Pop up!
Résolu
jacko
-
balltrap34 Messages postés 16241 Statut Contributeur sécurité -
balltrap34 Messages postés 16241 Statut Contributeur sécurité -
bonjour, je suis equipé de kaspersky antivirus, pare feu windows, google tool bar, et bloquer de fenetre (inclus avec XP).
mais depuis peu de temps jai plusieurs fenetre IE qui souvre avec de la pub! il y en a entre 5 et 10 a chaque fois! je ne les vois pas dans la barre des taches, c'est lorsque je reduit mes applications que je les voit sur le bureau!
comment les supprimer?
merci
jai passer un SPYBOT mais c acontinue toujours!
mais depuis peu de temps jai plusieurs fenetre IE qui souvre avec de la pub! il y en a entre 5 et 10 a chaque fois! je ne les vois pas dans la barre des taches, c'est lorsque je reduit mes applications que je les voit sur le bureau!
comment les supprimer?
merci
jai passer un SPYBOT mais c acontinue toujours!
A voir également:
- Pop up!
- Pop up mcafee - Accueil - Piratage
- Pop corn time - Télécharger - TV & Vidéo
- Serveur pop - Guide
- Augmenter débit freebox pop fibre ✓ - Forum Freebox
- Mode securise free pop - Forum Freebox
32 réponses
slt
Telecharge: Pocket Killbox ici
http://www.downloads.subratam.org/KillBox.exe
Double clic sur killbox.exe (Pocket Killbox)
- coche: delete on reboot
- Dans "Full Path of File to Delete"
copie et colle:
D:\WINDOWS\system32\mautb.dll
- clic sur la croix rouge
- une fenetre va apparaitre pour confirmation clic sur YES
- une seconde fenetre te demande si tu veux redemarrer clic sur YES
Laisse le pc redemarrer
et après reposte un log hijackthis.
A+
Telecharge: Pocket Killbox ici
http://www.downloads.subratam.org/KillBox.exe
Double clic sur killbox.exe (Pocket Killbox)
- coche: delete on reboot
- Dans "Full Path of File to Delete"
copie et colle:
D:\WINDOWS\system32\mautb.dll
- clic sur la croix rouge
- une fenetre va apparaitre pour confirmation clic sur YES
- une seconde fenetre te demande si tu veux redemarrer clic sur YES
Laisse le pc redemarrer
et après reposte un log hijackthis.
A+
je dois vraiment etre nul... lol
quand je valide pr redemarrer il me met un msg derreur:
pending file rename operations registry data has been removed by external process
ca redemarre pas et il est tj dan le log.
remyremy@hotmail.com (si tu as msn c plu facile^^)
quand je valide pr redemarrer il me met un msg derreur:
pending file rename operations registry data has been removed by external process
ca redemarre pas et il est tj dan le log.
remyremy@hotmail.com (si tu as msn c plu facile^^)
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
peuteter une vx2
fait ceci
telecharge ceci
http://www.downloads.subratam.org/l2mfix.exe
decompresse le double clik sur l2mfix.bat appuie sur n importe quelle touche et ensuite choisi l option 2
met le rapport et aussi essaie de suppr a nouveau la dll si elle est toujours dans hijack
fait ceci
telecharge ceci
http://www.downloads.subratam.org/l2mfix.exe
decompresse le double clik sur l2mfix.bat appuie sur n importe quelle touche et ensuite choisi l option 2
met le rapport et aussi essaie de suppr a nouveau la dll si elle est toujours dans hijack
c bon ca a marcher!
Logfile of HijackThis v1.99.1
Scan saved at 16:45:05, on 07/08/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\MessengerPlus! 3\MsgPlus.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\a2\a2guard.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\WINDOWS\explorer.exe
D:\Documents and Settings\J@v0\Mes documents\Ma musique\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KAV Blacklist Killer] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\KAV Blacklist Killer.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "D:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [a-squared] "D:\Program Files\a2\a2guard.exe"
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - D:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://D:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://D:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://D:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1116074835816
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: kavsvc - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
pour l'instant jai plus de pub et il nest plus ds le rapport!
je remettrais un message ici pour confirmer si jai plus de pub! ;-)
merci merci beaucoup A TOUS c'est super sympa d'aider les debutants comme moi! merci encore!
Logfile of HijackThis v1.99.1
Scan saved at 16:45:05, on 07/08/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\MessengerPlus! 3\MsgPlus.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\a2\a2guard.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\WINDOWS\explorer.exe
D:\Documents and Settings\J@v0\Mes documents\Ma musique\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KAV Blacklist Killer] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\KAV Blacklist Killer.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "D:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [a-squared] "D:\Program Files\a2\a2guard.exe"
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - D:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://D:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://D:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://D:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1116074835816
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: kavsvc - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
pour l'instant jai plus de pub et il nest plus ds le rapport!
je remettrais un message ici pour confirmer si jai plus de pub! ;-)
merci merci beaucoup A TOUS c'est super sympa d'aider les debutants comme moi! merci encore!
accroche toi c long ;)
L2Mfix 1.03a
Running From:
D:\Documents and Settings\J@v0\Mes documents\Ma musique\l2mfix
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access AUTORITE NT\SYSTEM
(IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Utilisateurs
(ID-IO) ALLOW Read BUILTIN\Utilisateurs
(ID-NI) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-IO) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-NI) ALLOW Full access BUILTIN\Administrateurs
(ID-IO) ALLOW Full access BUILTIN\Administrateurs
(ID-NI) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE
Setting registry permissions:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Denying C(CI) access for predefined group "Administrators"
- adding new ACCESS DENY entry
Registry Permissions set too:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(CI) DENY --C------- BUILTIN\Administrateurs
(NI) ALLOW Full access AUTORITE NT\SYSTEM
(IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Utilisateurs
(ID-IO) ALLOW Read BUILTIN\Utilisateurs
(ID-NI) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-IO) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-NI) ALLOW Full access BUILTIN\Administrateurs
(ID-IO) ALLOW Full access BUILTIN\Administrateurs
(ID-NI) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE
Setting up for Reboot
Starting Reboot!
D:\Documents and Settings\J@v0\Mes documents\Ma musique\l2mfix
System Rebooted!
Running From:
D:\Documents and Settings\J@v0\Mes documents\Ma musique\l2mfix
killing explorer and rundll32.exe
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1736 'explorer.exe'
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1844 'rundll32.exe'
Scanning First Pass. Please Wait!
First Pass Completed
Second Pass Scanning
Second pass Completed!
Backing Up: D:\WINDOWS\system32\cagmgr32.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\cagmgr32.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\cqrtcli.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\cqrtcli.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\cxmres.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\cxmres.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\dcvxdec_0407.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\dcvxdec_0407.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\ddvoice.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\ddvoice.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\marapi.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\marapi.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\mautb.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\mautb.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\mgc40u.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\mgc40u.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\mpsystem.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\mpsystem.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\muimsg.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\muimsg.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\mxaudite.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\mxaudite.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\ovmanage.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\ovmanage.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\sacur32.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\sacur32.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\wips.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\wips.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\wqhbth.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\wqhbth.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\xwsp1res.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\xwsp1res.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\guard.tmp
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\guard.tmp
1 fichier(s) copi‚(s).
deleting: D:\WINDOWS\system32\cagmgr32.dll
Successfully Deleted: D:\WINDOWS\system32\cagmgr32.dll
deleting: D:\WINDOWS\system32\cagmgr32.dll
Successfully Deleted: D:\WINDOWS\system32\cagmgr32.dll
deleting: D:\WINDOWS\system32\cqrtcli.dll
Successfully Deleted: D:\WINDOWS\system32\cqrtcli.dll
deleting: D:\WINDOWS\system32\cqrtcli.dll
Successfully Deleted: D:\WINDOWS\system32\cqrtcli.dll
deleting: D:\WINDOWS\system32\cxmres.dll
Successfully Deleted: D:\WINDOWS\system32\cxmres.dll
deleting: D:\WINDOWS\system32\cxmres.dll
Successfully Deleted: D:\WINDOWS\system32\cxmres.dll
deleting: D:\WINDOWS\system32\dcvxdec_0407.dll
Successfully Deleted: D:\WINDOWS\system32\dcvxdec_0407.dll
deleting: D:\WINDOWS\system32\dcvxdec_0407.dll
Successfully Deleted: D:\WINDOWS\system32\dcvxdec_0407.dll
deleting: D:\WINDOWS\system32\ddvoice.dll
Successfully Deleted: D:\WINDOWS\system32\ddvoice.dll
deleting: D:\WINDOWS\system32\ddvoice.dll
Successfully Deleted: D:\WINDOWS\system32\ddvoice.dll
deleting: D:\WINDOWS\system32\marapi.dll
Successfully Deleted: D:\WINDOWS\system32\marapi.dll
deleting: D:\WINDOWS\system32\marapi.dll
Successfully Deleted: D:\WINDOWS\system32\marapi.dll
deleting: D:\WINDOWS\system32\mautb.dll
Successfully Deleted: D:\WINDOWS\system32\mautb.dll
deleting: D:\WINDOWS\system32\mautb.dll
Successfully Deleted: D:\WINDOWS\system32\mautb.dll
deleting: D:\WINDOWS\system32\mgc40u.dll
Successfully Deleted: D:\WINDOWS\system32\mgc40u.dll
deleting: D:\WINDOWS\system32\mgc40u.dll
Successfully Deleted: D:\WINDOWS\system32\mgc40u.dll
deleting: D:\WINDOWS\system32\mpsystem.dll
Successfully Deleted: D:\WINDOWS\system32\mpsystem.dll
deleting: D:\WINDOWS\system32\mpsystem.dll
Successfully Deleted: D:\WINDOWS\system32\mpsystem.dll
deleting: D:\WINDOWS\system32\muimsg.dll
Successfully Deleted: D:\WINDOWS\system32\muimsg.dll
deleting: D:\WINDOWS\system32\muimsg.dll
Successfully Deleted: D:\WINDOWS\system32\muimsg.dll
deleting: D:\WINDOWS\system32\mxaudite.dll
Successfully Deleted: D:\WINDOWS\system32\mxaudite.dll
deleting: D:\WINDOWS\system32\mxaudite.dll
Successfully Deleted: D:\WINDOWS\system32\mxaudite.dll
deleting: D:\WINDOWS\system32\ovmanage.dll
Successfully Deleted: D:\WINDOWS\system32\ovmanage.dll
deleting: D:\WINDOWS\system32\ovmanage.dll
Successfully Deleted: D:\WINDOWS\system32\ovmanage.dll
deleting: D:\WINDOWS\system32\sacur32.dll
Successfully Deleted: D:\WINDOWS\system32\sacur32.dll
deleting: D:\WINDOWS\system32\sacur32.dll
Successfully Deleted: D:\WINDOWS\system32\sacur32.dll
deleting: D:\WINDOWS\system32\wips.dll
Successfully Deleted: D:\WINDOWS\system32\wips.dll
deleting: D:\WINDOWS\system32\wips.dll
Successfully Deleted: D:\WINDOWS\system32\wips.dll
deleting: D:\WINDOWS\system32\wqhbth.dll
Successfully Deleted: D:\WINDOWS\system32\wqhbth.dll
deleting: D:\WINDOWS\system32\wqhbth.dll
Successfully Deleted: D:\WINDOWS\system32\wqhbth.dll
deleting: D:\WINDOWS\system32\xwsp1res.dll
Successfully Deleted: D:\WINDOWS\system32\xwsp1res.dll
deleting: D:\WINDOWS\system32\xwsp1res.dll
Successfully Deleted: D:\WINDOWS\system32\xwsp1res.dll
deleting: D:\WINDOWS\system32\guard.tmp
Successfully Deleted: D:\WINDOWS\system32\guard.tmp
deleting: D:\WINDOWS\system32\guard.tmp
Successfully Deleted: D:\WINDOWS\system32\guard.tmp
Zipping up files for submission:
adding: cagmgr32.dll (164 bytes security) (deflated 48%)
adding: cqrtcli.dll (164 bytes security) (deflated 48%)
adding: cxmres.dll (164 bytes security) (deflated 48%)
adding: dcvxdec_0407.dll (164 bytes security) (deflated 48%)
adding: ddvoice.dll (164 bytes security) (deflated 48%)
adding: marapi.dll (164 bytes security) (deflated 48%)
adding: mautb.dll (164 bytes security) (deflated 48%)
adding: mgc40u.dll (164 bytes security) (deflated 48%)
adding: mpsystem.dll (164 bytes security) (deflated 48%)
adding: muimsg.dll (164 bytes security) (deflated 48%)
adding: mxaudite.dll (164 bytes security) (deflated 48%)
adding: ovmanage.dll (164 bytes security) (deflated 48%)
adding: sacur32.dll (164 bytes security) (deflated 48%)
adding: wips.dll (164 bytes security) (deflated 48%)
adding: wqhbth.dll (164 bytes security) (deflated 48%)
adding: xwsp1res.dll (164 bytes security) (deflated 48%)
adding: guard.tmp (164 bytes security) (deflated 48%)
adding: clear.reg (164 bytes security) (deflated 55%)
adding: echo.reg (164 bytes security) (deflated 14%)
adding: direct.txt (164 bytes security) (deflated 6%)
adding: lo2.txt (164 bytes security) (deflated 87%)
adding: readme.txt (164 bytes security) (deflated 49%)
adding: test.txt (164 bytes security) (deflated 88%)
adding: test2.txt (164 bytes security) (deflated 36%)
adding: test3.txt (164 bytes security) (deflated 36%)
adding: test5.txt (164 bytes security) (deflated 36%)
adding: xfind.txt (164 bytes security) (deflated 85%)
adding: backregs/09C16CA7-FC50-4894-91E8-75DC0205EE5C.reg (164 bytes security) (deflated 70%)
adding: backregs/104EB31E-03E9-471C-9112-D75C120E477E.reg (164 bytes security) (deflated 70%)
adding: backregs/1D44F68B-17D9-4FBD-B284-8305B76B3FA9.reg (164 bytes security) (deflated 69%)
adding: backregs/4556C666-9FB4-4E25-B087-24806C42222A.reg (164 bytes security) (deflated 70%)
adding: backregs/98A134C1-1E3B-4C1E-8D42-529745594227.reg (164 bytes security) (deflated 70%)
adding: backregs/shell.reg (164 bytes security) (deflated 73%)
Restoring Registry Permissions:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Revoking access for predefined group "Administrators"
Inherited ACE can not be revoked here!
Inherited ACE can not be revoked here!
Registry permissions set too:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access AUTORITE NT\SYSTEM
(IO) ALLOW Full access AUTORITE NT\SYSTEM
(NI) ALLOW Full access AUTORITE NT\SYSTEM
(IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Utilisateurs
(ID-IO) ALLOW Read BUILTIN\Utilisateurs
(ID-NI) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-IO) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-NI) ALLOW Full access BUILTIN\Administrateurs
(ID-IO) ALLOW Full access BUILTIN\Administrateurs
(ID-NI) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administrators ... failed (GetAccountSid(Administrators)=1332
deleting local copy: cagmgr32.dll
deleting local copy: cagmgr32.dll
deleting local copy: cqrtcli.dll
deleting local copy: cqrtcli.dll
deleting local copy: cxmres.dll
deleting local copy: cxmres.dll
deleting local copy: dcvxdec_0407.dll
deleting local copy: dcvxdec_0407.dll
deleting local copy: ddvoice.dll
deleting local copy: ddvoice.dll
deleting local copy: marapi.dll
deleting local copy: marapi.dll
deleting local copy: mautb.dll
deleting local copy: mautb.dll
deleting local copy: mgc40u.dll
deleting local copy: mgc40u.dll
deleting local copy: mpsystem.dll
deleting local copy: mpsystem.dll
deleting local copy: muimsg.dll
deleting local copy: muimsg.dll
deleting local copy: mxaudite.dll
deleting local copy: mxaudite.dll
deleting local copy: ovmanage.dll
deleting local copy: ovmanage.dll
deleting local copy: sacur32.dll
deleting local copy: sacur32.dll
deleting local copy: wips.dll
deleting local copy: wips.dll
deleting local copy: wqhbth.dll
deleting local copy: wqhbth.dll
deleting local copy: xwsp1res.dll
deleting local copy: xwsp1res.dll
deleting local copy: guard.tmp
deleting local copy: guard.tmp
The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
The following are the files found:
****************************************************************************
D:\WINDOWS\system32\cagmgr32.dll
D:\WINDOWS\system32\cagmgr32.dll
D:\WINDOWS\system32\cqrtcli.dll
D:\WINDOWS\system32\cqrtcli.dll
D:\WINDOWS\system32\cxmres.dll
D:\WINDOWS\system32\cxmres.dll
D:\WINDOWS\system32\dcvxdec_0407.dll
D:\WINDOWS\system32\dcvxdec_0407.dll
D:\WINDOWS\system32\ddvoice.dll
D:\WINDOWS\system32\ddvoice.dll
D:\WINDOWS\system32\marapi.dll
D:\WINDOWS\system32\marapi.dll
D:\WINDOWS\system32\mautb.dll
D:\WINDOWS\system32\mautb.dll
D:\WINDOWS\system32\mgc40u.dll
D:\WINDOWS\system32\mgc40u.dll
D:\WINDOWS\system32\mpsystem.dll
D:\WINDOWS\system32\mpsystem.dll
D:\WINDOWS\system32\muimsg.dll
D:\WINDOWS\system32\muimsg.dll
D:\WINDOWS\system32\mxaudite.dll
D:\WINDOWS\system32\mxaudite.dll
D:\WINDOWS\system32\ovmanage.dll
D:\WINDOWS\system32\ovmanage.dll
D:\WINDOWS\system32\sacur32.dll
D:\WINDOWS\system32\sacur32.dll
D:\WINDOWS\system32\wips.dll
D:\WINDOWS\system32\wips.dll
D:\WINDOWS\system32\wqhbth.dll
D:\WINDOWS\system32\wqhbth.dll
D:\WINDOWS\system32\xwsp1res.dll
D:\WINDOWS\system32\xwsp1res.dll
D:\WINDOWS\system32\guard.tmp
D:\WINDOWS\system32\guard.tmp
Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{4556C666-9FB4-4E25-B087-24806C42222A}"=-
"{1D44F68B-17D9-4FBD-B284-8305B76B3FA9}"=-
"{98A134C1-1E3B-4C1E-8D42-529745594227}"=-
"{09C16CA7-FC50-4894-91E8-75DC0205EE5C}"=-
"{104EB31E-03E9-471C-9112-D75C120E477E}"=-
[-HKEY_CLASSES_ROOT\CLSID\{4556C666-9FB4-4E25-B087-24806C42222A}]
[-HKEY_CLASSES_ROOT\CLSID\{1D44F68B-17D9-4FBD-B284-8305B76B3FA9}]
[-HKEY_CLASSES_ROOT\CLSID\{98A134C1-1E3B-4C1E-8D42-529745594227}]
[-HKEY_CLASSES_ROOT\CLSID\{09C16CA7-FC50-4894-91E8-75DC0205EE5C}]
[-HKEY_CLASSES_ROOT\CLSID\{104EB31E-03E9-471C-9112-D75C120E477E}]
REGEDIT4
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************
****************************************************************************
L2Mfix 1.03a
Running From:
D:\Documents and Settings\J@v0\Mes documents\Ma musique\l2mfix
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access AUTORITE NT\SYSTEM
(IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Utilisateurs
(ID-IO) ALLOW Read BUILTIN\Utilisateurs
(ID-NI) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-IO) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-NI) ALLOW Full access BUILTIN\Administrateurs
(ID-IO) ALLOW Full access BUILTIN\Administrateurs
(ID-NI) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE
Setting registry permissions:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Denying C(CI) access for predefined group "Administrators"
- adding new ACCESS DENY entry
Registry Permissions set too:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(CI) DENY --C------- BUILTIN\Administrateurs
(NI) ALLOW Full access AUTORITE NT\SYSTEM
(IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Utilisateurs
(ID-IO) ALLOW Read BUILTIN\Utilisateurs
(ID-NI) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-IO) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-NI) ALLOW Full access BUILTIN\Administrateurs
(ID-IO) ALLOW Full access BUILTIN\Administrateurs
(ID-NI) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE
Setting up for Reboot
Starting Reboot!
D:\Documents and Settings\J@v0\Mes documents\Ma musique\l2mfix
System Rebooted!
Running From:
D:\Documents and Settings\J@v0\Mes documents\Ma musique\l2mfix
killing explorer and rundll32.exe
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1736 'explorer.exe'
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1844 'rundll32.exe'
Scanning First Pass. Please Wait!
First Pass Completed
Second Pass Scanning
Second pass Completed!
Backing Up: D:\WINDOWS\system32\cagmgr32.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\cagmgr32.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\cqrtcli.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\cqrtcli.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\cxmres.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\cxmres.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\dcvxdec_0407.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\dcvxdec_0407.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\ddvoice.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\ddvoice.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\marapi.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\marapi.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\mautb.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\mautb.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\mgc40u.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\mgc40u.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\mpsystem.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\mpsystem.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\muimsg.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\muimsg.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\mxaudite.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\mxaudite.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\ovmanage.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\ovmanage.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\sacur32.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\sacur32.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\wips.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\wips.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\wqhbth.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\wqhbth.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\xwsp1res.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\xwsp1res.dll
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\guard.tmp
1 fichier(s) copi‚(s).
Backing Up: D:\WINDOWS\system32\guard.tmp
1 fichier(s) copi‚(s).
deleting: D:\WINDOWS\system32\cagmgr32.dll
Successfully Deleted: D:\WINDOWS\system32\cagmgr32.dll
deleting: D:\WINDOWS\system32\cagmgr32.dll
Successfully Deleted: D:\WINDOWS\system32\cagmgr32.dll
deleting: D:\WINDOWS\system32\cqrtcli.dll
Successfully Deleted: D:\WINDOWS\system32\cqrtcli.dll
deleting: D:\WINDOWS\system32\cqrtcli.dll
Successfully Deleted: D:\WINDOWS\system32\cqrtcli.dll
deleting: D:\WINDOWS\system32\cxmres.dll
Successfully Deleted: D:\WINDOWS\system32\cxmres.dll
deleting: D:\WINDOWS\system32\cxmres.dll
Successfully Deleted: D:\WINDOWS\system32\cxmres.dll
deleting: D:\WINDOWS\system32\dcvxdec_0407.dll
Successfully Deleted: D:\WINDOWS\system32\dcvxdec_0407.dll
deleting: D:\WINDOWS\system32\dcvxdec_0407.dll
Successfully Deleted: D:\WINDOWS\system32\dcvxdec_0407.dll
deleting: D:\WINDOWS\system32\ddvoice.dll
Successfully Deleted: D:\WINDOWS\system32\ddvoice.dll
deleting: D:\WINDOWS\system32\ddvoice.dll
Successfully Deleted: D:\WINDOWS\system32\ddvoice.dll
deleting: D:\WINDOWS\system32\marapi.dll
Successfully Deleted: D:\WINDOWS\system32\marapi.dll
deleting: D:\WINDOWS\system32\marapi.dll
Successfully Deleted: D:\WINDOWS\system32\marapi.dll
deleting: D:\WINDOWS\system32\mautb.dll
Successfully Deleted: D:\WINDOWS\system32\mautb.dll
deleting: D:\WINDOWS\system32\mautb.dll
Successfully Deleted: D:\WINDOWS\system32\mautb.dll
deleting: D:\WINDOWS\system32\mgc40u.dll
Successfully Deleted: D:\WINDOWS\system32\mgc40u.dll
deleting: D:\WINDOWS\system32\mgc40u.dll
Successfully Deleted: D:\WINDOWS\system32\mgc40u.dll
deleting: D:\WINDOWS\system32\mpsystem.dll
Successfully Deleted: D:\WINDOWS\system32\mpsystem.dll
deleting: D:\WINDOWS\system32\mpsystem.dll
Successfully Deleted: D:\WINDOWS\system32\mpsystem.dll
deleting: D:\WINDOWS\system32\muimsg.dll
Successfully Deleted: D:\WINDOWS\system32\muimsg.dll
deleting: D:\WINDOWS\system32\muimsg.dll
Successfully Deleted: D:\WINDOWS\system32\muimsg.dll
deleting: D:\WINDOWS\system32\mxaudite.dll
Successfully Deleted: D:\WINDOWS\system32\mxaudite.dll
deleting: D:\WINDOWS\system32\mxaudite.dll
Successfully Deleted: D:\WINDOWS\system32\mxaudite.dll
deleting: D:\WINDOWS\system32\ovmanage.dll
Successfully Deleted: D:\WINDOWS\system32\ovmanage.dll
deleting: D:\WINDOWS\system32\ovmanage.dll
Successfully Deleted: D:\WINDOWS\system32\ovmanage.dll
deleting: D:\WINDOWS\system32\sacur32.dll
Successfully Deleted: D:\WINDOWS\system32\sacur32.dll
deleting: D:\WINDOWS\system32\sacur32.dll
Successfully Deleted: D:\WINDOWS\system32\sacur32.dll
deleting: D:\WINDOWS\system32\wips.dll
Successfully Deleted: D:\WINDOWS\system32\wips.dll
deleting: D:\WINDOWS\system32\wips.dll
Successfully Deleted: D:\WINDOWS\system32\wips.dll
deleting: D:\WINDOWS\system32\wqhbth.dll
Successfully Deleted: D:\WINDOWS\system32\wqhbth.dll
deleting: D:\WINDOWS\system32\wqhbth.dll
Successfully Deleted: D:\WINDOWS\system32\wqhbth.dll
deleting: D:\WINDOWS\system32\xwsp1res.dll
Successfully Deleted: D:\WINDOWS\system32\xwsp1res.dll
deleting: D:\WINDOWS\system32\xwsp1res.dll
Successfully Deleted: D:\WINDOWS\system32\xwsp1res.dll
deleting: D:\WINDOWS\system32\guard.tmp
Successfully Deleted: D:\WINDOWS\system32\guard.tmp
deleting: D:\WINDOWS\system32\guard.tmp
Successfully Deleted: D:\WINDOWS\system32\guard.tmp
Zipping up files for submission:
adding: cagmgr32.dll (164 bytes security) (deflated 48%)
adding: cqrtcli.dll (164 bytes security) (deflated 48%)
adding: cxmres.dll (164 bytes security) (deflated 48%)
adding: dcvxdec_0407.dll (164 bytes security) (deflated 48%)
adding: ddvoice.dll (164 bytes security) (deflated 48%)
adding: marapi.dll (164 bytes security) (deflated 48%)
adding: mautb.dll (164 bytes security) (deflated 48%)
adding: mgc40u.dll (164 bytes security) (deflated 48%)
adding: mpsystem.dll (164 bytes security) (deflated 48%)
adding: muimsg.dll (164 bytes security) (deflated 48%)
adding: mxaudite.dll (164 bytes security) (deflated 48%)
adding: ovmanage.dll (164 bytes security) (deflated 48%)
adding: sacur32.dll (164 bytes security) (deflated 48%)
adding: wips.dll (164 bytes security) (deflated 48%)
adding: wqhbth.dll (164 bytes security) (deflated 48%)
adding: xwsp1res.dll (164 bytes security) (deflated 48%)
adding: guard.tmp (164 bytes security) (deflated 48%)
adding: clear.reg (164 bytes security) (deflated 55%)
adding: echo.reg (164 bytes security) (deflated 14%)
adding: direct.txt (164 bytes security) (deflated 6%)
adding: lo2.txt (164 bytes security) (deflated 87%)
adding: readme.txt (164 bytes security) (deflated 49%)
adding: test.txt (164 bytes security) (deflated 88%)
adding: test2.txt (164 bytes security) (deflated 36%)
adding: test3.txt (164 bytes security) (deflated 36%)
adding: test5.txt (164 bytes security) (deflated 36%)
adding: xfind.txt (164 bytes security) (deflated 85%)
adding: backregs/09C16CA7-FC50-4894-91E8-75DC0205EE5C.reg (164 bytes security) (deflated 70%)
adding: backregs/104EB31E-03E9-471C-9112-D75C120E477E.reg (164 bytes security) (deflated 70%)
adding: backregs/1D44F68B-17D9-4FBD-B284-8305B76B3FA9.reg (164 bytes security) (deflated 69%)
adding: backregs/4556C666-9FB4-4E25-B087-24806C42222A.reg (164 bytes security) (deflated 70%)
adding: backregs/98A134C1-1E3B-4C1E-8D42-529745594227.reg (164 bytes security) (deflated 70%)
adding: backregs/shell.reg (164 bytes security) (deflated 73%)
Restoring Registry Permissions:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Revoking access for predefined group "Administrators"
Inherited ACE can not be revoked here!
Inherited ACE can not be revoked here!
Registry permissions set too:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access AUTORITE NT\SYSTEM
(IO) ALLOW Full access AUTORITE NT\SYSTEM
(NI) ALLOW Full access AUTORITE NT\SYSTEM
(IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Utilisateurs
(ID-IO) ALLOW Read BUILTIN\Utilisateurs
(ID-NI) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-IO) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-NI) ALLOW Full access BUILTIN\Administrateurs
(ID-IO) ALLOW Full access BUILTIN\Administrateurs
(ID-NI) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administrators ... failed (GetAccountSid(Administrators)=1332
deleting local copy: cagmgr32.dll
deleting local copy: cagmgr32.dll
deleting local copy: cqrtcli.dll
deleting local copy: cqrtcli.dll
deleting local copy: cxmres.dll
deleting local copy: cxmres.dll
deleting local copy: dcvxdec_0407.dll
deleting local copy: dcvxdec_0407.dll
deleting local copy: ddvoice.dll
deleting local copy: ddvoice.dll
deleting local copy: marapi.dll
deleting local copy: marapi.dll
deleting local copy: mautb.dll
deleting local copy: mautb.dll
deleting local copy: mgc40u.dll
deleting local copy: mgc40u.dll
deleting local copy: mpsystem.dll
deleting local copy: mpsystem.dll
deleting local copy: muimsg.dll
deleting local copy: muimsg.dll
deleting local copy: mxaudite.dll
deleting local copy: mxaudite.dll
deleting local copy: ovmanage.dll
deleting local copy: ovmanage.dll
deleting local copy: sacur32.dll
deleting local copy: sacur32.dll
deleting local copy: wips.dll
deleting local copy: wips.dll
deleting local copy: wqhbth.dll
deleting local copy: wqhbth.dll
deleting local copy: xwsp1res.dll
deleting local copy: xwsp1res.dll
deleting local copy: guard.tmp
deleting local copy: guard.tmp
The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
The following are the files found:
****************************************************************************
D:\WINDOWS\system32\cagmgr32.dll
D:\WINDOWS\system32\cagmgr32.dll
D:\WINDOWS\system32\cqrtcli.dll
D:\WINDOWS\system32\cqrtcli.dll
D:\WINDOWS\system32\cxmres.dll
D:\WINDOWS\system32\cxmres.dll
D:\WINDOWS\system32\dcvxdec_0407.dll
D:\WINDOWS\system32\dcvxdec_0407.dll
D:\WINDOWS\system32\ddvoice.dll
D:\WINDOWS\system32\ddvoice.dll
D:\WINDOWS\system32\marapi.dll
D:\WINDOWS\system32\marapi.dll
D:\WINDOWS\system32\mautb.dll
D:\WINDOWS\system32\mautb.dll
D:\WINDOWS\system32\mgc40u.dll
D:\WINDOWS\system32\mgc40u.dll
D:\WINDOWS\system32\mpsystem.dll
D:\WINDOWS\system32\mpsystem.dll
D:\WINDOWS\system32\muimsg.dll
D:\WINDOWS\system32\muimsg.dll
D:\WINDOWS\system32\mxaudite.dll
D:\WINDOWS\system32\mxaudite.dll
D:\WINDOWS\system32\ovmanage.dll
D:\WINDOWS\system32\ovmanage.dll
D:\WINDOWS\system32\sacur32.dll
D:\WINDOWS\system32\sacur32.dll
D:\WINDOWS\system32\wips.dll
D:\WINDOWS\system32\wips.dll
D:\WINDOWS\system32\wqhbth.dll
D:\WINDOWS\system32\wqhbth.dll
D:\WINDOWS\system32\xwsp1res.dll
D:\WINDOWS\system32\xwsp1res.dll
D:\WINDOWS\system32\guard.tmp
D:\WINDOWS\system32\guard.tmp
Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{4556C666-9FB4-4E25-B087-24806C42222A}"=-
"{1D44F68B-17D9-4FBD-B284-8305B76B3FA9}"=-
"{98A134C1-1E3B-4C1E-8D42-529745594227}"=-
"{09C16CA7-FC50-4894-91E8-75DC0205EE5C}"=-
"{104EB31E-03E9-471C-9112-D75C120E477E}"=-
[-HKEY_CLASSES_ROOT\CLSID\{4556C666-9FB4-4E25-B087-24806C42222A}]
[-HKEY_CLASSES_ROOT\CLSID\{1D44F68B-17D9-4FBD-B284-8305B76B3FA9}]
[-HKEY_CLASSES_ROOT\CLSID\{98A134C1-1E3B-4C1E-8D42-529745594227}]
[-HKEY_CLASSES_ROOT\CLSID\{09C16CA7-FC50-4894-91E8-75DC0205EE5C}]
[-HKEY_CLASSES_ROOT\CLSID\{104EB31E-03E9-471C-9112-D75C120E477E}]
REGEDIT4
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************
****************************************************************************
