3216.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\asmeter.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\en66l1js1.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\oyecnv32.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\ir82l5lo1.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\cmadmin.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\khdpl.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\aaifile.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\dxser.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\oxe32.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\eis.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\ocethk32.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\ajmfd.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\wr2_32.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\psspl.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\cmral.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\wsvdmod.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\ippeers.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\aeptif.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\MESTKPRP.DLL
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\sqofr.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\EFPCHP.DLL
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\atupd.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\ktdmac.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\tkfflt.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\sdrobj.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\r66ulgj916o.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\wdvdmod.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\ljcalui.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\enlul1391.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\drdlgs.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\ktlul7391.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\iEspolcy.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\enrul1991.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\n8p4li7q18.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\sirobj.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\gp2ql3f51.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\s4880eluehq80.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\lvrq0995e.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\nqwdev.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\dlnmpntw.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\xzlugin.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\akifil32.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\axmlib.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\buowselc.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\hrn8055ue.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\lv6409jqe.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\irn0l55m1.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\irp4l57q1.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\ir42l5ho1.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\mydmo.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\aza80eluehq80.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\mv20l9fm1.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\aza0l55m1.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\MXT2FW95.DLL
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\n0p4la7q1d.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\cputil.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\cemsvcs.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\nrtrap.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\cvmcat.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\g4jole131h.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\mjdemui.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\vtt3216.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\oifox32.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\s6rslg9716.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\gYjole131h.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\mdfutil.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\cspbk32.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\o2840clqefqe0.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\chmdlg32.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\mqvcp50.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\lvl0093me.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\q8860ilse8q60.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\ikaksie.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\daspex.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\nttdtect.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\idrtprio.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\sglwoa.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\NBCMPS.DLL
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\wkdmlog.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\hrn6055se.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\mv24l9fq1.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\i4jq0e15eh.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\d80m0id1e80.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\p6n8lg5u16.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\jt2207foe.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\p6p6lg7s16.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\g8lmli3118.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\lv6609jse.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\c000ladm1d0a.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\irnml5511.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\ktpul7791.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\irlql5351.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\hrj8051ue.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\k6nolg5316.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\mudocs.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\h6l2lg3o16.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\SY2stat.DLL
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\j0l4la3q1d.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\dg16gt.dLL
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\mv42l9ho1.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\iC1xgdev.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\irnol5531.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\r28slcl71fq.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\aspmgr.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\o0lu0a39ed.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\p66s0gj7e6o.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\g2220cfoef2c0.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\kt6ul7j91.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\fp0m03d1e.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\dRd9.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\ir2ol5f31.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\lvp4097qe.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\azaml5511.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\aza8051ue.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\aza6l1js1.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\lv2209foe.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\k626lgfs1626.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\MZPI.DLL
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\i042laho1d4c.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\s688lglu16q8.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\iF1xcoin.dll
1 fichier(s) copi(s).
Backing Up: C:\WINNT\system32\rvpsnd.dll
1 fichier(s) copi(s).
deleting: C:\WINNT\system32\EAPMON2.DLL
Successfully Deleted: C:\WINNT\system32\EAPMON2.DLL
deleting: C:\WINNT\system32\lcb.dll
Successfully Deleted: C:\WINNT\system32\lcb.dll
deleting: C:\WINNT\system32\szobject.dll
Successfully Deleted: C:\WINNT\system32\szobject.dll
deleting: C:\WINNT\system32\gnu32.dll
Successfully Deleted: C:\WINNT\system32\gnu32.dll
deleting: C:\WINNT\system32\ddactfrm.dll
Successfully Deleted: C:\WINNT\system32\ddactfrm.dll
deleting: C:\WINNT\system32\nmmsmgr.dll
Successfully Deleted: C:\WINNT\system32\nmmsmgr.dll
deleting: C:\WINNT\system32\slgtab.dll
Successfully Deleted: C:\WINNT\system32\slgtab.dll
deleting: C:\WINNT\system32\rjhx32.dll
Successfully Deleted: C:\WINNT\system32\rjhx32.dll
deleting: C:\WINNT\system32\uqnphost.dll
Successfully Deleted: C:\WINNT\system32\uqnphost.dll
deleting: C:\WINNT\system32\abmparse.dll
Successfully Deleted: C:\WINNT\system32\abmparse.dll
deleting: C:\WINNT\system32\drser.dll
Successfully Deleted: C:\WINNT\system32\drser.dll
deleting: C:\WINNT\system32\dmnlobby.dll
Successfully Deleted: C:\WINNT\system32\dmnlobby.dll
deleting: C:\WINNT\system32\cxodm.dll
Successfully Deleted: C:\WINNT\system32\cxodm.dll
deleting: C:\WINNT\system32\sai.dll
Successfully Deleted: C:\WINNT\system32\sai.dll
deleting: C:\WINNT\system32\dlactfrm.dll
Successfully Deleted: C:\WINNT\system32\dlactfrm.dll
deleting: C:\WINNT\system32\rjnd.dll
Successfully Deleted: C:\WINNT\system32\rjnd.dll
deleting: C:\WINNT\system32\afwav.dll
Successfully Deleted: C:\WINNT\system32\afwav.dll
deleting: C:\WINNT\system32\mkratelc.dll
Successfully Deleted: C:\WINNT\system32\mkratelc.dll
deleting: C:\WINNT\system32\en68l1ju1.dll
Successfully Deleted: C:\WINNT\system32\en68l1ju1.dll
deleting: C:\WINNT\system32\osbcbcp.dll
Successfully Deleted: C:\WINNT\system32\osbcbcp.dll
deleting: C:\WINNT\system32\mz3216.dll
Successfully Deleted: C:\WINNT\system32\mz3216.dll
deleting: C:\WINNT\system32\asmeter.dll
Successfully Deleted: C:\WINNT\system32\asmeter.dll
deleting: C:\WINNT\system32\en66l1js1.dll
Successfully Deleted: C:\WINNT\system32\en66l1js1.dll
deleting: C:\WINNT\system32\oyecnv32.dll
Successfully Deleted: C:\WINNT\system32\oyecnv32.dll
deleting: C:\WINNT\system32\ir82l5lo1.dll
Successfully Deleted: C:\WINNT\system32\ir82l5lo1.dll
deleting: C:\WINNT\system32\cmadmin.dll
Successfully Deleted: C:\WINNT\system32\cmadmin.dll
deleting: C:\WINNT\system32\khdpl.dll
Successfully Deleted: C:\WINNT\system32\khdpl.dll
deleting: C:\WINNT\system32\aaifile.dll
Successfully Deleted: C:\WINNT\system32\aaifile.dll
deleting: C:\WINNT\system32\dxser.dll
Successfully Deleted: C:\WINNT\system32\dxser.dll
deleting: C:\WINNT\system32\oxe32.dll
Successfully Deleted: C:\WINNT\system32\oxe32.dll
deleting: C:\WINNT\system32\eis.dll
Successfully Deleted: C:\WINNT\system32\eis.dll
deleting: C:\WINNT\system32\ocethk32.dll
Successfully Deleted: C:\WINNT\system32\ocethk32.dll
deleting: C:\WINNT\system32\ajmfd.dll
Successfully Deleted: C:\WINNT\system32\ajmfd.dll
deleting: C:\WINNT\system32\wr2_32.dll
Successfully Deleted: C:\WINNT\system32\wr2_32.dll
deleting: C:\WINNT\system32\psspl.dll
Successfully Deleted: C:\WINNT\system32\psspl.dll
deleting: C:\WINNT\system32\cmral.dll
Successfully Deleted: C:\WINNT\system32\cmral.dll
deleting: C:\WINNT\system32\wsvdmod.dll
Successfully Deleted: C:\WINNT\system32\wsvdmod.dll
deleting: C:\WINNT\system32\ippeers.dll
Successfully Deleted: C:\WINNT\system32\ippeers.dll
deleting: C:\WINNT\system32\aeptif.dll
Successfully Deleted: C:\WINNT\system32\aeptif.dll
deleting: C:\WINNT\system32\MESTKPRP.DLL
Successfully Deleted: C:\WINNT\system32\MESTKPRP.DLL
deleting: C:\WINNT\system32\sqofr.dll
Successfully Deleted: C:\WINNT\system32\sqofr.dll
deleting: C:\WINNT\system32\EFPCHP.DLL
Successfully Deleted: C:\WINNT\system32\EFPCHP.DLL
deleting: C:\WINNT\system32\atupd.dll
Successfully Deleted: C:\WINNT\system32\atupd.dll
deleting: C:\WINNT\system32\ktdmac.dll
Successfully Deleted: C:\WINNT\system32\ktdmac.dll
deleting: C:\WINNT\system32\tkfflt.dll
Successfully Deleted: C:\WINNT\system32\tkfflt.dll
deleting: C:\WINNT\system32\sdrobj.dll
Successfully Deleted: C:\WINNT\system32\sdrobj.dll
deleting: C:\WINNT\system32\r66ulgj916o.dll
Successfully Deleted: C:\WINNT\system32\r66ulgj916o.dll
deleting: C:\WINNT\system32\wdvdmod.dll
Successfully Deleted: C:\WINNT\system32\wdvdmod.dll
deleting: C:\WINNT\system32\ljcalui.dll
Successfully Deleted: C:\WINNT\system32\ljcalui.dll
deleting: C:\WINNT\system32\enlul1391.dll
Successfully Deleted: C:\WINNT\system32\enlul1391.dll
deleting: C:\WINNT\system32\drdlgs.dll
Successfully Deleted: C:\WINNT\system32\drdlgs.dll
deleting: C:\WINNT\system32\ktlul7391.dll
Successfully Deleted: C:\WINNT\system32\ktlul7391.dll
deleting: C:\WINNT\system32\iEspolcy.dll
Successfully Deleted: C:\WINNT\system32\iEspolcy.dll
deleting: C:\WINNT\system32\enrul1991.dll
Successfully Deleted: C:\WINNT\system32\enrul1991.dll
deleting: C:\WINNT\system32\n8p4li7q18.dll
Successfully Deleted: C:\WINNT\system32\n8p4li7q18.dll
deleting: C:\WINNT\system32\sirobj.dll
Successfully Deleted: C:\WINNT\system32\sirobj.dll
deleting: C:\WINNT\system32\gp2ql3f51.dll
Successfully Deleted: C:\WINNT\system32\gp2ql3f51.dll
deleting: C:\WINNT\system32\s4880eluehq80.dll
Successfully Deleted: C:\WINNT\system32\s4880eluehq80.dll
deleting: C:\WINNT\system32\lvrq0995e.dll
Successfully Deleted: C:\WINNT\system32\lvrq0995e.dll
deleting: C:\WINNT\system32\nqwdev.dll
Successfully Deleted: C:\WINNT\system32\nqwdev.dll
deleting: C:\WINNT\system32\dlnmpntw.dll
Successfully Deleted: C:\WINNT\system32\dlnmpntw.dll
deleting: C:\WINNT\system32\xzlugin.dll
Successfully Deleted: C:\WINNT\system32\xzlugin.dll
deleting: C:\WINNT\system32\akifil32.dll
Successfully Deleted: C:\WINNT\system32\akifil32.dll
deleting: C:\WINNT\system32\axmlib.dll
Successfully Deleted: C:\WINNT\system32\axmlib.dll
deleting: C:\WINNT\system32\buowselc.dll
Successfully Deleted: C:\WINNT\system32\buowselc.dll
deleting: C:\WINNT\system32\hrn8055ue.dll
Successfully Deleted: C:\WINNT\system32\hrn8055ue.dll
deleting: C:\WINNT\system32\lv6409jqe.dll
Successfully Deleted: C:\WINNT\system32\lv6409jqe.dll
deleting: C:\WINNT\system32\irn0l55m1.dll
Successfully Deleted: C:\WINNT\system32\irn0l55m1.dll
deleting: C:\WINNT\system32\irp4l57q1.dll
Successfully Deleted: C:\WINNT\system32\irp4l57q1.dll
deleting: C:\WINNT\system32\ir42l5ho1.dll
Successfully Deleted: C:\WINNT\system32\ir42l5ho1.dll
deleting: C:\WINNT\system32\mydmo.dll
Successfully Deleted: C:\WINNT\system32\mydmo.dll
deleting: C:\WINNT\system32\aza80eluehq80.dll
Successfully Deleted: C:\WINNT\system32\aza80eluehq80.dll
deleting: C:\WINNT\system32\mv20l9fm1.dll
Successfully Deleted: C:\WINNT\system32\mv20l9fm1.dll
deleting: C:\WINNT\system32\aza0l55m1.dll
Successfully Deleted: C:\WINNT\system32\aza0l55m1.dll
deleting: C:\WINNT\system32\MXT2FW95.DLL
Successfully Deleted: C:\WINNT\system32\MXT2FW95.DLL
deleting: C:\WINNT\system32\n0p4la7q1d.dll
Successfully Deleted: C:\WINNT\system32\n0p4la7q1d.dll
deleting: C:\WINNT\system32\cputil.dll
Successfully Deleted: C:\WINNT\system32\cputil.dll
deleting: C:\WINNT\system32\cemsvcs.dll
Successfully Deleted: C:\WINNT\system32\cemsvcs.dll
deleting: C:\WINNT\system32\nrtrap.dll
Successfully Deleted: C:\WINNT\system32\nrtrap.dll
deleting: C:\WINNT\system32\cvmcat.dll
Successfully Deleted: C:\WINNT\system32\cvmcat.dll
deleting: C:\WINNT\system32\g4jole131h.dll
Successfully Deleted: C:\WINNT\system32\g4jole131h.dll
deleting: C:\WINNT\system32\mjdemui.dll
Successfully Deleted: C:\WINNT\system32\mjdemui.dll
deleting: C:\WINNT\system32\vtt3216.dll
Successfully Deleted: C:\WINNT\system32\vtt3216.dll
deleting: C:\WINNT\system32\oifox32.dll
Successfully Deleted: C:\WINNT\system32\oifox32.dll
deleting: C:\WINNT\system32\s6rslg9716.dll
Successfully Deleted: C:\WINNT\system32\s6rslg9716.dll
deleting: C:\WINNT\system32\gYjole131h.dll
Successfully Deleted: C:\WINNT\system32\gYjole131h.dll
deleting: C:\WINNT\system32\mdfutil.dll
Successfully Deleted: C:\WINNT\system32\mdfutil.dll
deleting: C:\WINNT\system32\cspbk32.dll
Successfully Deleted: C:\WINNT\system32\cspbk32.dll
deleting: C:\WINNT\system32\o2840clqefqe0.dll
Successfully Deleted: C:\WINNT\system32\o2840clqefqe0.dll
deleting: C:\WINNT\system32\chmdlg32.dll
Successfully Deleted: C:\WINNT\system32\chmdlg32.dll
deleting: C:\WINNT\system32\mqvcp50.dll
Successfully Deleted: C:\WINNT\system32\mqvcp50.dll
deleting: C:\WINNT\system32\lvl0093me.dll
Successfully Deleted: C:\WINNT\system32\lvl0093me.dll
deleting: C:\WINNT\system32\q8860ilse8q60.dll
Successfully Deleted: C:\WINNT\system32\q8860ilse8q60.dll
deleting: C:\WINNT\system32\ikaksie.dll
Successfully Deleted: C:\WINNT\system32\ikaksie.dll
deleting: C:\WINNT\system32\daspex.dll
Successfully Deleted: C:\WINNT\system32\daspex.dll
deleting: C:\WINNT\system32\nttdtect.dll
Successfully Deleted: C:\WINNT\system32\nttdtect.dll
deleting: C:\WINNT\system32\idrtprio.dll
Successfully Deleted: C:\WINNT\system32\idrtprio.dll
deleting: C:\WINNT\system32\sglwoa.dll
Successfully Deleted: C:\WINNT\system32\sglwoa.dll
deleting: C:\WINNT\system32\NBCMPS.DLL
Successfully Deleted: C:\WINNT\system32\NBCMPS.DLL
deleting: C:\WINNT\system32\wkdmlog.dll
Successfully Deleted: C:\WINNT\system32\wkdmlog.dll
deleting: C:\WINNT\system32\hrn6055se.dll
Successfully Deleted: C:\WINNT\system32\hrn6055se.dll
deleting: C:\WINNT\system32\mv24l9fq1.dll
Successfully Deleted: C:\WINNT\system32\mv24l9fq1.dll
deleting: C:\WINNT\system32\i4jq0e15eh.dll
Successfully Deleted: C:\WINNT\system32\i4jq0e15eh.dll
deleting: C:\WINNT\system32\d80m0id1e80.dll
Successfully Deleted: C:\WINNT\system32\d80m0id1e80.dll
deleting: C:\WINNT\system32\p6n8lg5u16.dll
Successfully Deleted: C:\WINNT\system32\p6n8lg5u16.dll
deleting: C:\WINNT\system32\jt2207foe.dll
Successfully Deleted: C:\WINNT\system32\jt2207foe.dll
deleting: C:\WINNT\system32\p6p6lg7s16.dll
Successfully Deleted: C:\WINNT\system32\p6p6lg7s16.dll
deleting: C:\WINNT\system32\g8lmli3118.dll
Successfully Deleted: C:\WINNT\system32\g8lmli3118.dll
deleting: C:\WINNT\system32\lv6609jse.dll
Successfully Deleted: C:\WINNT\system32\lv6609jse.dll
deleting: C:\WINNT\system32\c000ladm1d0a.dll
Successfully Deleted: C:\WINNT\system32\c000ladm1d0a.dll
deleting: C:\WINNT\system32\irnml5511.dll
Successfully Deleted: C:\WINNT\system32\irnml5511.dll
deleting: C:\WINNT\system32\ktpul7791.dll
Successfully Deleted: C:\WINNT\system32\ktpul7791.dll
deleting: C:\WINNT\system32\irlql5351.dll
Successfully Deleted: C:\WINNT\system32\irlql5351.dll
deleting: C:\WINNT\system32\hrj8051ue.dll
Successfully Deleted: C:\WINNT\system32\hrj8051ue.dll
deleting: C:\WINNT\system32\k6nolg5316.dll
Successfully Deleted: C:\WINNT\system32\k6nolg5316.dll
deleting: C:\WINNT\system32\mudocs.dll
Successfully Deleted: C:\WINNT\system32\mudocs.dll
deleting: C:\WINNT\system32\h6l2lg3o16.dll
Successfully Deleted: C:\WINNT\system32\h6l2lg3o16.dll
deleting: C:\WINNT\system32\SY2stat.DLL
Successfully Deleted: C:\WINNT\system32\SY2stat.DLL
deleting: C:\WINNT\system32\j0l4la3q1d.dll
Successfully Deleted: C:\WINNT\system32\j0l4la3q1d.dll
deleting: C:\WINNT\system32\dg16gt.dLL
Successfully Deleted: C:\WINNT\system32\dg16gt.dLL
deleting: C:\WINNT\system32\mv42l9ho1.dll
Successfully Deleted: C:\WINNT\system32\mv42l9ho1.dll
deleting: C:\WINNT\system32\iC1xgdev.dll
Successfully Deleted: C:\WINNT\system32\iC1xgdev.dll
deleting: C:\WINNT\system32\irnol5531.dll
Successfully Deleted: C:\WINNT\system32\irnol5531.dll
deleting: C:\WINNT\system32\r28slcl71fq.dll
Successfully Deleted: C:\WINNT\system32\r28slcl71fq.dll
deleting: C:\WINNT\system32\aspmgr.dll
Successfully Deleted: C:\WINNT\system32\aspmgr.dll
deleting: C:\WINNT\system32\o0lu0a39ed.dll
Successfully Deleted: C:\WINNT\system32\o0lu0a39ed.dll
deleting: C:\WINNT\system32\p66s0gj7e6o.dll
Successfully Deleted: C:\WINNT\system32\p66s0gj7e6o.dll
deleting: C:\WINNT\system32\g2220cfoef2c0.dll
Successfully Deleted: C:\WINNT\system32\g2220cfoef2c0.dll
deleting: C:\WINNT\system32\kt6ul7j91.dll
Successfully Deleted: C:\WINNT\system32\kt6ul7j91.dll
deleting: C:\WINNT\system32\fp0m03d1e.dll
Successfully Deleted: C:\WINNT\system32\fp0m03d1e.dll
deleting: C:\WINNT\system32\dRd9.dll
Successfully Deleted: C:\WINNT\system32\dRd9.dll
deleting: C:\WINNT\system32\ir2ol5f31.dll
Successfully Deleted: C:\WINNT\system32\ir2ol5f31.dll
deleting: C:\WINNT\system32\lvp4097qe.dll
Successfully Deleted: C:\WINNT\system32\lvp4097qe.dll
deleting: C:\WINNT\system32\azaml5511.dll
Successfully Deleted: C:\WINNT\system32\azaml5511.dll
deleting: C:\WINNT\system32\aza8051ue.dll
Successfully Deleted: C:\WINNT\system32\aza8051ue.dll
deleting: C:\WINNT\system32\aza6l1js1.dll
Successfully Deleted: C:\WINNT\system32\aza6l1js1.dll
deleting: C:\WINNT\system32\lv2209foe.dll
Successfully Deleted: C:\WINNT\system32\lv2209foe.dll
deleting: C:\WINNT\system32\k626lgfs1626.dll
Successfully Deleted: C:\WINNT\system32\k626lgfs1626.dll
deleting: C:\WINNT\system32\MZPI.DLL
Successfully Deleted: C:\WINNT\system32\MZPI.DLL
deleting: C:\WINNT\system32\i042laho1d4c.dll
Successfully Deleted: C:\WINNT\system32\i042laho1d4c.dll
deleting: C:\WINNT\system32\s688lglu16q8.dll
Successfully Deleted: C:\WINNT\system32\s688lglu16q8.dll
deleting: C:\WINNT\system32\iF1xcoin.dll
Successfully Deleted: C:\WINNT\system32\iF1xcoin.dll
deleting: C:\WINNT\system32\rvpsnd.dll
Successfully Deleted: C:\WINNT\system32\rvpsnd.dll

Desktop.ini sucessfully removed

Zipping up files for submission:
adding: enrul1991.dll (deflated 4%)
adding: n8p4li7q18.dll (deflated 5%)
adding: gp2ql3f51.dll (deflated 4%)
adding: s4880eluehq80.dll (deflated 3%)
adding: lvrq0995e.dll (deflated 3%)
adding: nqwdev.dll (deflated 4%)
adding: dlnmpntw.dll (deflated 4%)
adding: xzlugin.dll (deflated 5%)
adding: akifil32.dll (deflated 5%)
adding: axmlib.dll (deflated 4%)
adding: buowselc.dll (deflated 5%)
adding: hrn8055ue.dll (deflated 4%)
adding: lv6409jqe.dll (deflated 4%)
adding: irn0l55m1.dll (deflated 4%)
adding: irp4l57q1.dll (deflated 4%)
adding: ir42l5ho1.dll (deflated 3%)
adding: mydmo.dll (deflated 5%)
adding: aza80eluehq80.dll (deflated 5%)
adding: mv20l9fm1.dll (deflated 3%)
adding: EAPMON2.DLL (deflated 4%)
adding: lcb.dll (deflated 5%)
adding: szobject.dll (deflated 5%)
adding: gnu32.dll (deflated 5%)
adding: ddactfrm.dll (deflated 5%)
adding: nmmsmgr.dll (deflated 5%)
adding: slgtab.dll (deflated 4%)
adding: rjhx32.dll (deflated 4%)
adding: uqnphost.dll (deflated 4%)
adding: abmparse.dll (deflated 4%)
adding: drser.dll (deflated 3%)
adding: dmnlobby.dll (deflated 4%)
adding: cxodm.dll (deflated 4%)
adding: sai.dll (deflated 4%)
adding: dlactfrm.dll (deflated 4%)
adding: rjnd.dll (deflated 4%)
adding: afwav.dll (deflated 4%)
adding: mkratelc.dll (deflated 4%)
adding: en68l1ju1.dll (deflated 4%)
adding: osbcbcp.dll (deflated 4%)
adding: mz3216.dll (deflated 4%)
adding: asmeter.dll (deflated 4%)
adding: en66l1js1.dll (deflated 4%)
adding: oyecnv32.dll (deflated 4%)
adding: ir82l5lo1.dll (deflated 4%)
adding: cmadmin.dll (deflated 5%)
adding: khdpl.dll (deflated 3%)
adding: aaifile.dll (deflated 4%)
adding: dxser.dll (deflated 3%)
adding: oxe32.dll (deflated 4%)
adding: eis.dll (deflated 4%)
adding: ocethk32.dll (deflated 4%)
adding: ajmfd.dll (deflated 4%)
adding: wr2_32.dll (deflated 4%)
adding: psspl.dll (deflated 4%)
adding: cmral.dll (deflated 4%)
adding: wsvdmod.dll (deflated 4%)
adding: ippeers.dll (deflated 4%)
adding: aeptif.dll (deflated 4%)
adding: MESTKPRP.DLL (deflated 4%)
adding: sqofr.dll (deflated 5%)
adding: EFPCHP.DLL (deflated 4%)
adding: atupd.dll (deflated 3%)
adding: ktdmac.dll (deflated 4%)
adding: tkfflt.dll (deflated 4%)
adding: sdrobj.dll (deflated 4%)
adding: r66ulgj916o.dll (deflated 4%)
adding: wdvdmod.dll (deflated 3%)
adding: ljcalui.dll (deflated 3%)
adding: enlul1391.dll (deflated 4%)
adding: drdlgs.dll (deflated 3%)
adding: ktlul7391.dll (deflated 4%)
adding: iEspolcy.dll (deflated 4%)
adding: sirobj.dll (deflated 4%)
adding: aza0l55m1.dll (deflated 4%)
adding: MXT2FW95.DLL (deflated 5%)
adding: n0p4la7q1d.dll (deflated 3%)
adding: cputil.dll (deflated 4%)
adding: cemsvcs.dll (deflated 4%)
adding: nrtrap.dll (deflated 4%)
adding: cvmcat.dll (deflated 4%)
adding: g4jole131h.dll (deflated 4%)
adding: mjdemui.dll (deflated 5%)
adding: vtt3216.dll (deflated 4%)
adding: oifox32.dll (deflated 4%)
adding: s6rslg9716.dll (deflated 4%)
adding: gYjole131h.dll (deflated 3%)
adding: mdfutil.dll (deflated 4%)
adding: cspbk32.dll (deflated 5%)
adding: o2840clqefqe0.dll (deflated 3%)
adding: chmdlg32.dll (deflated 5%)
adding: mqvcp50.dll (deflated 5%)
adding: lvl0093me.dll (deflated 3%)
adding: q8860ilse8q60.dll (deflated 3%)
adding: ikaksie.dll (deflated 4%)
adding: daspex.dll (deflated 4%)
adding: nttdtect.dll (deflated 4%)
adding: idrtprio.dll (deflated 5%)
adding: sglwoa.dll (deflated 3%)
adding: NBCMPS.DLL (deflated 3%)
adding: wkdmlog.dll (deflated 3%)
adding: hrn6055se.dll (deflated 4%)
adding: mv24l9fq1.dll (deflated 4%)
adding: i4jq0e15eh.dll (deflated 4%)
adding: d80m0id1e80.dll (deflated 4%)
adding: p6n8lg5u16.dll (deflated 5%)
adding: jt2207foe.dll (deflated 5%)
adding: p6p6lg7s16.dll (deflated 5%)
adding: g8lmli3118.dll (deflated 5%)
adding: lv6609jse.dll (deflated 5%)
adding: c000ladm1d0a.dll (deflated 4%)
adding: irnml5511.dll (deflated 4%)
adding: ktpul7791.dll (deflated 4%)
adding: irlql5351.dll (deflated 5%)
adding: hrj8051ue.dll (deflated 3%)
adding: k6nolg5316.dll (deflated 4%)
adding: mudocs.dll (deflated 5%)
adding: h6l2lg3o16.dll (deflated 3%)
adding: SY2stat.DLL (deflated 3%)
adding: j0l4la3q1d.dll (deflated 4%)
adding: dg16gt.dLL (deflated 5%)
adding: mv42l9ho1.dll (deflated 3%)
adding: iC1xgdev.dll (deflated 5%)
adding: irnol5531.dll (deflated 4%)
adding: r28slcl71fq.dll (deflated 5%)
adding: aspmgr.dll (deflated 3%)
adding: o0lu0a39ed.dll (deflated 4%)
adding: p66s0gj7e6o.dll (deflated 3%)
adding: g2220cfoef2c0.dll (deflated 4%)
adding: kt6ul7j91.dll (deflated 4%)
adding: fp0m03d1e.dll (deflated 4%)
adding: dRd9.dll (deflated 4%)
adding: ir2ol5f31.dll (deflated 4%)
adding: lvp4097qe.dll (deflated 4%)
adding: azaml5511.dll (deflated 4%)
adding: aza8051ue.dll (deflated 4%)
adding: aza6l1js1.dll (deflated 4%)
adding: lv2209foe.dll (deflated 4%)
adding: k626lgfs1626.dll (deflated 5%)
adding: MZPI.DLL (deflated 4%)
adding: i042laho1d4c.dll (deflated 4%)
adding: s688lglu16q8.dll (deflated 5%)
adding: iF1xcoin.dll (deflated 4%)
adding: rvpsnd.dll (deflated 4%)
adding: cecho.reg (deflated 2%)
adding: echo.reg (deflated 10%)
adding: clear.reg (deflated 64%)
adding: desktop.ini (deflated 13%)
adding: readme.txt (deflated 49%)
adding: direct.txt (stored 0%)
adding: report.txt (deflated 71%)
adding: lo2.txt (deflated 87%)
adding: test2.txt (deflated 45%)
adding: test.txt (deflated 84%)
adding: xfind.txt (deflated 79%)
adding: backregs/shell.reg (deflated 74%)
adding: backregs/27B8190B-F489-4542-B3BA-DD3023EAA8E9.reg (deflated 70%)
adding: backregs/0E26C7EA-804C-4D93-9F7A-2256977F24D7.reg (deflated 70%)
adding: backregs/96C1190D-A5E4-4822-AA55-4AAD29E08CDF.reg (deflated 70%)
adding: backregs/4D3CD168-B513-43B7-BA32-CE498A21CBA4.reg (deflated 70%)
adding: backregs/470668F8-6864-4002-8EA6-5BCF362CB3EB.reg (deflated 70%)
adding: backregs/88250AB9-7025-414C-B367-780EB726A334.reg (deflated 70%)

Restoring Registry Permissions:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Revoking access for really "Everyone"

Registry permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(ID-NI) ALLOW Read BUILTIN\Utilisateurs
(ID-IO) ALLOW Read BUILTIN\Utilisateurs
(ID-NI) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-IO) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-NI) ALLOW Full access BUILTIN\Administrateurs
(ID-IO) ALLOW Full access BUILTIN\Administrateurs
(ID-NI) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE

Restoring Sedebugprivilege:

Granting SeDebugPrivilege to Administrators ... failed (GetAccountSid(Administrators)=1332

deleting local copy: EAPMON2.DLL
deleting local copy: lcb.dll
deleting local copy: szobject.dll
deleting local copy: gnu32.dll
deleting local copy: ddactfrm.dll
deleting local copy: nmmsmgr.dll
deleting local copy: slgtab.dll
deleting local copy: rjhx32.dll
deleting local copy: uqnphost.dll
deleting local copy: abmparse.dll
deleting local copy: drser.dll
deleting local copy: dmnlobby.dll
deleting local copy: cxodm.dll
deleting local copy: sai.dll
deleting local copy: dlactfrm.dll
deleting local copy: rjnd.dll
deleting local copy: afwav.dll
deleting local copy: mkratelc.dll
deleting local copy: en68l1ju1.dll
deleting local copy: osbcbcp.dll
deleting local copy: mz3216.dll
deleting local copy: asmeter.dll
deleting local copy: en66l1js1.dll
deleting local copy: oyecnv32.dll
deleting local copy: ir82l5lo1.dll
deleting local copy: cmadmin.dll
deleting local copy: khdpl.dll
deleting local copy: aaifile.dll
deleting local copy: dxser.dll
deleting local copy: oxe32.dll
deleting local copy: eis.dll
deleting local copy: ocethk32.dll
deleting local copy: ajmfd.dll
deleting local copy: wr2_32.dll
deleting local copy: psspl.dll
deleting local copy: cmral.dll
deleting local copy: wsvdmod.dll
deleting local copy: ippeers.dll
deleting local copy: aeptif.dll
deleting local copy: MESTKPRP.DLL
deleting local copy: sqofr.dll
deleting local copy: EFPCHP.DLL
deleting local copy: atupd.dll
deleting local copy: ktdmac.dll
deleting local copy: tkfflt.dll
deleting local copy: sdrobj.dll
deleting local copy: r66ulgj916o.dll
deleting local copy: wdvdmod.dll
deleting local copy: ljcalui.dll
deleting local copy: enlul1391.dll
deleting local copy: drdlgs.dll
deleting local copy: ktlul7391.dll
deleting local copy: iEspolcy.dll
deleting local copy: enrul1991.dll
deleting local copy: n8p4li7q18.dll
deleting local copy: sirobj.dll
deleting local copy: gp2ql3f51.dll
deleting local copy: s4880eluehq80.dll
deleting local copy: lvrq0995e.dll
deleting local copy: nqwdev.dll
deleting local copy: dlnmpntw.dll
deleting local copy: xzlugin.dll
deleting local copy: akifil32.dll
deleting local copy: axmlib.dll
deleting local copy: buowselc.dll
deleting local copy: hrn8055ue.dll
deleting local copy: lv6409jqe.dll
deleting local copy: irn0l55m1.dll
deleting local copy: irp4l57q1.dll
deleting local copy: ir42l5ho1.dll
deleting local copy: mydmo.dll
deleting local copy: aza80eluehq80.dll
deleting local copy: mv20l9fm1.dll
deleting local copy: aza0l55m1.dll
deleting local copy: MXT2FW95.DLL
deleting local copy: n0p4la7q1d.dll
deleting local copy: cputil.dll
deleting local copy: cemsvcs.dll
deleting local copy: nrtrap.dll
deleting local copy: cvmcat.dll
deleting local copy: g4jole131h.dll
deleting local copy: mjdemui.dll
deleting local copy: vtt3216.dll
deleting local copy: oifox32.dll
deleting local copy: s6rslg9716.dll
deleting local copy: gYjole131h.dll
deleting local copy: mdfutil.dll
deleting local copy: cspbk32.dll
deleting local copy: o2840clqefqe0.dll
deleting local copy: chmdlg32.dll
deleting local copy: mqvcp50.dll
deleting local copy: lvl0093me.dll
deleting local copy: q8860ilse8q60.dll
deleting local copy: ikaksie.dll
deleting local copy: daspex.dll
deleting local copy: nttdtect.dll
deleting local copy: idrtprio.dll
deleting local copy: sglwoa.dll
deleting local copy: NBCMPS.DLL
deleting local copy: wkdmlog.dll
deleting local copy: hrn6055se.dll
deleting local copy: mv24l9fq1.dll
deleting local copy: i4jq0e15eh.dll
deleting local copy: d80m0id1e80.dll
deleting local copy: p6n8lg5u16.dll
deleting local copy: jt2207foe.dll
deleting local copy: p6p6lg7s16.dll
deleting local copy: g8lmli3118.dll
deleting local copy: lv6609jse.dll
deleting local copy: c000ladm1d0a.dll
deleting local copy: irnml5511.dll
deleting local copy: ktpul7791.dll
deleting local copy: irlql5351.dll
deleting local copy: hrj8051ue.dll
deleting local copy: k6nolg5316.dll
deleting local copy: mudocs.dll
deleting local copy: h6l2lg3o16.dll
deleting local copy: SY2stat.DLL
deleting local copy: j0l4la3q1d.dll
deleting local copy: dg16gt.dLL
deleting local copy: mv42l9ho1.dll
deleting local copy: iC1xgdev.dll
deleting local copy: irnol5531.dll
deleting local copy: r28slcl71fq.dll
deleting local copy: aspmgr.dll
deleting local copy: o0lu0a39ed.dll
deleting local copy: p66s0gj7e6o.dll
deleting local copy: g2220cfoef2c0.dll
deleting local copy: kt6ul7j91.dll
deleting local copy: fp0m03d1e.dll
deleting local copy: dRd9.dll
deleting local copy: ir2ol5f31.dll
deleting local copy: lvp4097qe.dll
deleting local copy: azaml5511.dll
deleting local copy: aza8051ue.dll
deleting local copy: aza6l1js1.dll
deleting local copy: lv2209foe.dll
deleting local copy: k626lgfs1626.dll
deleting local copy: MZPI.DLL
deleting local copy: i042laho1d4c.dll
deleting local copy: s688lglu16q8.dll
deleting local copy: iF1xcoin.dll
deleting local copy: rvpsnd.dll

The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

The following are the files found:
****************************************************************************
C:\WINNT\system32\EAPMON2.DLL
C:\WINNT\system32\lcb.dll
C:\WINNT\system32\szobject.dll
C:\WINNT\system32\gnu32.dll
C:\WINNT\system32\ddactfrm.dll
C:\WINNT\system32\nmmsmgr.dll
C:\WINNT\system32\slgtab.dll
C:\WINNT\system32\rjhx32.dll
C:\WINNT\system32\uqnphost.dll
C:\WINNT\system32\abmparse.dll
C:\WINNT\system32\drser.dll
C:\WINNT\system32\dmnlobby.dll
C:\WINNT\system32\cxodm.dll
C:\WINNT\system32\sai.dll
C:\WINNT\system32\dlactfrm.dll
C:\WINNT\system32\rjnd.dll
C:\WINNT\system32\afwav.dll
C:\WINNT\system32\mkratelc.dll
C:\WINNT\system32\en68l1ju1.dll
C:\WINNT\system32\osbcbcp.dll
C:\WINNT\system32\mz3216.dll
C:\WINNT\system32\asmeter.dll
C:\WINNT\system32\en66l1js1.dll
C:\WINNT\system32\oyecnv32.dll
C:\WINNT\system32\ir82l5lo1.dll
C:\WINNT\system32\cmadmin.dll
C:\WINNT\system32\khdpl.dll
C:\WINNT\system32\aaifile.dll
C:\WINNT\system32\dxser.dll
C:\WINNT\system32\oxe32.dll
C:\WINNT\system32\eis.dll
C:\WINNT\system32\ocethk32.dll
C:\WINNT\system32\ajmfd.dll
C:\WINNT\system32\wr2_32.dll
C:\WINNT\system32\psspl.dll
C:\WINNT\system32\cmral.dll
C:\WINNT\system32\wsvdmod.dll
C:\WINNT\system32\ippeers.dll
C:\WINNT\system32\aeptif.dll
C:\WINNT\system32\MESTKPRP.DLL
C:\WINNT\system32\sqofr.dll
C:\WINNT\system32\EFPCHP.DLL
C:\WINNT\system32\atupd.dll
C:\WINNT\system32\ktdmac.dll
C:\WINNT\system32\tkfflt.dll
C:\WINNT\system32\sdrobj.dll
C:\WINNT\system32\r66ulgj916o.dll
C:\WINNT\system32\wdvdmod.dll
C:\WINNT\system32\ljcalui.dll
C:\WINNT\system32\enlul1391.dll
C:\WINNT\system32\drdlgs.dll
C:\WINNT\system32\ktlul7391.dll
C:\WINNT\system32\iEspolcy.dll
C:\WINNT\system32\enrul1991.dll
C:\WINNT\system32\n8p4li7q18.dll
C:\WINNT\system32\sirobj.dll
C:\WINNT\system32\gp2ql3f51.dll
C:\WINNT\system32\s4880eluehq80.dll
C:\WINNT\system32\lvrq0995e.dll
C:\WINNT\system32\nqwdev.dll
C:\WINNT\system32\dlnmpntw.dll
C:\WINNT\system32\xzlugin.dll
C:\WINNT\system32\akifil32.dll
C:\WINNT\system32\axmlib.dll
C:\WINNT\system32\buowselc.dll
C:\WINNT\system32\hrn8055ue.dll
C:\WINNT\system32\lv6409jqe.dll
C:\WINNT\system32\irn0l55m1.dll
C:\WINNT\system32\irp4l57q1.dll
C:\WINNT\system32\ir42l5ho1.dll
C:\WINNT\system32\mydmo.dll
C:\WINNT\system32\aza80eluehq80.dll
C:\WINNT\system32\mv20l9fm1.dll
C:\WINNT\system32\aza0l55m1.dll
C:\WINNT\system32\MXT2FW95.DLL
C:\WINNT\system32\n0p4la7q1d.dll
C:\WINNT\system32\cputil.dll
C:\WINNT\system32\cemsvcs.dll
C:\WINNT\system32\nrtrap.dll
C:\WINNT\system32\cvmcat.dll
C:\WINNT\system32\g4jole131h.dll
C:\WINNT\system32\mjdemui.dll
C:\WINNT\system32\vtt3216.dll
C:\WINNT\system32\oifox32.dll
C:\WINNT\system32\s6rslg9716.dll
C:\WINNT\system32\gYjole131h.dll
C:\WINNT\system32\mdfutil.dll
C:\WINNT\system32\cspbk32.dll
C:\WINNT\system32\o2840clqefqe0.dll
C:\WINNT\system32\chmdlg32.dll
C:\WINNT\system32\mqvcp50.dll
C:\WINNT\system32\lvl0093me.dll
C:\WINNT\system32\q8860ilse8q60.dll
C:\WINNT\system32\ikaksie.dll
C:\WINNT\system32\daspex.dll
C:\WINNT\system32\nttdtect.dll
C:\WINNT\system32\idrtprio.dll
C:\WINNT\system32\sglwoa.dll
C:\WINNT\system32\NBCMPS.DLL
C:\WINNT\system32\wkdmlog.dll
C:\WINNT\system32\hrn6055se.dll
C:\WINNT\system32\mv24l9fq1.dll
C:\WINNT\system32\i4jq0e15eh.dll
C:\WINNT\system32\d80m0id1e80.dll
C:\WINNT\system32\p6n8lg5u16.dll
C:\WINNT\system32\jt2207foe.dll
C:\WINNT\system32\p6p6lg7s16.dll
C:\WINNT\system32\g8lmli3118.dll
C:\WINNT\system32\lv6609jse.dll
C:\WINNT\system32\c000ladm1d0a.dll
C:\WINNT\system32\irnml5511.dll
C:\WINNT\system32\ktpul7791.dll
C:\WINNT\system32\irlql5351.dll
C:\WINNT\system32\hrj8051ue.dll
C:\WINNT\system32\k6nolg5316.dll
C:\WINNT\system32\mudocs.dll
C:\WINNT\system32\h6l2lg3o16.dll
C:\WINNT\system32\SY2stat.DLL
C:\WINNT\system32\j0l4la3q1d.dll
C:\WINNT\system32\dg16gt.dLL
C:\WINNT\system32\mv42l9ho1.dll
C:\WINNT\system32\iC1xgdev.dll
C:\WINNT\system32\irnol5531.dll
C:\WINNT\system32\r28slcl71fq.dll
C:\WINNT\system32\aspmgr.dll
C:\WINNT\system32\o0lu0a39ed.dll
C:\WINNT\system32\p66s0gj7e6o.dll
C:\WINNT\system32\g2220cfoef2c0.dll
C:\WINNT\system32\kt6ul7j91.dll
C:\WINNT\system32\fp0m03d1e.dll
C:\WINNT\system32\dRd9.dll
C:\WINNT\system32\ir2ol5f31.dll
C:\WINNT\system32\lvp4097qe.dll
C:\WINNT\system32\azaml5511.dll
C:\WINNT\system32\aza8051ue.dll
C:\WINNT\system32\aza6l1js1.dll
C:\WINNT\system32\lv2209foe.dll
C:\WINNT\system32\k626lgfs1626.dll
C:\WINNT\system32\MZPI.DLL
C:\WINNT\system32\i042laho1d4c.dll
C:\WINNT\system32\s688lglu16q8.dll
C:\WINNT\system32\iF1xcoin.dll
C:\WINNT\system32\rvpsnd.dll

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{27B8190B-F489-4542-B3BA-DD3023EAA8E9}"=-
"{6A863F26-0103-4B61-B89F-7DEB8C41CD27}"=-
"{874B3A91-9A35-4116-9592-14260252ED88}"=-
"{5BEE76FB-65B0-436D-A0B3-514B4A490A26}"=-
"{CA920A2C-F167-4B34-AEC6-3E001C955EF4}"=-
"{0E26C7EA-804C-4D93-9F7A-2256977F24D7}"=-
"{96C1190D-A5E4-4822-AA55-4AAD29E08CDF}"=-
"{4D3CD168-B513-43B7-BA32-CE498A21CBA4}"=-
"{470668F8-6864-4002-8EA6-5BCF362CB3EB}"=-
"{88250AB9-7025-414C-B367-780EB726A334}"=-
[-HKEY_CLASSES_ROOT\CLSID\{27B8190B-F489-4542-B3BA-DD3023EAA8E9}]
[-HKEY_CLASSES_ROOT\CLSID\{6A863F26-0103-4B61-B89F-7DEB8C41CD27}]
[-HKEY_CLASSES_ROOT\CLSID\{874B3A91-9A35-4116-9592-14260252ED88}]
[-HKEY_CLASSES_ROOT\CLSID\{5BEE76FB-65B0-436D-A0B3-514B4A490A26}]
[-HKEY_CLASSES_ROOT\CLSID\{CA920A2C-F167-4B34-AEC6-3E001C955EF4}]
[-HKEY_CLASSES_ROOT\CLSID\{0E26C7EA-804C-4D93-9F7A-2256977F24D7}]
[-HKEY_CLASSES_ROOT\CLSID\{96C1190D-A5E4-4822-AA55-4AAD29E08CDF}]
[-HKEY_CLASSES_ROOT\CLSID\{4D3CD168-B513-43B7-BA32-CE498A21CBA4}]
[-HKEY_CLASSES_ROOT\CLSID\{470668F8-6864-4002-8EA6-5BCF362CB3EB}]
[-HKEY_CLASSES_ROOT\CLSID\{88250AB9-7025-414C-B367-780EB726A334}]
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{D916A2A0-E313-4B49-AF2D-9B9D63FAF647}"=-
****************************************************************************
Desktop.ini Contents:
****************************************************************************
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
<IDone>{D916A2A0-E313-4B49-AF2D-9B9D63FAF647}</IDone>
<IDtwo>AD</IDtwo>
<VERSION>200</VERSION>
****************************************************************************
Classid's found from regsearch:
****************************************************************************

Publicité

jujumo

Acrobaze a écrit :

voici le nouvel hijackthis:

Logfile of HijackThis v1.99.0
Scan saved at 14:49:04, on 01/29/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender8\vsserv.exe
C:\WINNT\System32\wsxsvc\wsxsvc.exe
C:\WINNT\System32\vmss\vmss.exe
C:\WINNT\System32\rvorwr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\PowerPanel\Program\PcfMgr.exe
C:\WINNT\explorer.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\WINNT\System32\wuauclt.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HijackThis.exe

O1 - Hosts: ---------- C:\WINNT\SYSTEM32\DRIVERS\ETC\HOSTS
O4 - HKLM\..\Run: [ntechin] C:\WINNT\system32\n20050308.exe
O4 - HKLM\..\Run: [Dvx] C:\WINNT\System32\wsxsvc\wsxsvc.exe
O4 - HKLM\..\Run: [vmss] C:\WINNT\System32\vmss\vmss.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: PowerPanel.lnk = C:\Program Files\PowerPanel\Program\PcfMgr.exe
O4 - Global Startup: Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Broken Internet access because of LSP provider 'c:\winnt\system32\aklsp.dll' missing
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ [...] loader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O23 - Service: BitDefender Scan Server - Unknown - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique - Unknown - C:\WINNT\System32\dmadmin.exe
O23 - Service: EPSON Printer Status Agent2 - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Journal des événements - Unknown - C:\WINNT\system32\services.exe
O23 - Service: Fax - Unknown - C:\WINNT\system32\fxssvc.exe
O23 - Service: Service COM de gravage de CD IMAPI - Unknown - C:\WINNT\System32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting - Unknown - C:\WINNT\System32\mnmsrvc.exe
O23 - Service: DDE réseau - Unknown - C:\WINNT\system32\netdde.exe
O23 - Service: DSDM DDE réseau - Unknown - C:\WINNT\system32\netdde.exe
O23 - Service: Plug-and-Play - Unknown - C:\WINNT\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance - Unknown - C:\WINNT\system32\sessmgr.exe
O23 - Service: Prise en charge des cartes à puces - Unknown - C:\WINNT\System32\SCardSvr.exe
O23 - Service: Carte à puce - Unknown - C:\WINNT\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance - Unknown - C:\WINNT\system32\smlogsvc.exe
O23 - Service: Telnet - Unknown - C:\WINNT\System32\tlntsvr.exe
O23 - Service: Gestionnaire d'utilitaires - Unknown - C:\WINNT\System32\UtilMan.exe
O23 - Service: Cliché instantané de volume - Unknown - C:\WINNT\System32\vssvc.exe
O23 - Service: BitDefender Virus Shield - Unknown - C:\Program Files\Softwin\BitDefender8\vsserv.exe
O23 - Service: Carte de performance WMI - Unknown - C:\WINNT\System32\wbem\wmiapsrv.exe
O23 - Service: BitDefender Communicator - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

acrobaze

Kazaa est installé sur cet ordi, non?

jujumo

en fait j'avais installé kazaa mais je l'ai supprimé quand j'ai commencé a avoir des virus mais peut être qu'il reste quelques des programmes de kazaa. Par contre j'ai emule. Est ce que ca peut venir de la?

acrobaze

C'est parce qu'il y a des fichiers de Delfin, qui est souvent en rapport avec Kazaa.

Si tu veux les supprimer :

Vois si Delfin est ds la liste ajout/suppression de programmes. Sinon:
1) coche et fixe:
O4 - HKLM\..\Run: [ntechin] C:\WINNT\system32\n20050308.exe <- celui-ci à supprimer de tts façons.
O4 - HKLM\..\Run: [Dvx] C:\WINNT\System32\wsxsvc\wsxsvc.exe
O4 - HKLM\..\Run: [vmss] C:\WINNT\System32\vmss\vmss.exe
2) Supprime les fichiers en mode ss échec.

Celui-ci est plus embêtant car pas de lancement de la bdr:
C:\WINNT\System32\rvorwr.exe

jujumo

Acrobaze a écrit :

Merci pour tous tes conseils
J'ai coché et fixé ce que tu m'as dit.
Par contre je ne trouve pas les fichiers que tu me dis d'effacer. Ils ne sont pas dans system32 je ne comprend pas? :??:

jujumo

voici mon nouvel hijackthis

Logfile of HijackThis v1.99.0
Scan saved at 23:49:20, on 01/31/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\PowerPanel\Program\PcfMgr.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender8\vsserv.exe
C:\WINNT\System32\wuauclt.exe
C:\WINNT\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: PowerPanel.lnk = C:\Program Files\PowerPanel\Program\PcfMgr.exe
O4 - Global Startup: Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Broken Internet access because of LSP provider 'c:\winnt\system32\aklsp.dll' missing
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ [...] loader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O23 - Service: BitDefender Scan Server - Unknown - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique - Unknown - C:\WINNT\System32\dmadmin.exe
O23 - Service: EPSON Printer Status Agent2 - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Journal des événements - Unknown - C:\WINNT\system32\services.exe
O23 - Service: Fax - Unknown - C:\WINNT\system32\fxssvc.exe
O23 - Service: Service COM de gravage de CD IMAPI - Unknown - C:\WINNT\System32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting - Unknown - C:\WINNT\System32\mnmsrvc.exe
O23 - Service: DDE réseau - Unknown - C:\WINNT\system32\netdde.exe
O23 - Service: DSDM DDE réseau - Unknown - C:\WINNT\system32\netdde.exe
O23 - Service: Plug-and-Play - Unknown - C:\WINNT\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance - Unknown - C:\WINNT\system32\sessmgr.exe
O23 - Service: Prise en charge des cartes à puces - Unknown - C:\WINNT\System32\SCardSvr.exe
O23 - Service: Carte à puce - Unknown - C:\WINNT\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance - Unknown - C:\WINNT\system32\smlogsvc.exe
O23 - Service: Telnet - Unknown - C:\WINNT\System32\tlntsvr.exe
O23 - Service: Gestionnaire d'utilitaires - Unknown - C:\WINNT\System32\UtilMan.exe
O23 - Service: Cliché instantané de volume - Unknown - C:\WINNT\System32\vssvc.exe
O23 - Service: BitDefender Virus Shield - Unknown - C:\Program Files\Softwin\BitDefender8\vsserv.exe
O23 - Service: Carte de performance WMI - Unknown - C:\WINNT\System32\wbem\wmiapsrv.exe
O23 - Service: BitDefender Communicator - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

qu'en penses tu?

acrobaze

Ok. Une dernière chose :

Télécharge LspFix sur:
CE SITE

-Lance-le
-Coche "I know what I'm doing"
-Sans rien faire d'autre, clique "Finish".

Tu me diras si dans le panneau de droite, il y avait : aklsp.dll

jujumo

Acrobaze a écrit :

il n'y a rien a droite
mais a gauche il y a :
nwprovau.dll
mswsock.dll
winrnr.dll
rsvpsp.dll

acrobaze

Ok, alors lance HJT, et vérifie simplement si cette ligne est toujours présente :
(il faut un redémarrage, après LspFix)

O10 - Broken Internet access because of LSP provider 'c:\winnt\system32\aklsp.dll' missing

jujumo

Acrobaze a écrit :

Non la ligne n'est plus présente!!!
Merci beaucoup pour ton aide!!!

acrobaze

Ok! Ca doit être clean!

JLMONT

BJR A TOUT LE MONDE
JE CROIS UE J'ai récolté elite tool bar ainsi que surchmiracle et pleins d'écran de pub je connais pas grand chose si ce n'est ce que j'ai lu ici j'ai chargé hijackthis et voici le résultatLogfile of HijackThis v1.99.0
Scan saved at 20:50:52, on 03/02/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\swwhost.exe
C:\WINDOWS\System32\SVPHOST.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\msvc32.exe
c:\windows\system32\drivers\etc\svwhost32.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\mcafeshield.exe
C:\Documents and Settings\Jean-Loup montagne\Local Settings\Temp\Répertoire temporaire 2 pour hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.free.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [WinAmpAgent] C:\WINDOWS\svchst.exe /i
O4 - HKLM\..\Run: [Mcafee Auto Protect] mcafeshield.exe
O4 - HKLM\..\Run: [Microsoft Windows Update] swwhost.exe
O4 - HKLM\..\Run: [Windows TM] SVPHOST.exe
O4 - HKLM\..\Run: [Spool] C:\WINDOWS\system32\msvc32.exe
O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvjzt32.exe
O4 - HKLM\..\RunServices: [Mcafee Auto Protect] mcafeshield.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Update] swwhost.exe
O4 - HKLM\..\RunServices: [Windows TM] SVPHOST.exe
O4 - HKLM\..\RunOnce: [Microsoft Windows Update] swwhost.exe
O4 - HKLM\..\RunOnce: [Windows TM] SVPHOST.exe
O4 - HKLM\..\RunOnce: [AAW] "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"
O4 - HKCU\..\Run: [Microsoft Windows Update] swwhost.exe
O4 - HKCU\..\Run: [Windows TM] SVPHOST.exe
O4 - HKCU\..\Run: [Mcafee Auto Protect] mcafeshield.exe
O4 - HKCU\..\RunOnce: [Microsoft Windows Update] swwhost.exe
O4 - HKCU\..\RunOnce: [Windows TM] SVPHOST.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O14 - IERESET.INF: MS_START_PAGE_URL=http://www.microsoft.co
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique - Unknown - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Service COM de gravage de CD IMAPI - Unknown - C:\WINDOWS\System32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting - Unknown - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Service Norton AntiVirus Auto-Protect - Unknown - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: DDE réseau - Unknown - C:\WINDOWS\system32\netdde.exe
O23 - Service: DSDM DDE réseau - Unknown - C:\WINDOWS\system32\netdde.exe
O23 - Service: Plug-and-Play - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance - Unknown - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Prise en charge des cartes à puces - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Carte à puce - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance - Unknown - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume - Unknown - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Windows 32-bit PnP Driver - Unknown - C:\WINDOWS\System32\winpnp32.exe (file missing)
O23 - Service: Carte de performance WMI - Unknown - C:\WINDOWS\System32\wbem\wmiapsrv.exe

merci a tout le monde de votre réponse urgente

JLMONT

re bonsoir je repasse un autre log car le 1er n'était pas complet
merci a tout le monde de me répondre au plus vite

Logfile of HijackThis v1.99.0
Scan saved at 18:17:27, on 04/02/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\swwhost.exe
C:\WINDOWS\System32\SVPHOST.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\System32\mcafeshield.exe
C:\WINDOWS\system32\msvc32.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\windows\system32\drivers\etc\svwhost32.exe
C:\Documents and Settings\Jean-Loup montagne\Local Settings\Temp\Répertoire temporaire 2 pour hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmiracle.com/sp.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchmiracle.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.free.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar.dll
O2 - BHO: &EliteSideBar - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - C:\WINDOWS\EliteSideBar\EliteSideBar 08.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar.dll
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [WinAmpAgent] C:\WINDOWS\svchst.exe /i
O4 - HKLM\..\Run: [Mcafee Auto Protect] mcafeshield.exe
O4 - HKLM\..\Run: [Microsoft Windows Update] swwhost.exe
O4 - HKLM\..\Run: [Windows TM] SVPHOST.exe
O4 - HKLM\..\Run: [Spool] C:\WINDOWS\system32\msvc32.exe
O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvjzt32.exe
O4 - HKLM\..\RunServices: [Mcafee Auto Protect] mcafeshield.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Update] swwhost.exe
O4 - HKLM\..\RunServices: [Windows TM] SVPHOST.exe
O4 - HKLM\..\RunOnce: [Microsoft Windows Update] swwhost.exe
O4 - HKLM\..\RunOnce: [Windows TM] SVPHOST.exe
O4 - HKCU\..\Run: [Microsoft Windows Update] swwhost.exe
O4 - HKCU\..\Run: [Windows TM] SVPHOST.exe
O4 - HKCU\..\Run: [Mcafee Auto Protect] mcafeshield.exe
O4 - HKCU\..\RunOnce: [Microsoft Windows Update] swwhost.exe
O4 - HKCU\..\RunOnce: [Windows TM] SVPHOST.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O14 - IERESET.INF: MS_START_PAGE_URL=http://www.microsoft.co
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique - Unknown - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Service COM de gravage de CD IMAPI - Unknown - C:\WINDOWS\System32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting - Unknown - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Service Norton AntiVirus Auto-Protect - Unknown - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: DDE réseau - Unknown - C:\WINDOWS\system32\netdde.exe
O23 - Service: DSDM DDE réseau - Unknown - C:\WINDOWS\system32\netdde.exe
O23 - Service: Plug-and-Play - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance - Unknown - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Prise en charge des cartes à puces - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Carte à puce - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance - Unknown - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume - Unknown - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Windows 32-bit PnP Driver - Unknown - C:\WINDOWS\System32\winpnp32.exe (file missing)
O23 - Service: Carte de performance WMI - Unknown - C:\WINDOWS\System32\wbem\wmiapsrv.exe

acrobaze

Impressionnant...le prochain log sera maigre..

-------

Télécharge CoolWebSchredder (Alone) sur:
http://www.intermute.com/spysubtra [...] nload.html
Updater et laisser en attente sur ton bureau.

Munis-toi de la dernière version d'AdAware SE sur:
http://lavasoft.element5.com/french/support/download/
Télécharge aussi le "Language pack" pour le franciser.
télécharger->installer, mettre à jour.

--------

Redémarre en mode sans échec.

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmiracle.com/sp.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchmiracle.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar.dll
O2 - BHO: &EliteSideBar - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - C:\WINDOWS\EliteSideBar\EliteSideBar 08.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar.dll

O4 - HKLM\..\Run: [WinAmpAgent] C:\WINDOWS\svchst.exe /i
O4 - HKLM\..\Run: [Mcafee Auto Protect] mcafeshield.exe
O4 - HKLM\..\Run: [Microsoft Windows Update] swwhost.exe
O4 - HKLM\..\Run: [Windows TM] SVPHOST.exe
O4 - HKLM\..\Run: [Spool] C:\WINDOWS\system32\msvc32.exe
O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvjzt32.exe
O4 - HKLM\..\RunServices: [Mcafee Auto Protect] mcafeshield.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Update] swwhost.exe
O4 - HKLM\..\RunServices: [Windows TM] SVPHOST.exe
O4 - HKLM\..\RunOnce: [Microsoft Windows Update] swwhost.exe
O4 - HKLM\..\RunOnce: [Windows TM] SVPHOST.exe
O4 - HKCU\..\Run: [Microsoft Windows Update] swwhost.exe
O4 - HKCU\..\Run: [Windows TM] SVPHOST.exe
O4 - HKCU\..\Run: [Mcafee Auto Protect] mcafeshield.exe
O4 - HKCU\..\RunOnce: [Microsoft Windows Update] swwhost.exe
O4 - HKCU\..\RunOnce: [Windows TM] SVPHOST.exe

O23 - Service: Service Norton AntiVirus Auto-Protect - Unknown - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing
O23 - Service: Windows 32-bit PnP Driver - Unknown - C:\WINDOWS\System32\winpnp32.exe (file missing)

Lance HijackThis. Coche ces lignes et clique "Fix checked".

----------

Assure-toi que tu as accès aux fichiers cachés.
(explorateur windows->outils->options des dossiers->affichage
""Afficher les fichiers cachés"->coché
"Masquer les extensions.."->décoché)

Et supprime les fichiers surlignés.

Vide la corbeille.

Toujours en sans échec:
-Lance CoolWebSchredder (Fix->next
-Lance une analyse complète Ad-Aware SE. Sélectionne et supprime tout ce qu'il trouvera.

Redémarre en mode normal et poste un nouveau log.

Message édité par acrobaze le 04-02-2005 à 20:48:10

JLMONT

BJR ET MERCI DE VOTRE REPONSE
J'AI FAIT LES OPERATIONS QUE VOUS AVEZ DEMANDEES MAIS SUIS PAS SUR DE TOUT JE REPOSTE UN LOG
ENCORE UN GRAND MERCI DE VOTRE NOUVELLE REPONSE
Logfile of HijackThis v1.99.0
Scan saved at 10:06:48, on 05/02/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Windows AdStatus\WinStat.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\System32\gah95on6.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Windows AdStatus\WinStatKeep.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Documents and Settings\Jean-Loup montagne\Local Settings\Temp\Répertoire temporaire 3 pour hijackthis.zip\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.free.fr/
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows AdStatus] C:\Program Files\Windows AdStatus\WinStat.exe
O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\System32\gah95on6.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O14 - IERESET.INF: MS_START_PAGE_URL=http://www.microsoft.co
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique - Unknown - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Service COM de gravage de CD IMAPI - Unknown - C:\WINDOWS\System32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting - Unknown - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: DDE réseau - Unknown - C:\WINDOWS\system32\netdde.exe
O23 - Service: DSDM DDE réseau - Unknown - C:\WINDOWS\system32\netdde.exe
O23 - Service: Plug-and-Play - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance - Unknown - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Prise en charge des cartes à puces - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Carte à puce - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance - Unknown - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume - Unknown - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI - Unknown - C:\WINDOWS\System32\wbem\wmiapsrv.exe

JLMONT

j'ai un autre pb car il y a plusieurs sessions sur le pc et sur chaque session le meme probleme revient donc sur cette session voici le log
ca devient dur dur merci de votre aide

Logfile of HijackThis v1.99.0
Scan saved at 12:00:28, on 05/02/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Windows AdStatus\WinStat.exe
C:\WINDOWS\System32\gah95on6.exe
C:\Program Files\Windows AdStatus\WinStatKeep.exe
C:\Program Files\DeskAd Service\DeskAdServ.exe
C:\Program Files\DeskAd Service\DeskAdKeep.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Micro Application\MediaDICO\MediaDICO.EXE
C:\Program Files\Micro Application\MediaDICO\Rac.EXE
C:\Documents and Settings\Carole montagne\Local Settings\Temp\Répertoire temporaire 1 pour hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmiracle.com/sp.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchmiracle.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.free.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar.dll
O2 - BHO: &EliteSideBar - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - C:\WINDOWS\EliteSideBar\EliteSideBar 08.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar.dll
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows AdStatus] C:\Program Files\Windows AdStatus\WinStat.exe
O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\System32\gah95on6.exe
O4 - HKLM\..\Run: [Mcafee Auto Protect] mcafeshield.exe
O4 - HKLM\..\Run: [DeskAd Service] C:\Program Files\DeskAd Service\DeskAdServ.exe
O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvutj32.exe
O4 - HKLM\..\RunServices: [Mcafee Auto Protect] mcafeshield.exe
O4 - HKCU\..\Run: [MediaDico] C:\Program Files\Micro Application\MediaDICO\LanceMediaDICO.exe Lancement
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Windows Update] swwhost.exe
O4 - HKCU\..\Run: [Windows TM] SVPHOST.exe
O4 - HKCU\..\Run: [NAV Auto Updates] navupdaters.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] explore.exe
O4 - HKCU\..\Run: [Mcafee Auto Protect] mcafeshield.exe
O4 - Startup: La Solution Ciel 2000.lnk = C:\CIEL\STARTER.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O14 - IERESET.INF: MS_START_PAGE_URL=http://www.microsoft.co
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique - Unknown - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Service COM de gravage de CD IMAPI - Unknown - C:\WINDOWS\System32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting - Unknown - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: DDE réseau - Unknown - C:\WINDOWS\system32\netdde.exe
O23 - Service: DSDM DDE réseau - Unknown - C:\WINDOWS\system32\netdde.exe
O23 - Service: Plug-and-Play - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance - Unknown - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Prise en charge des cartes à puces - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Carte à puce - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance - Unknown - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume - Unknown - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI - Unknown - C:\WINDOWS\System32\wbem\wmiapsrv.exe

JLMONT

JE REVIENS ENCORE CAR SUR MA SESSION TOUT A REAPARU QUE FAIRE SURPRIMER TOUT SUR CHAQUE SESSION OU Y A T IL AUTRE CHOSE A FAIRE VOICI MON LOG

Logfile of HijackThis v1.99.0
Scan saved at 12:23:52, on 05/02/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Windows AdStatus\WinStat.exe
C:\WINDOWS\System32\gah95on6.exe
C:\Program Files\DeskAd Service\DeskAdServ.exe
C:\Program Files\Windows AdStatus\WinStatKeep.exe
C:\Program Files\DeskAd Service\DeskAdKeep.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jean-Loup montagne\Local Settings\Temp\Répertoire temporaire 3 pour hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.free.fr/
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar.dll
O2 - BHO: &EliteSideBar - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - C:\WINDOWS\EliteSideBar\EliteSideBar 08.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar.dll
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows AdStatus] C:\Program Files\Windows AdStatus\WinStat.exe
O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\System32\gah95on6.exe
O4 - HKLM\..\Run: [Mcafee Auto Protect] mcafeshield.exe
O4 - HKLM\..\Run: [DeskAd Service] C:\Program Files\DeskAd Service\DeskAdServ.exe
O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvutj32.exe
O4 - HKLM\..\RunServices: [Mcafee Auto Protect] mcafeshield.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O14 - IERESET.INF: MS_START_PAGE_URL=http://www.microsoft.co
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique - Unknown - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Service COM de gravage de CD IMAPI - Unknown - C:\WINDOWS\System32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting - Unknown - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: DDE réseau - Unknown - C:\WINDOWS\system32\netdde.exe
O23 - Service: DSDM DDE réseau - Unknown - C:\WINDOWS\system32\netdde.exe
O23 - Service: Plug-and-Play - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance - Unknown - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Prise en charge des cartes à puces - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Carte à puce - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance - Unknown - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume - Unknown - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI - Unknown - C:\WINDOWS\System32\wbem\wmiapsrv.exe

acrobaze

On ne peut pas BIEN travailler sur 3 logs à la fois ds le mm topic.

Sur le premier :

Coche et fixe ceci :

O4 - HKLM\..\Run: [Windows AdStatus] C:\Program Files\Windows AdStatus\WinStat.exe
O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\System32\gah95on6.exe

Puis en sans échec, supprime :
C:\Program Files\Windows AdStatus <- le dossier
C:\WINDOWS\System32\gah95on6.exe <- le fichier

Redémarre et poste un nouveau log. Si celui-ci est clean, on passera à la seconde session. Ok?

JLMONT

MERCI DE VOTRE REPONSE MAIS LE LOG ACTUEL DE LA 1ERE SESSION EST CELUI CI :
je pense que tout est revenu à l'origine puisque j'ai de nouveau la toolbar affichee le voici donc :

Logfile of HijackThis v1.99.0
Scan saved at 18:40:02, on 05/02/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Windows AdStatus\WinStat.exe
C:\Program Files\Windows AdStatus\WinStatKeep.exe
C:\WINDOWS\System32\gah95on6.exe
C:\Program Files\DeskAd Service\DeskAdServ.exe
C:\Program Files\DeskAd Service\DeskAdKeep.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jean-Loup montagne\Local Settings\Temp\Répertoire temporaire 3 pour hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.free.fr/
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar.dll
O2 - BHO: &EliteSideBar - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - C:\WINDOWS\EliteSideBar\EliteSideBar 08.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar.dll
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows AdStatus] C:\Program Files\Windows AdStatus\WinStat.exe
O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\System32\gah95on6.exe
O4 - HKLM\..\Run: [Mcafee Auto Protect] mcafeshield.exe
O4 - HKLM\..\Run: [DeskAd Service] C:\Program Files\DeskAd Service\DeskAdServ.exe
O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvutj32.exe
O4 - HKLM\..\RunServices: [Mcafee Auto Protect] mcafeshield.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O14 - IERESET.INF: MS_START_PAGE_URL=http://www.microsoft.co
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique - Unknown - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Service COM de gravage de CD IMAPI - Unknown - C:\WINDOWS\System32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting - Unknown - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: DDE réseau - Unknown - C:\WINDOWS\system32\netdde.exe
O23 - Service: DSDM DDE réseau - Unknown - C:\WINDOWS\system32\netdde.exe
O23 - Service: Plug-and-Play - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance - Unknown - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Prise en charge des cartes à puces - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Carte à puce - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance - Unknown - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume - Unknown - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI - Unknown - C:\WINDOWS\System32\wbem\wmiapsrv.exe

Merci encore et desole de vous embeter

acrobaze

O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar.dll
O2 - BHO: &EliteSideBar - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - C:\WINDOWS\EliteSideBar\EliteSideBar 08.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar.dll

O4 - HKLM\..\Run: [Windows AdStatus] C:\Program Files\Windows AdStatus\WinStat.exe
O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\System32\gah95on6.exe
O4 - HKLM\..\Run: [Mcafee Auto Protect] mcafeshield.exe
O4 - HKLM\..\Run: [DeskAd Service] C:\Program Files\DeskAd Service\DeskAdServ.exe
O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvutj32.exe
O4 - HKLM\..\RunServices: [Mcafee Auto Protect] mcafeshield.exe

Coche et fixe ceci.

Supprime:
C:\WINDOWS\EliteToolBar <-dossier
C:\Program Files\Windows AdStatus<-dossier
C:\WINDOWS\System32\gah95on6.exe
mcafeshield.exe
C:\Program Files\DeskAd Service\<-dossier
C:\windows\system32\kalvutj32.exe

et vérifie qu'ils n'apparaissent pas ss une autre session -> sinon fixe et supprime pareil.

JLMONT

j'ai suivi tes instructions mais je n'ai pas encore verifie sur les autres sessions en attendant voici le log . Je vérifie les autres sessions et je te tiens informé du résultat et merci :

Logfile of HijackThis v1.99.0
Scan saved at 19:38:21, on 05/02/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Documents and Settings\Jean-Loup montagne\Local Settings\Temp\Répertoire temporaire 3 pour hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.free.fr/
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O14 - IERESET.INF: MS_START_PAGE_URL=http://www.microsoft.co
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique - Unknown - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Service COM de gravage de CD IMAPI - Unknown - C:\WINDOWS\System32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting - Unknown - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: DDE réseau - Unknown - C:\WINDOWS\system32\netdde.exe
O23 - Service: DSDM DDE réseau - Unknown - C:\WINDOWS\system32\netdde.exe
O23 - Service: Plug-and-Play - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance - Unknown - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Prise en charge des cartes à puces - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Carte à puce - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance - Unknown - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume - Unknown - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI - Unknown - C:\WINDOWS\System32\wbem\wmiapsrv.exe

acrobaze

Là, c'est bon.

JLMONT

je viens de verifier les autres sessions : apparement tout est clean

merci beaucoup et au plaisir
c'est super de trouver des gens compétents

JLMONT

Bonjour
je vais reposter un nouveau log car j'ai l'impression qu'il y a un truc bizzare : dans les favoris un dossier s'est creé appelé Link avec des sites pornos : j l'ai vidé mais le dossier s'ouvre toujours
est il possisble de le supprimer
merci

Logfile of HijackThis v1.99.0
Scan saved at 14:12:22, on 06/02/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\eDonkey2000\edonkey2000.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jean-Loup montagne\Local Settings\Temp\Répertoire temporaire 4 pour hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.free.fr/
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O14 - IERESET.INF: MS_START_PAGE_URL=http://www.microsoft.co
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique - Unknown - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Service COM de gravage de CD IMAPI - Unknown - C:\WINDOWS\System32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting - Unknown - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: DDE réseau - Unknown - C:\WINDOWS\system32\netdde.exe
O23 - Service: DSDM DDE réseau - Unknown - C:\WINDOWS\system32\netdde.exe
O23 - Service: Plug-and-Play - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance - Unknown - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Prise en charge des cartes à puces - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Carte à puce - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance - Unknown - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume - Unknown - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI - Unknown - C:\WINDOWS\System32\wbem\wmiapsrv.exe

JLMONT

BONSOIR
EST CE QUE ACROBAZE EST LA ? J A POSTE UN LOG ET JE N AI PAS EU DE REPONSE
MERCI D ESSAYER DE M AIDER

acrobaze

Il n'y a rien de visible sur le log HJT.

Donc il faut chercher...

Commence par ceci :

Télécharge :
http://www.downloads.subratam.org/VX2Finder.exe

-Clique "Click to find...."
-Clique "Make log"
-Copie/colle ce log.

JLMONT

merci de ta reponse je vais suivre ton conseil
a+

JLMONT

ca y est voici le log :

Log for VX2.BetterInternet File Finder (ALL)

Files Found---

Additional Files---

Keys Under Notify---
crypt32chain
cryptnet
cscdll
ScCertProp
Schedule
sclgntfy
SensLogn
termsrv
wlballoon

Guardian Key--- is called:

Guardian Key--- :

User Agent String---
iebar

JLMONT

Bonjour
j'ai posté le log y a t il quelque chose de suspect ?

merci

d'autre part sur mon pc du boulot j'ai norton antivirus et au demarrage il est toujours désactivé et je n'arrive pas a savoir quel logiciel le désactive comment puis je le savoir merci

JLMONT

bonsoir Acrobaze n'est plus ici car j'attendais son avis

merci

acrobaze

Salut,

Non, il n'y a pas de vx2. Donc, je ne sais pas. Faire le grand nettoyage : Ad-Aware SE, SpyBot...etc..

Publicité

Page : 1 2 3 4

Page Suivante

Page Précédente

Haut de page

FORUM HardWare.fr

Windows & Software

Sécurité

Elite toolbar-hijackthis

Sujets relatifs
CoolWeebSearch (trojan)Toolbar [résolu]	prob avec HijackThis v1.98.2
SPYWARE TOOLBAR ISTSVC.EXE !!	impossible d'installer msn plus apres hijackthis
ibis toolbar un enfer de l'aide please !!!!!!!	[help] google toolbar (lol)
rapport HijackThis Merci	je fais quoi de ce rapport hijackthis
Analyse d'un log Hijackthis	Hijackthis: quoi supprimer?
Plus de sujets relatifs à : Elite toolbar-hijackthis

Page générée en 0.165 secondes