Pop up!
Résolu/Fermé
jacko
-
1 août 2005 à 12:07
balltrap34 Messages postés 16240 Date d'inscription jeudi 8 janvier 2004 Statut Contributeur sécurité Dernière intervention 28 novembre 2009 - 7 août 2005 à 17:01
balltrap34 Messages postés 16240 Date d'inscription jeudi 8 janvier 2004 Statut Contributeur sécurité Dernière intervention 28 novembre 2009 - 7 août 2005 à 17:01
A voir également:
- Pop up!
- Sketch up - Télécharger - 3D
- Serveur pop - Guide
- Pop up blocker - Télécharger - Outils pour navigateurs
- Quizz up - Télécharger - Jeux vidéo
- Pop up firefox - Guide
32 réponses
slt
Telecharge: Pocket Killbox ici
http://www.downloads.subratam.org/KillBox.exe
Double clic sur killbox.exe (Pocket Killbox)
- coche: delete on reboot
- Dans "Full Path of File to Delete"
copie et colle:
D:\WINDOWS\system32\mautb.dll
- clic sur la croix rouge
- une fenetre va apparaitre pour confirmation clic sur YES
- une seconde fenetre te demande si tu veux redemarrer clic sur YES
Laisse le pc redemarrer
et après reposte un log hijackthis.
A+
Telecharge: Pocket Killbox ici
http://www.downloads.subratam.org/KillBox.exe
Double clic sur killbox.exe (Pocket Killbox)
- coche: delete on reboot
- Dans "Full Path of File to Delete"
copie et colle:
D:\WINDOWS\system32\mautb.dll
- clic sur la croix rouge
- une fenetre va apparaitre pour confirmation clic sur YES
- une seconde fenetre te demande si tu veux redemarrer clic sur YES
Laisse le pc redemarrer
et après reposte un log hijackthis.
A+
je dois vraiment etre nul... lol
quand je valide pr redemarrer il me met un msg derreur:
pending file rename operations registry data has been removed by external process
ca redemarre pas et il est tj dan le log.
remyremy@hotmail.com (si tu as msn c plu facile^^)
quand je valide pr redemarrer il me met un msg derreur:
pending file rename operations registry data has been removed by external process
ca redemarre pas et il est tj dan le log.
remyremy@hotmail.com (si tu as msn c plu facile^^)
balltrap34
Messages postés
16240
Date d'inscription
jeudi 8 janvier 2004
Statut
Contributeur sécurité
Dernière intervention
28 novembre 2009
329
7 août 2005 à 16:25
7 août 2005 à 16:25
tu as redemarrer manuellement
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
balltrap34
Messages postés
16240
Date d'inscription
jeudi 8 janvier 2004
Statut
Contributeur sécurité
Dernière intervention
28 novembre 2009
329
7 août 2005 à 16:35
7 août 2005 à 16:35
peuteter une vx2
fait ceci
telecharge ceci
http://www.downloads.subratam.org/l2mfix.exe
decompresse le double clik sur l2mfix.bat appuie sur n importe quelle touche et ensuite choisi l option 2
met le rapport et aussi essaie de suppr a nouveau la dll si elle est toujours dans hijack
fait ceci
telecharge ceci
http://www.downloads.subratam.org/l2mfix.exe
decompresse le double clik sur l2mfix.bat appuie sur n importe quelle touche et ensuite choisi l option 2
met le rapport et aussi essaie de suppr a nouveau la dll si elle est toujours dans hijack
c bon ca a marcher!
Logfile of HijackThis v1.99.1
Scan saved at 16:45:05, on 07/08/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\MessengerPlus! 3\MsgPlus.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\a2\a2guard.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\WINDOWS\explorer.exe
D:\Documents and Settings\J@v0\Mes documents\Ma musique\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KAV Blacklist Killer] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\KAV Blacklist Killer.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "D:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [a-squared] "D:\Program Files\a2\a2guard.exe"
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - D:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://D:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://D:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://D:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1116074835816
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: kavsvc - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
pour l'instant jai plus de pub et il nest plus ds le rapport!
je remettrais un message ici pour confirmer si jai plus de pub! ;-)
merci merci beaucoup A TOUS c'est super sympa d'aider les debutants comme moi! merci encore!
Logfile of HijackThis v1.99.1
Scan saved at 16:45:05, on 07/08/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\MessengerPlus! 3\MsgPlus.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\a2\a2guard.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\WINDOWS\explorer.exe
D:\Documents and Settings\J@v0\Mes documents\Ma musique\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KAV Blacklist Killer] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\KAV Blacklist Killer.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "D:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [a-squared] "D:\Program Files\a2\a2guard.exe"
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - D:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://D:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://D:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://D:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1116074835816
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: kavsvc - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
pour l'instant jai plus de pub et il nest plus ds le rapport!
je remettrais un message ici pour confirmer si jai plus de pub! ;-)
merci merci beaucoup A TOUS c'est super sympa d'aider les debutants comme moi! merci encore!
balltrap34
Messages postés
16240
Date d'inscription
jeudi 8 janvier 2004
Statut
Contributeur sécurité
Dernière intervention
28 novembre 2009
329
7 août 2005 à 16:49
7 août 2005 à 16:49
l2mfix a du te faire un rapport j aurais bien aimer le voir
pour etude lol
pour etude lol
accroche toi c long ;)
L2Mfix 1.03a
Running From:
D:\Documents and Settings\J@v0\Mes documents\Ma musique\l2mfix
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access AUTORITE NT\SYSTEM
(IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Utilisateurs
(ID-IO) ALLOW Read BUILTIN\Utilisateurs
(ID-NI) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-IO) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-NI) ALLOW Full access BUILTIN\Administrateurs
(ID-IO) ALLOW Full access BUILTIN\Administrateurs
(ID-NI) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE
Setting registry permissions:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Denying C(CI) access for predefined group "Administrators"
- adding new ACCESS DENY entry
Registry Permissions set too:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(CI) DENY --C------- BUILTIN\Administrateurs
(NI) ALLOW Full access AUTORITE NT\SYSTEM
(IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Utilisateurs
(ID-IO) ALLOW Read BUILTIN\Utilisateurs
(ID-NI) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-IO) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-NI) ALLOW Full access BUILTIN\Administrateurs
(ID-IO) ALLOW Full access BUILTIN\Administrateurs
(ID-NI) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE
Setting up for Reboot
Starting Reboot!
D:\Documents and Settings\J@v0\Mes documents\Ma musique\l2mfix
System Rebooted!
Running From:
D:\Documents and Settings\J@v0\Mes documents\Ma musique\l2mfix
killing explorer and rundll32.exe
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1736 'explorer.exe'
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1844 'rundll32.exe'
Scanning First Pass. Please Wait!
First Pass Completed
Second Pass Scanning
Second pass Completed!
Backing Up: D:\WINDOWS\system32\cagmgr32.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\cagmgr32.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\cqrtcli.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\cqrtcli.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\cxmres.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\cxmres.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\dcvxdec_0407.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\dcvxdec_0407.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\ddvoice.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\ddvoice.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\marapi.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\marapi.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\mautb.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\mautb.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\mgc40u.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\mgc40u.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\mpsystem.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\mpsystem.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\muimsg.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\muimsg.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\mxaudite.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\mxaudite.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\ovmanage.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\ovmanage.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\sacur32.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\sacur32.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\wips.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\wips.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\wqhbth.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\wqhbth.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\xwsp1res.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\xwsp1res.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\guard.tmp
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\guard.tmp
1 fichier(s) copi‚(s).
deleting: D:\WINDOWS\system32\cagmgr32.dll
Successfully Deleted: D:\WINDOWS\system32\cagmgr32.dll
deleting: D:\WINDOWS\system32\cagmgr32.dll
Successfully Deleted: D:\WINDOWS\system32\cagmgr32.dll
deleting: D:\WINDOWS\system32\cqrtcli.dll
Successfully Deleted: D:\WINDOWS\system32\cqrtcli.dll
deleting: D:\WINDOWS\system32\cqrtcli.dll
Successfully Deleted: D:\WINDOWS\system32\cqrtcli.dll
deleting: D:\WINDOWS\system32\cxmres.dll
Successfully Deleted: D:\WINDOWS\system32\cxmres.dll
deleting: D:\WINDOWS\system32\cxmres.dll
Successfully Deleted: D:\WINDOWS\system32\cxmres.dll
deleting: D:\WINDOWS\system32\dcvxdec_0407.dll
Successfully Deleted: D:\WINDOWS\system32\dcvxdec_0407.dll
deleting: D:\WINDOWS\system32\dcvxdec_0407.dll
Successfully Deleted: D:\WINDOWS\system32\dcvxdec_0407.dll
deleting: D:\WINDOWS\system32\ddvoice.dll
Successfully Deleted: D:\WINDOWS\system32\ddvoice.dll
deleting: D:\WINDOWS\system32\ddvoice.dll
Successfully Deleted: D:\WINDOWS\system32\ddvoice.dll
deleting: D:\WINDOWS\system32\marapi.dll
Successfully Deleted: D:\WINDOWS\system32\marapi.dll
deleting: D:\WINDOWS\system32\marapi.dll
Successfully Deleted: D:\WINDOWS\system32\marapi.dll
deleting: D:\WINDOWS\system32\mautb.dll
Successfully Deleted: D:\WINDOWS\system32\mautb.dll
deleting: D:\WINDOWS\system32\mautb.dll
Successfully Deleted: D:\WINDOWS\system32\mautb.dll
deleting: D:\WINDOWS\system32\mgc40u.dll
Successfully Deleted: D:\WINDOWS\system32\mgc40u.dll
deleting: D:\WINDOWS\system32\mgc40u.dll
Successfully Deleted: D:\WINDOWS\system32\mgc40u.dll
deleting: D:\WINDOWS\system32\mpsystem.dll
Successfully Deleted: D:\WINDOWS\system32\mpsystem.dll
deleting: D:\WINDOWS\system32\mpsystem.dll
Successfully Deleted: D:\WINDOWS\system32\mpsystem.dll
deleting: D:\WINDOWS\system32\muimsg.dll
Successfully Deleted: D:\WINDOWS\system32\muimsg.dll
deleting: D:\WINDOWS\system32\muimsg.dll
Successfully Deleted: D:\WINDOWS\system32\muimsg.dll
deleting: D:\WINDOWS\system32\mxaudite.dll
Successfully Deleted: D:\WINDOWS\system32\mxaudite.dll
deleting: D:\WINDOWS\system32\mxaudite.dll
Successfully Deleted: D:\WINDOWS\system32\mxaudite.dll
deleting: D:\WINDOWS\system32\ovmanage.dll
Successfully Deleted: D:\WINDOWS\system32\ovmanage.dll
deleting: D:\WINDOWS\system32\ovmanage.dll
Successfully Deleted: D:\WINDOWS\system32\ovmanage.dll
deleting: D:\WINDOWS\system32\sacur32.dll
Successfully Deleted: D:\WINDOWS\system32\sacur32.dll
deleting: D:\WINDOWS\system32\sacur32.dll
Successfully Deleted: D:\WINDOWS\system32\sacur32.dll
deleting: D:\WINDOWS\system32\wips.dll
Successfully Deleted: D:\WINDOWS\system32\wips.dll
deleting: D:\WINDOWS\system32\wips.dll
Successfully Deleted: D:\WINDOWS\system32\wips.dll
deleting: D:\WINDOWS\system32\wqhbth.dll
Successfully Deleted: D:\WINDOWS\system32\wqhbth.dll
deleting: D:\WINDOWS\system32\wqhbth.dll
Successfully Deleted: D:\WINDOWS\system32\wqhbth.dll
deleting: D:\WINDOWS\system32\xwsp1res.dll
Successfully Deleted: D:\WINDOWS\system32\xwsp1res.dll
deleting: D:\WINDOWS\system32\xwsp1res.dll
Successfully Deleted: D:\WINDOWS\system32\xwsp1res.dll
deleting: D:\WINDOWS\system32\guard.tmp
Successfully Deleted: D:\WINDOWS\system32\guard.tmp
deleting: D:\WINDOWS\system32\guard.tmp
Successfully Deleted: D:\WINDOWS\system32\guard.tmp
Zipping up files for submission:
adding: cagmgr32.dll (164 bytes security) (deflated 48%)
adding: cqrtcli.dll (164 bytes security) (deflated 48%)
adding: cxmres.dll (164 bytes security) (deflated 48%)
adding: dcvxdec_0407.dll (164 bytes security) (deflated 48%)
adding: ddvoice.dll (164 bytes security) (deflated 48%)
adding: marapi.dll (164 bytes security) (deflated 48%)
adding: mautb.dll (164 bytes security) (deflated 48%)
adding: mgc40u.dll (164 bytes security) (deflated 48%)
adding: mpsystem.dll (164 bytes security) (deflated 48%)
adding: muimsg.dll (164 bytes security) (deflated 48%)
adding: mxaudite.dll (164 bytes security) (deflated 48%)
adding: ovmanage.dll (164 bytes security) (deflated 48%)
adding: sacur32.dll (164 bytes security) (deflated 48%)
adding: wips.dll (164 bytes security) (deflated 48%)
adding: wqhbth.dll (164 bytes security) (deflated 48%)
adding: xwsp1res.dll (164 bytes security) (deflated 48%)
adding: guard.tmp (164 bytes security) (deflated 48%)
adding: clear.reg (164 bytes security) (deflated 55%)
adding: echo.reg (164 bytes security) (deflated 14%)
adding: direct.txt (164 bytes security) (deflated 6%)
adding: lo2.txt (164 bytes security) (deflated 87%)
adding: readme.txt (164 bytes security) (deflated 49%)
adding: test.txt (164 bytes security) (deflated 88%)
adding: test2.txt (164 bytes security) (deflated 36%)
adding: test3.txt (164 bytes security) (deflated 36%)
adding: test5.txt (164 bytes security) (deflated 36%)
adding: xfind.txt (164 bytes security) (deflated 85%)
adding: backregs/09C16CA7-FC50-4894-91E8-75DC0205EE5C.reg (164 bytes security) (deflated 70%)
adding: backregs/104EB31E-03E9-471C-9112-D75C120E477E.reg (164 bytes security) (deflated 70%)
adding: backregs/1D44F68B-17D9-4FBD-B284-8305B76B3FA9.reg (164 bytes security) (deflated 69%)
adding: backregs/4556C666-9FB4-4E25-B087-24806C42222A.reg (164 bytes security) (deflated 70%)
adding: backregs/98A134C1-1E3B-4C1E-8D42-529745594227.reg (164 bytes security) (deflated 70%)
adding: backregs/shell.reg (164 bytes security) (deflated 73%)
Restoring Registry Permissions:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Revoking access for predefined group "Administrators"
Inherited ACE can not be revoked here!
Inherited ACE can not be revoked here!
Registry permissions set too:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access AUTORITE NT\SYSTEM
(IO) ALLOW Full access AUTORITE NT\SYSTEM
(NI) ALLOW Full access AUTORITE NT\SYSTEM
(IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Utilisateurs
(ID-IO) ALLOW Read BUILTIN\Utilisateurs
(ID-NI) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-IO) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-NI) ALLOW Full access BUILTIN\Administrateurs
(ID-IO) ALLOW Full access BUILTIN\Administrateurs
(ID-NI) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administrators ... failed (GetAccountSid(Administrators)=1332
deleting local copy: cagmgr32.dll
deleting local copy: cagmgr32.dll
deleting local copy: cqrtcli.dll
deleting local copy: cqrtcli.dll
deleting local copy: cxmres.dll
deleting local copy: cxmres.dll
deleting local copy: dcvxdec_0407.dll
deleting local copy: dcvxdec_0407.dll
deleting local copy: ddvoice.dll
deleting local copy: ddvoice.dll
deleting local copy: marapi.dll
deleting local copy: marapi.dll
deleting local copy: mautb.dll
deleting local copy: mautb.dll
deleting local copy: mgc40u.dll
deleting local copy: mgc40u.dll
deleting local copy: mpsystem.dll
deleting local copy: mpsystem.dll
deleting local copy: muimsg.dll
deleting local copy: muimsg.dll
deleting local copy: mxaudite.dll
deleting local copy: mxaudite.dll
deleting local copy: ovmanage.dll
deleting local copy: ovmanage.dll
deleting local copy: sacur32.dll
deleting local copy: sacur32.dll
deleting local copy: wips.dll
deleting local copy: wips.dll
deleting local copy: wqhbth.dll
deleting local copy: wqhbth.dll
deleting local copy: xwsp1res.dll
deleting local copy: xwsp1res.dll
deleting local copy: guard.tmp
deleting local copy: guard.tmp
The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
The following are the files found:
****************************************************************************
D:\WINDOWS\system32\cagmgr32.dll
D:\WINDOWS\system32\cagmgr32.dll
D:\WINDOWS\system32\cqrtcli.dll
D:\WINDOWS\system32\cqrtcli.dll
D:\WINDOWS\system32\cxmres.dll
D:\WINDOWS\system32\cxmres.dll
D:\WINDOWS\system32\dcvxdec_0407.dll
D:\WINDOWS\system32\dcvxdec_0407.dll
D:\WINDOWS\system32\ddvoice.dll
D:\WINDOWS\system32\ddvoice.dll
D:\WINDOWS\system32\marapi.dll
D:\WINDOWS\system32\marapi.dll
D:\WINDOWS\system32\mautb.dll
D:\WINDOWS\system32\mautb.dll
D:\WINDOWS\system32\mgc40u.dll
D:\WINDOWS\system32\mgc40u.dll
D:\WINDOWS\system32\mpsystem.dll
D:\WINDOWS\system32\mpsystem.dll
D:\WINDOWS\system32\muimsg.dll
D:\WINDOWS\system32\muimsg.dll
D:\WINDOWS\system32\mxaudite.dll
D:\WINDOWS\system32\mxaudite.dll
D:\WINDOWS\system32\ovmanage.dll
D:\WINDOWS\system32\ovmanage.dll
D:\WINDOWS\system32\sacur32.dll
D:\WINDOWS\system32\sacur32.dll
D:\WINDOWS\system32\wips.dll
D:\WINDOWS\system32\wips.dll
D:\WINDOWS\system32\wqhbth.dll
D:\WINDOWS\system32\wqhbth.dll
D:\WINDOWS\system32\xwsp1res.dll
D:\WINDOWS\system32\xwsp1res.dll
D:\WINDOWS\system32\guard.tmp
D:\WINDOWS\system32\guard.tmp
Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{4556C666-9FB4-4E25-B087-24806C42222A}"=-
"{1D44F68B-17D9-4FBD-B284-8305B76B3FA9}"=-
"{98A134C1-1E3B-4C1E-8D42-529745594227}"=-
"{09C16CA7-FC50-4894-91E8-75DC0205EE5C}"=-
"{104EB31E-03E9-471C-9112-D75C120E477E}"=-
[-HKEY_CLASSES_ROOT\CLSID\{4556C666-9FB4-4E25-B087-24806C42222A}]
[-HKEY_CLASSES_ROOT\CLSID\{1D44F68B-17D9-4FBD-B284-8305B76B3FA9}]
[-HKEY_CLASSES_ROOT\CLSID\{98A134C1-1E3B-4C1E-8D42-529745594227}]
[-HKEY_CLASSES_ROOT\CLSID\{09C16CA7-FC50-4894-91E8-75DC0205EE5C}]
[-HKEY_CLASSES_ROOT\CLSID\{104EB31E-03E9-471C-9112-D75C120E477E}]
REGEDIT4
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************
****************************************************************************
L2Mfix 1.03a
Running From:
D:\Documents and Settings\J@v0\Mes documents\Ma musique\l2mfix
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access AUTORITE NT\SYSTEM
(IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Utilisateurs
(ID-IO) ALLOW Read BUILTIN\Utilisateurs
(ID-NI) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-IO) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-NI) ALLOW Full access BUILTIN\Administrateurs
(ID-IO) ALLOW Full access BUILTIN\Administrateurs
(ID-NI) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE
Setting registry permissions:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Denying C(CI) access for predefined group "Administrators"
- adding new ACCESS DENY entry
Registry Permissions set too:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(CI) DENY --C------- BUILTIN\Administrateurs
(NI) ALLOW Full access AUTORITE NT\SYSTEM
(IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Utilisateurs
(ID-IO) ALLOW Read BUILTIN\Utilisateurs
(ID-NI) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-IO) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-NI) ALLOW Full access BUILTIN\Administrateurs
(ID-IO) ALLOW Full access BUILTIN\Administrateurs
(ID-NI) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE
Setting up for Reboot
Starting Reboot!
D:\Documents and Settings\J@v0\Mes documents\Ma musique\l2mfix
System Rebooted!
Running From:
D:\Documents and Settings\J@v0\Mes documents\Ma musique\l2mfix
killing explorer and rundll32.exe
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1736 'explorer.exe'
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1844 'rundll32.exe'
Scanning First Pass. Please Wait!
First Pass Completed
Second Pass Scanning
Second pass Completed!
Backing Up: D:\WINDOWS\system32\cagmgr32.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\cagmgr32.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\cqrtcli.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\cqrtcli.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\cxmres.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\cxmres.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\dcvxdec_0407.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\dcvxdec_0407.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\ddvoice.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\ddvoice.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\marapi.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\marapi.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\mautb.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\mautb.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\mgc40u.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\mgc40u.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\mpsystem.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\mpsystem.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\muimsg.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\muimsg.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\mxaudite.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\mxaudite.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\ovmanage.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\ovmanage.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\sacur32.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\sacur32.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\wips.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\wips.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\wqhbth.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\wqhbth.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\xwsp1res.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\xwsp1res.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\guard.tmp
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\guard.tmp
1 fichier(s) copi‚(s).
deleting: D:\WINDOWS\system32\cagmgr32.dll
Successfully Deleted: D:\WINDOWS\system32\cagmgr32.dll
deleting: D:\WINDOWS\system32\cagmgr32.dll
Successfully Deleted: D:\WINDOWS\system32\cagmgr32.dll
deleting: D:\WINDOWS\system32\cqrtcli.dll
Successfully Deleted: D:\WINDOWS\system32\cqrtcli.dll
deleting: D:\WINDOWS\system32\cqrtcli.dll
Successfully Deleted: D:\WINDOWS\system32\cqrtcli.dll
deleting: D:\WINDOWS\system32\cxmres.dll
Successfully Deleted: D:\WINDOWS\system32\cxmres.dll
deleting: D:\WINDOWS\system32\cxmres.dll
Successfully Deleted: D:\WINDOWS\system32\cxmres.dll
deleting: D:\WINDOWS\system32\dcvxdec_0407.dll
Successfully Deleted: D:\WINDOWS\system32\dcvxdec_0407.dll
deleting: D:\WINDOWS\system32\dcvxdec_0407.dll
Successfully Deleted: D:\WINDOWS\system32\dcvxdec_0407.dll
deleting: D:\WINDOWS\system32\ddvoice.dll
Successfully Deleted: D:\WINDOWS\system32\ddvoice.dll
deleting: D:\WINDOWS\system32\ddvoice.dll
Successfully Deleted: D:\WINDOWS\system32\ddvoice.dll
deleting: D:\WINDOWS\system32\marapi.dll
Successfully Deleted: D:\WINDOWS\system32\marapi.dll
deleting: D:\WINDOWS\system32\marapi.dll
Successfully Deleted: D:\WINDOWS\system32\marapi.dll
deleting: D:\WINDOWS\system32\mautb.dll
Successfully Deleted: D:\WINDOWS\system32\mautb.dll
deleting: D:\WINDOWS\system32\mautb.dll
Successfully Deleted: D:\WINDOWS\system32\mautb.dll
deleting: D:\WINDOWS\system32\mgc40u.dll
Successfully Deleted: D:\WINDOWS\system32\mgc40u.dll
deleting: D:\WINDOWS\system32\mgc40u.dll
Successfully Deleted: D:\WINDOWS\system32\mgc40u.dll
deleting: D:\WINDOWS\system32\mpsystem.dll
Successfully Deleted: D:\WINDOWS\system32\mpsystem.dll
deleting: D:\WINDOWS\system32\mpsystem.dll
Successfully Deleted: D:\WINDOWS\system32\mpsystem.dll
deleting: D:\WINDOWS\system32\muimsg.dll
Successfully Deleted: D:\WINDOWS\system32\muimsg.dll
deleting: D:\WINDOWS\system32\muimsg.dll
Successfully Deleted: D:\WINDOWS\system32\muimsg.dll
deleting: D:\WINDOWS\system32\mxaudite.dll
Successfully Deleted: D:\WINDOWS\system32\mxaudite.dll
deleting: D:\WINDOWS\system32\mxaudite.dll
Successfully Deleted: D:\WINDOWS\system32\mxaudite.dll
deleting: D:\WINDOWS\system32\ovmanage.dll
Successfully Deleted: D:\WINDOWS\system32\ovmanage.dll
deleting: D:\WINDOWS\system32\ovmanage.dll
Successfully Deleted: D:\WINDOWS\system32\ovmanage.dll
deleting: D:\WINDOWS\system32\sacur32.dll
Successfully Deleted: D:\WINDOWS\system32\sacur32.dll
deleting: D:\WINDOWS\system32\sacur32.dll
Successfully Deleted: D:\WINDOWS\system32\sacur32.dll
deleting: D:\WINDOWS\system32\wips.dll
Successfully Deleted: D:\WINDOWS\system32\wips.dll
deleting: D:\WINDOWS\system32\wips.dll
Successfully Deleted: D:\WINDOWS\system32\wips.dll
deleting: D:\WINDOWS\system32\wqhbth.dll
Successfully Deleted: D:\WINDOWS\system32\wqhbth.dll
deleting: D:\WINDOWS\system32\wqhbth.dll
Successfully Deleted: D:\WINDOWS\system32\wqhbth.dll
deleting: D:\WINDOWS\system32\xwsp1res.dll
Successfully Deleted: D:\WINDOWS\system32\xwsp1res.dll
deleting: D:\WINDOWS\system32\xwsp1res.dll
Successfully Deleted: D:\WINDOWS\system32\xwsp1res.dll
deleting: D:\WINDOWS\system32\guard.tmp
Successfully Deleted: D:\WINDOWS\system32\guard.tmp
deleting: D:\WINDOWS\system32\guard.tmp
Successfully Deleted: D:\WINDOWS\system32\guard.tmp
Zipping up files for submission:
adding: cagmgr32.dll (164 bytes security) (deflated 48%)
adding: cqrtcli.dll (164 bytes security) (deflated 48%)
adding: cxmres.dll (164 bytes security) (deflated 48%)
adding: dcvxdec_0407.dll (164 bytes security) (deflated 48%)
adding: ddvoice.dll (164 bytes security) (deflated 48%)
adding: marapi.dll (164 bytes security) (deflated 48%)
adding: mautb.dll (164 bytes security) (deflated 48%)
adding: mgc40u.dll (164 bytes security) (deflated 48%)
adding: mpsystem.dll (164 bytes security) (deflated 48%)
adding: muimsg.dll (164 bytes security) (deflated 48%)
adding: mxaudite.dll (164 bytes security) (deflated 48%)
adding: ovmanage.dll (164 bytes security) (deflated 48%)
adding: sacur32.dll (164 bytes security) (deflated 48%)
adding: wips.dll (164 bytes security) (deflated 48%)
adding: wqhbth.dll (164 bytes security) (deflated 48%)
adding: xwsp1res.dll (164 bytes security) (deflated 48%)
adding: guard.tmp (164 bytes security) (deflated 48%)
adding: clear.reg (164 bytes security) (deflated 55%)
adding: echo.reg (164 bytes security) (deflated 14%)
adding: direct.txt (164 bytes security) (deflated 6%)
adding: lo2.txt (164 bytes security) (deflated 87%)
adding: readme.txt (164 bytes security) (deflated 49%)
adding: test.txt (164 bytes security) (deflated 88%)
adding: test2.txt (164 bytes security) (deflated 36%)
adding: test3.txt (164 bytes security) (deflated 36%)
adding: test5.txt (164 bytes security) (deflated 36%)
adding: xfind.txt (164 bytes security) (deflated 85%)
adding: backregs/09C16CA7-FC50-4894-91E8-75DC0205EE5C.reg (164 bytes security) (deflated 70%)
adding: backregs/104EB31E-03E9-471C-9112-D75C120E477E.reg (164 bytes security) (deflated 70%)
adding: backregs/1D44F68B-17D9-4FBD-B284-8305B76B3FA9.reg (164 bytes security) (deflated 69%)
adding: backregs/4556C666-9FB4-4E25-B087-24806C42222A.reg (164 bytes security) (deflated 70%)
adding: backregs/98A134C1-1E3B-4C1E-8D42-529745594227.reg (164 bytes security) (deflated 70%)
adding: backregs/shell.reg (164 bytes security) (deflated 73%)
Restoring Registry Permissions:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Revoking access for predefined group "Administrators"
Inherited ACE can not be revoked here!
Inherited ACE can not be revoked here!
Registry permissions set too:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access AUTORITE NT\SYSTEM
(IO) ALLOW Full access AUTORITE NT\SYSTEM
(NI) ALLOW Full access AUTORITE NT\SYSTEM
(IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Utilisateurs
(ID-IO) ALLOW Read BUILTIN\Utilisateurs
(ID-NI) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-IO) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-NI) ALLOW Full access BUILTIN\Administrateurs
(ID-IO) ALLOW Full access BUILTIN\Administrateurs
(ID-NI) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administrators ... failed (GetAccountSid(Administrators)=1332
deleting local copy: cagmgr32.dll
deleting local copy: cagmgr32.dll
deleting local copy: cqrtcli.dll
deleting local copy: cqrtcli.dll
deleting local copy: cxmres.dll
deleting local copy: cxmres.dll
deleting local copy: dcvxdec_0407.dll
deleting local copy: dcvxdec_0407.dll
deleting local copy: ddvoice.dll
deleting local copy: ddvoice.dll
deleting local copy: marapi.dll
deleting local copy: marapi.dll
deleting local copy: mautb.dll
deleting local copy: mautb.dll
deleting local copy: mgc40u.dll
deleting local copy: mgc40u.dll
deleting local copy: mpsystem.dll
deleting local copy: mpsystem.dll
deleting local copy: muimsg.dll
deleting local copy: muimsg.dll
deleting local copy: mxaudite.dll
deleting local copy: mxaudite.dll
deleting local copy: ovmanage.dll
deleting local copy: ovmanage.dll
deleting local copy: sacur32.dll
deleting local copy: sacur32.dll
deleting local copy: wips.dll
deleting local copy: wips.dll
deleting local copy: wqhbth.dll
deleting local copy: wqhbth.dll
deleting local copy: xwsp1res.dll
deleting local copy: xwsp1res.dll
deleting local copy: guard.tmp
deleting local copy: guard.tmp
The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
The following are the files found:
****************************************************************************
D:\WINDOWS\system32\cagmgr32.dll
D:\WINDOWS\system32\cagmgr32.dll
D:\WINDOWS\system32\cqrtcli.dll
D:\WINDOWS\system32\cqrtcli.dll
D:\WINDOWS\system32\cxmres.dll
D:\WINDOWS\system32\cxmres.dll
D:\WINDOWS\system32\dcvxdec_0407.dll
D:\WINDOWS\system32\dcvxdec_0407.dll
D:\WINDOWS\system32\ddvoice.dll
D:\WINDOWS\system32\ddvoice.dll
D:\WINDOWS\system32\marapi.dll
D:\WINDOWS\system32\marapi.dll
D:\WINDOWS\system32\mautb.dll
D:\WINDOWS\system32\mautb.dll
D:\WINDOWS\system32\mgc40u.dll
D:\WINDOWS\system32\mgc40u.dll
D:\WINDOWS\system32\mpsystem.dll
D:\WINDOWS\system32\mpsystem.dll
D:\WINDOWS\system32\muimsg.dll
D:\WINDOWS\system32\muimsg.dll
D:\WINDOWS\system32\mxaudite.dll
D:\WINDOWS\system32\mxaudite.dll
D:\WINDOWS\system32\ovmanage.dll
D:\WINDOWS\system32\ovmanage.dll
D:\WINDOWS\system32\sacur32.dll
D:\WINDOWS\system32\sacur32.dll
D:\WINDOWS\system32\wips.dll
D:\WINDOWS\system32\wips.dll
D:\WINDOWS\system32\wqhbth.dll
D:\WINDOWS\system32\wqhbth.dll
D:\WINDOWS\system32\xwsp1res.dll
D:\WINDOWS\system32\xwsp1res.dll
D:\WINDOWS\system32\guard.tmp
D:\WINDOWS\system32\guard.tmp
Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{4556C666-9FB4-4E25-B087-24806C42222A}"=-
"{1D44F68B-17D9-4FBD-B284-8305B76B3FA9}"=-
"{98A134C1-1E3B-4C1E-8D42-529745594227}"=-
"{09C16CA7-FC50-4894-91E8-75DC0205EE5C}"=-
"{104EB31E-03E9-471C-9112-D75C120E477E}"=-
[-HKEY_CLASSES_ROOT\CLSID\{4556C666-9FB4-4E25-B087-24806C42222A}]
[-HKEY_CLASSES_ROOT\CLSID\{1D44F68B-17D9-4FBD-B284-8305B76B3FA9}]
[-HKEY_CLASSES_ROOT\CLSID\{98A134C1-1E3B-4C1E-8D42-529745594227}]
[-HKEY_CLASSES_ROOT\CLSID\{09C16CA7-FC50-4894-91E8-75DC0205EE5C}]
[-HKEY_CLASSES_ROOT\CLSID\{104EB31E-03E9-471C-9112-D75C120E477E}]
REGEDIT4
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************
****************************************************************************
balltrap34
Messages postés
16240
Date d'inscription
jeudi 8 janvier 2004
Statut
Contributeur sécurité
Dernière intervention
28 novembre 2009
329
7 août 2005 à 16:57
7 août 2005 à 16:57
merci tu avais la dose lol
en effet!
je confirme donc que c'etait bien ca! plus aucune pub! cest formidable!!
encore merci a tous ;-)
bon dimanche
je confirme donc que c'etait bien ca! plus aucune pub! cest formidable!!
encore merci a tous ;-)
bon dimanche
balltrap34
Messages postés
16240
Date d'inscription
jeudi 8 janvier 2004
Statut
Contributeur sécurité
Dernière intervention
28 novembre 2009
329
7 août 2005 à 17:01
7 août 2005 à 17:01
content pour toi
a++ sans soucis j espere
a++ sans soucis j espere