Sujet Précédent Sujet Suivant

AntivirusGold 2.0

Résolu/Fermé
Sophie - 6 juil. 2005 à 18:45
 JUAN - 31 juil. 2005 à 19:39
Bonjour à tous,
A mon tour, j'ai chope AntivirusGold sur mon pc. Je suis un peu perdu! merci de votre aide
A voir également:

56 réponses

Réponse 1 / 56
Neo-Nil@u Messages postés 1595 Date d'inscription jeudi 10 mars 2005 Statut Contributeur Dernière intervention 8 août 2005 96
6 juil. 2005 à 18:48
Salut Sophie, pour commencer, télécharge HijackThis :
http://www.hijackthis.de/downloads/hijackthis_199.zip
L'aide est ici :
http://www.zebulon.fr/articles/HijackThis.php

*** Dezippe-le dans un dossier prévu à cet effet
Par exemple = C:\hijackthis
*** Lance le puis clique sur "do a system scan and save logfile"
*** Fais un copier coller du log entier sur le forum

@+++
0
Réponse 2 / 56
Sophie
6 juil. 2005 à 18:54
Voila mon rapport


Logfile of HijackThis v1.99.1
Scan saved at 18:50:04, on 06/07/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\msole32.exe
C:\WINDOWS\System32\shnlog.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\dgezf.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\intmon.exe
C:\WINDOWS\System32\MsgSys.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrateur\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oneclicksearches.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.oneclicksearches.com/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oneclicksearches.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.oneclicksearches.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.oneclicksearches.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.oneclicksearches.com/search.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.oneclicksearches.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=explorer.exe, msmsgs.exe
O2 - BHO: VMHomepage Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\WINDOWS\System32\hp8EC2.tmp
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [toolextradalejoy] C:\Documents and Settings\All Users\Application Data\secondobjtoolextra\Owns Browse.exe
O4 - HKLM\..\Run: [helpr] C:\Program Files\SETI\helper.exe -loader -nolog
O4 - HKLM\..\Run: [RegSvr32] C:\WINDOWS\System32\msmsgs.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [BitsMeal] C:\DOCUME~1\ADMINI~1\APPLIC~1\OKAYWA~1\ping user.exe
O4 - HKCU\..\Run: [dgezf] C:\WINDOWS\System32\dgezf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,910,0
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - http://si-home.ath.cx//activex/AMC.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
0
Réponse 3 / 56
Neo-Nil@u Messages postés 1595 Date d'inscription jeudi 10 mars 2005 Statut Contributeur Dernière intervention 8 août 2005 96
6 juil. 2005 à 19:01
Je dois partir ... mais sois patiente ! Quelqu'un de compétent s'occupera de toi !!!
@+++++
0
Réponse 4 / 56
Utilisateur anonyme
6 juil. 2005 à 19:02
salut sophie, neo

telecharge ceci:
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
dezippe le, lance le et choisis l'option 1 (recherche/rapport)
ensuite fais un copier coller du rapport ici.

a+
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 56
Sophie
6 juil. 2005 à 19:08
SmitFraudFix v0.5

Date: 06/07/2005
Executé à partir de:
C:\Documents and Settings\Administrateur\Bureau

Microsoft Windows XP [version 5.1.2600]

»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\


»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS

C:\WINDOWS\popuper.exe PRESENT !
C:\WINDOWS\sites.ini PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system32
Salut moe31, tu prends le relais..lol


C:\WINDOWS\system32\hhk.dll PRESENT !
C:\WINDOWS\system32\hp????.tmp PRESENT !
C:\WINDOWS\system32\intmon.exe PRESENT !
C:\WINDOWS\system32\msmsgs.exe PRESENT !
C:\WINDOWS\system32\msole32.exe PRESENT !
C:\WINDOWS\system32\ole32vbs.exe PRESENT !
C:\WINDOWS\system32\shnlog.exe PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport
0
Réponse 6 / 56
Utilisateur anonyme
6 juil. 2005 à 19:11
salut sophie

oui, je prend le relais ;-)
laisse moi un peu de temps et je te donne la manip.

à tout à l'heure.
0
Réponse 7 / 56
Sophie
6 juil. 2005 à 19:13
ok je compte sur toi
D'avance merci
0
Réponse 8 / 56
Utilisateur anonyme
6 juil. 2005 à 19:30
Déconnecte toi d'internet:

 Vide le cache d'Internet Explorer et supprime les cookies:

* Panneau de configuration >> Options internet >> Onglet "Général"
- Clic sur [supprimer les cookies]
- Clic sur [Supprimer les fichiers] et coche la case "Supprimer tout le contenu hors connexion"
Valide avec ok

 Redémarre en mode sans échec
Laisse passer l'écran du bios, puis tapote sur la touche F8 avant qu'apparaisse l'écran de chargement de windows.
Choisis le mode sans échec dans les options et valide avec entrée.

 Rend visible les fichiers cachés et systeme
panneau de configuration > options des dossiers > onglet affichage
Cocher " afficher les fichiers et dossiers cachés "
Décocher " masquer les extentions des fichiers dont le type est connu
Décocher " masquer les fichiers protégés du système"
clic sur ok pour valider

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_

 Lance hijackthis et clic sur "do a system scan only"
cocher la case au début des lignes suivantes:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oneclicksearches.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.oneclicksearches.com/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oneclicksearches.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.oneclicksearches.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.oneclicksearches.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.oneclicksearches.com/search.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.oneclicksearches.com/

R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=explorer.exe, msmsgs.exe
O2 - BHO: VMHomepage Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\WINDOWS\System32\hp8EC2.tmp
O4 - HKLM\..\Run: [toolextradalejoy] C:\Documents and Settings\All Users\Application Data\secondobjtoolextra
O4 - HKLM\..\Run: [RegSvr32] C:\WINDOWS\System32\msmsgs.exe
O4 - HKCU\..\Run: [BitsMeal] C:\DOCUME~1\ADMINI~1\APPLIC~1\OKAYWA~1\ping user.exe
O4 - HKCU\..\Run: [dgezf] C:\WINDOWS\System32\dgezf.exe
O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - http://si-home.ath.cx//activex/AMC.cab

valider avec [fix checked]

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_

lance smitfraudfix et choisis l'option 2 (fix)
et enregistre le rapport pour pouvoir le recupérer plus tard.

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_

 Recherche et supprime:

Dans le cas ou tu utiliserais la fonction Rechercher:
Assure toi que dans:
Tous les fichiers et tous les dossiers >> Options avancées
• Rechercher dans les dossiers systemes <- DOIT ETRE COCHE !
• Rechercher dans les fichiers et les dossiers cachés <- DOIT ETRE COCHE !
• Rechercher dans les sous-dossiers <- DOIT ETRE COCHE !

Essaye de supprimer les fichiers en suivant le chemin des fichiers infectés avec l'explorateur, plutot que d'utiliser la fonction "Rechercher"

/!\ Attention à l'orthographe et l'endroit ou se trouvent les fichiers, car certains fichiers portent pratiquement le meme nom que des fichiers sains, voir exactement le meme, mais dans des dossiers différents.

S'ils sont présents, supprime:

C:\WINDOWS\System32\dgezf.exe
C:\Documents and Settings\All Users\Application Data\secondobjtoolextra
C:\Documents and Settings\Administrateur\OKAYWA <- le dossier dont le nom commence par

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_

Ensuite, tres important:

:: Supprimer les fichiers temporaires ::

Manuellement:

* C:\Documents and Settings\ton compte\Local Settings\Temp
* C:\Documents and Settings\tous les autres comptes\Local Settings\Temp
* C:\Windows\Temp
vider tout le contenu des dossiers en gras.

:: Le contenu du dossier prefetch ::

* C:\WINDOWS\Prefetch <= sauf le fichier layout.ini

Ou avec Cleanup:
http://pageperso.aol.fr/balltrap34/CleanUp40.exe

* Ne pas oublier de vider la corbeille !

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_

Redemarre normalement et reposte un log hijack pour vérifier l'évolution + le rapport de smitfraudfix

Ne pas oublier après les manips de recacher les fichiers systeme dans les options des dossiers.
Pour des raisons de sécurité évidentes, laisse visible les extentions des fichiers.

Si tu ne les à pas délà, je te conseille d'installer et de scanner ton pc avec:

* Spybot S&D version 1.4:
http://spybot.safer-networking.de/fr/mirrors/index.html
l'aide:
http://assiste.free.fr/p/internet_utilitaires/spybot_search_destroy.php#ssd_02

* Ad-aware 1.06:
http://www.lavasoftusa.com/french/support/download/
l'aide:
http://www.tutopat.com/viewtopic.php?t=1191
Le patch francais:
http://download.lavasoft.de.edgesuite.net/public/pllangs.exe
une fois installé, lance ad-aware, clic sur l'engrenage puis sur interface choisis french et clic sur proceed pour valider.

Les mettre à jours avant d'utiliser ! (voir aide)

a+
0
Réponse 9 / 56
Sophie
6 juil. 2005 à 20:40
Me revoila !!!!!

comment trouve t'on les dossiers en gras pour les temporaires

C:\Documents and Settings\ton compte\Local Settings\Temp
* C:\Documents and Settings\tous les autres comptes\Local Settings\Temp
* C:\Windows\Temp

J'ai de des dossiers mais pas en gras
0
Réponse 10 / 56
Sophie
6 juil. 2005 à 21:26
Bon a priori ca MARCHE !!!!!!!

Voici le rapport de Hijack:




Logfile of HijackThis v1.99.1
Scan saved at 20:57:20, on 06/07/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINDOWS\System32\MsgSys.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Documents and Settings\Administrateur\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.oneclicksearches.com/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oneclicksearches.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.oneclicksearches.com/search.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.oneclicksearches.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [helpr] C:\Program Files\SETI\helper.exe -loader -nolog
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,910,0
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe




Voici le rapport detsmifraudFix:


SmitFraudFix v0.5

Date: 06/07/2005
Executé à partir de:
C:\Documents and Settings\Administrateur\Bureau

Microsoft Windows XP [version 5.1.2600]

»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\


»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport



TOUT SEMBLE OK

Adaware et Spybot n'ont rien trouver

Je te remercie beaucoup et te tiens au courant si je trouve autre chose./

A bientot Sophie
0
Réponse 11 / 56
Utilisateur anonyme
6 juil. 2005 à 22:14
Salut

tu peux cocher celles ci dans hijack

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.oneclicksearches.com/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oneclicksearches.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.oneclicksearches.com/search.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.oneclicksearches.com/

pour les dossiers temp, il ne sont pas en gras dans ton pc, lol
j'ai juste mis en gras le nom du dossier temp, pour que tu ne te trompe pas de dossier ;-)
le but c'est de vider le contenu de ces dossiers.

Est ce que tu as gardé le rapport que je t'avais demandé d'enregistrer quand tu as passé l'option 2 du fix ?

Sinon, ca a l'air ok

a+
0
Réponse 12 / 56
Sopie
6 juil. 2005 à 22:29
J'ai retiré les 4 lignes du fichier Hitjack
Je n'ai pas enregistre l'option 2 du fix................Dommage

Voila, encore un grand merci

a+ Sophie
0
Réponse 13 / 56
Utilisateur anonyme
6 juil. 2005 à 22:41
ben, tant pis pour le rapport.

Content que tout soit ok

a+
0
Réponse 14 / 56
S!Ri Messages postés 931 Date d'inscription jeudi 11 septembre 2003 Statut Contributeur sécurité Dernière intervention 31 juillet 2011 10
6 juil. 2005 à 22:42
Salut

Ca semble bon ;-)
0
Réponse 15 / 56
Utilisateur anonyme
6 juil. 2005 à 22:45
pas de restauration a reactiver ni de fichier a recacher?
0
Réponse 16 / 56
dzadzou
16 juil. 2005 à 17:39
salut
moi aussi j'ai le meme probleme mais mes resultats sont un peu differents

resultat de smithfraudfix
SmitFraudFix v0.7

Rapport fait à 17:41:38,54 le sam. 16/07/2005
Executé à partir de C:\Documents and Settings\dzazdou\Mes documents\Unzipped\SmitfraudFix[1]
OS: Microsoft Windows XP [version 5.1.2600]

»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\


»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS

C:\WINDOWS\screen.html PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system32

C:\WINDOWS\system32\hookdump.exe PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport



resultats de hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 17:47:02, on 16/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\sysal.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\dzazdou\Mes documents\Unzipped\hijackthis_199[1]\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\pkrsq.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\pkrsq.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\pkrsq.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\pkrsq.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\pkrsq.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\pkrsq.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Belgacom Skynet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {64CBC2F6-6BBC-FF4A-8C67-D64BFD312060} - C:\WINDOWS\apiry.dll
O2 - BHO: Class - {A0FE8830-AF81-1E4D-051B-1A46041255D0} - C:\WINDOWS\system32\sysyc32.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {C437648F-5744-78C9-4BC7-77C4AA1C8991} - C:\WINDOWS\d3mf.dll
O2 - BHO: Class - {E95C5454-C210-9E5E-2CEE-9CBA9B6EA8A6} - C:\WINDOWS\winpg.dll
O2 - BHO: Class - {F3A0397E-E3B9-0D76-D1C6-7FA1761B11A6} - C:\WINDOWS\iphv32.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [sysal.exe] C:\WINDOWS\system32\sysal.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunOnce: [apppw.exe] C:\WINDOWS\apppw.exe
O4 - HKLM\..\RunOnce: [sdkwb32.exe] C:\WINDOWS\sdkwb32.exe
O4 - HKLM\..\RunOnce: [addbu.exe] C:\WINDOWS\addbu.exe
O4 - HKLM\..\RunOnce: [iefy.exe] C:\WINDOWS\system32\iefy.exe
O4 - HKLM\..\RunOnce: [sdkks32.exe] C:\WINDOWS\sdkks32.exe
O4 - HKLM\..\RunOnce: [crpx.exe] C:\WINDOWS\system32\crpx.exe
O4 - HKLM\..\RunOnce: [netuz32.exe] C:\WINDOWS\system32\netuz32.exe
O4 - HKLM\..\RunOnce: [mspk32.exe] C:\WINDOWS\mspk32.exe
O4 - HKLM\..\RunOnce: [crxp32.exe] C:\WINDOWS\crxp32.exe
O4 - HKLM\..\RunOnce: [atlra32.exe] C:\WINDOWS\system32\atlra32.exe
O4 - HKLM\..\RunOnce: [addnc32.exe] C:\WINDOWS\system32\addnc32.exe
O4 - HKLM\..\RunOnce: [netgy.exe] C:\WINDOWS\netgy.exe
O4 - HKLM\..\RunOnce: [winfg32.exe] C:\WINDOWS\winfg32.exe
O4 - HKLM\..\RunOnce: [winzx32.exe] C:\WINDOWS\winzx32.exe
O4 - HKLM\..\RunOnce: [netas32.exe] C:\WINDOWS\system32\netas32.exe
O4 - HKLM\..\RunOnce: [addfm.exe] C:\WINDOWS\addfm.exe
O4 - HKLM\..\RunOnce: [d3nd32.exe] C:\WINDOWS\d3nd32.exe
O4 - HKLM\..\RunOnce: [javava32.exe] C:\WINDOWS\javava32.exe
O4 - HKLM\..\RunOnce: [syscj32.exe] C:\WINDOWS\syscj32.exe
O4 - HKLM\..\RunOnce: [javail.exe] C:\WINDOWS\javail.exe
O4 - HKLM\..\RunOnce: [javacf32.exe] C:\WINDOWS\javacf32.exe
O4 - HKLM\..\RunOnce: [mfchz.exe] C:\WINDOWS\mfchz.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.skynet.be
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/zenpuzzlegarden/miniclipGameLoader.dll
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CF69CFF1-526E-4B72-9614-F410022DB1EB}: NameServer = 195.238.2.21 195.238.2.22
O23 - Service: Network Security Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\mspk32.exe" /s (file missing)
O23 - Service: Client de licence CA (CA_LIC_CLNT) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe (file missing)
O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe (file missing)
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COM


ce serait genial si vous pouviez m'aider
merci d'avance
0
Réponse 17 / 56
balltrap34 Messages postés 16240 Date d'inscription jeudi 8 janvier 2004 Statut Contributeur sécurité Dernière intervention 28 novembre 2009 331
16 juil. 2005 à 17:46
salut
telecharge ceci
http://www.downloads.subratam.org/l2mfix.exe
decompresse le double clik sur l2mfix.bat appuie sur n importe quelle touche et ensuite choisi l option 1
attend il vas faire un rapport fait un copier coller de celui ci
ne fait surtout rien d autres
0
Réponse 18 / 56
dzadzou
16 juil. 2005 à 19:09
L2MFIX find log 1.03
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
"SKY11"="IEAKSkynet"

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class"
"{DCED20BE-3645-11D4-BC95-00C04F0E0588}"="InoShell"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{E0D79304-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79305-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79306-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79307-84BE-11CE-9641-444553540000}"="WinZip"
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper"

**********************************************************************************
HKEY ROOT CLASSIDS:
**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
addcd.dll Thu 30 Jun 2005 23:15:54 ..... 84.642 82,66 K
addcq.dll Sat 2 Jul 2005 21:30:16 ..... 84.642 82,66 K
addjp.dll Tue 28 Jun 2005 2:59:14 ..... 84.642 82,66 K
addng.dll Thu 30 Jun 2005 18:18:46 A.... 84.642 82,66 K
addwl.dll Tue 21 Jun 2005 16:38:24 ..... 84.642 82,66 K
addzl32.dll Tue 21 Jun 2005 1:26:34 A.... 84.642 82,66 K
addzz32.dll Sat 25 Jun 2005 18:30:22 A.... 0 0,00 K
apibd32.dll Mon 4 Jul 2005 22:01:06 ..... 84.642 82,66 K
apigg32.dll Wed 29 Jun 2005 2:52:14 ..... 84.642 82,66 K
appgh32.dll Sun 19 Jun 2005 20:26:40 A.... 0 0,00 K
appza32.dll Wed 8 Jun 2005 17:54:20 ..... 84.642 82,66 K
atlgu.dll Tue 21 Jun 2005 19:35:20 ..... 84.642 82,66 K
atlld.dll Fri 24 Jun 2005 15:24:30 ..... 84.642 82,66 K
atlop.dll Sat 11 Jun 2005 15:03:34 ..... 84.642 82,66 K
atlxo32.dll Wed 8 Jun 2005 16:40:38 ..... 84.642 82,66 K
bquwk.dll Sat 16 Jul 2005 3:22:38 A.... 66.560 65,00 K
browseui.dll Mon 2 May 2005 22:57:10 A.... 1.020.416 996,50 K
cdfview.dll Mon 2 May 2005 22:57:10 A.... 152.064 148,50 K
cdm.dll Thu 26 May 2005 4:16:24 A.... 75.544 73,77 K
cnmmo.dll Thu 23 Jun 2005 1:24:10 A.... 0 0,00 K
crnf32.dll Wed 13 Jul 2005 9:41:02 ..... 84.642 82,66 K
crok32.dll Tue 12 Jul 2005 13:14:00 ..... 84.642 82,66 K
crxg.dll Sat 25 Jun 2005 8:23:50 ..... 84.642 82,66 K
d3ef.dll Fri 1 Jul 2005 8:45:42 A.... 84.642 82,66 K
d3mv.dll Thu 23 Jun 2005 8:51:38 ..... 84.642 82,66 K
ddged.dll Fri 10 Jun 2005 23:10:28 A.... 0 0,00 K
fytvw.dll Mon 4 Jul 2005 10:35:56 A.... 0 0,00 K
gignh.dll Tue 28 Jun 2005 23:00:50 A.... 66.560 65,00 K
hhsetup.dll Fri 27 May 2005 4:08:06 A.... 41.472 40,50 K
icm32.dll Wed 29 Jun 2005 3:49:42 A.... 254.976 249,00 K
iebz32.dll Fri 15 Jul 2005 6:00:14 ..... 84.642 82,66 K
ielt.dll Wed 22 Jun 2005 15:20:16 A.... 84.642 82,66 K
iepeers.dll Mon 2 May 2005 22:57:10 A.... 250.880 245,00 K
ieqv32.dll Sun 3 Jul 2005 8:45:18 ..... 84.642 82,66 K
iern.dll Sun 19 Jun 2005 23:19:40 A.... 0 0,00 K
ieto32.dll Sat 2 Jul 2005 2:54:28 ..... 84.642 82,66 K
ietp32.dll Thu 30 Jun 2005 23:50:56 ..... 84.642 82,66 K
iets32.dll Thu 16 Jun 2005 15:15:16 ..... 84.642 82,66 K
iewe.dll Sun 19 Jun 2005 6:38:16 A.... 0 0,00 K
inseng.dll Mon 2 May 2005 22:57:12 A.... 96.768 94,50 K
ipkp.dll Wed 29 Jun 2005 8:32:34 ..... 84.642 82,66 K
ipow32.dll Wed 22 Jun 2005 14:03:58 ..... 84.642 82,66 K
ipvw.dll Mon 13 Jun 2005 16:18:54 A.... 0 0,00 K
ipwb32.dll Mon 20 Jun 2005 15:56:46 ..... 84.642 82,66 K
itircl.dll Fri 27 May 2005 4:08:06 A.... 155.136 151,50 K
itss.dll Fri 27 May 2005 4:08:06 A.... 137.216 134,00 K
iuengine.dll Thu 26 May 2005 4:16:24 A.... 198.424 193,77 K
javadf.dll Sun 10 Jul 2005 19:47:22 ..... 84.642 82,66 K
javahr32.dll Mon 27 Jun 2005 0:36:16 ..... 84.642 82,66 K
javaow.dll Tue 21 Jun 2005 13:20:20 ..... 84.642 82,66 K
javaxl.dll Sun 19 Jun 2005 2:58:58 ..... 84.642 82,66 K
javazw32.dll Thu 23 Jun 2005 18:13:14 ..... 84.642 82,66 K
kpqrc.dll Wed 15 Jun 2005 9:06:44 A.... 0 0,00 K
loplm.dll Sun 12 Jun 2005 13:38:58 A.... 0 0,00 K
ltanu.dll Sun 12 Jun 2005 18:55:08 A.... 0 0,00 K
mfcel.dll Tue 5 Jul 2005 12:53:38 ..... 84.642 82,66 K
mfcgy.dll Wed 6 Jul 2005 3:45:48 ..... 84.642 82,66 K
mfcpo.dll Sun 26 Jun 2005 7:16:18 ..... 84.642 82,66 K
mfcqi32.dll Tue 28 Jun 2005 5:23:30 ..... 84.642 82,66 K
mfczq32.dll Sat 9 Jul 2005 13:41:20 ..... 84.642 82,66 K
mscms.dll Wed 29 Jun 2005 3:49:42 A.... 74.240 72,50 K
msev32.dll Sun 19 Jun 2005 1:13:28 ..... 84.642 82,66 K
mshtml.dll Mon 2 May 2005 22:57:12 A.... 3.011.072 2,87 M
mshtmled.dll Mon 2 May 2005 22:57:12 A.... 448.512 438,00 K
msi.dll Wed 4 May 2005 14:45:32 A.... 2.890.240 2,75 M
msihnd.dll Wed 4 May 2005 14:45:36 A.... 271.360 265,00 K
msimsg.dll Wed 4 May 2005 14:45:36 A.... 884.736 864,00 K
msisip.dll Wed 4 May 2005 14:45:36 A.... 15.360 15,00 K
msrating.dll Mon 2 May 2005 22:57:12 A.... 146.432 143,00 K
msuj32.dll Tue 21 Jun 2005 22:22:40 ..... 84.642 82,66 K
msxo.dll Sat 25 Jun 2005 1:42:56 ..... 84.642 82,66 K
netdw32.dll Fri 1 Jul 2005 9:22:26 A.... 0 0,00 K
netej.dll Mon 4 Jul 2005 13:35:14 ..... 84.642 82,66 K
netld32.dll Mon 20 Jun 2005 21:19:48 ..... 84.642 82,66 K
netoi32.dll Sun 12 Jun 2005 11:34:08 ..... 84.642 82,66 K
ntaq32.dll Tue 28 Jun 2005 17:44:06 A.... 84.642 82,66 K
ntfj32.dll Tue 21 Jun 2005 20:26:18 ..... 84.642 82,66 K
ntgb32.dll Tue 14 Jun 2005 7:58:12 ..... 84.642 82,66 K
ntpb.dll Mon 20 Jun 2005 10:22:40 ..... 84.642 82,66 K
ntqd32.dll Thu 30 Jun 2005 13:17:20 A.... 0 0,00 K
nv4_disp.dll Thu 12 May 2005 0:34:00 A.... 3.879.808 3,70 M
nvcod.dll Thu 12 May 2005 0:34:00 A.... 32.768 32,00 K
nvcodins.dll Thu 12 May 2005 0:34:00 A.... 32.768 32,00 K
nvcpl.dll Thu 12 May 2005 0:34:00 A.... 6.729.728 6,42 M
nvhwvid.dll Thu 12 May 2005 0:34:00 A.... 540.672 528,00 K
nview.dll Thu 12 May 2005 0:34:00 A.... 1.462.272 1,39 M
nvmctray.dll Thu 12 May 2005 0:34:00 A.... 86.016 84,00 K
nvnt4cpl.dll Thu 12 May 2005 0:34:00 A.... 286.720 280,00 K
nvoglnt.dll Thu 12 May 2005 0:34:00 A.... 5.132.288 4,89 M
nvrsar.dll Thu 12 May 2005 0:34:00 A.... 315.392 308,00 K
nvrscs.dll Thu 12 May 2005 0:34:00 A.... 233.472 228,00 K
nvrsda.dll Thu 12 May 2005 0:34:00 A.... 241.664 236,00 K
nvrsde.dll Thu 12 May 2005 0:34:00 A.... 266.240 260,00 K
nvrsel.dll Thu 12 May 2005 0:34:00 A.... 270.336 264,00 K
nvrseng.dll Thu 12 May 2005 0:34:00 A.... 233.472 228,00 K
nvrses.dll Thu 12 May 2005 0:34:00 A.... 270.336 264,00 K
nvrsesm.dll Thu 12 May 2005 0:34:00 A.... 262.144 256,00 K
nvrsfi.dll Thu 12 May 2005 0:34:00 A.... 233.472 228,00 K
nvrsfr.dll Thu 12 May 2005 0:34:00 A.... 270.336 264,00 K
nvrshe.dll Thu 12 May 2005 0:34:00 A.... 311.296 304,00 K
nvrshu.dll Thu 12 May 2005 0:34:00 A.... 245.760 240,00 K
nvrsit.dll Thu 12 May 2005 0:34:00 A.... 266.240 260,00 K
nvrsja.dll Thu 12 May 2005 0:34:00 A.... 253.952 248,00 K
nvrsko.dll Thu 12 May 2005 0:34:00 A.... 249.856 244,00 K
nvrsnl.dll Thu 12 May 2005 0:34:00 A.... 262.144 256,00 K
nvrsno.dll Thu 12 May 2005 0:34:00 A.... 241.664 236,00 K
nvrspl.dll Thu 12 May 2005 0:34:00 A.... 241.664 236,00 K
nvrspt.dll Thu 12 May 2005 0:34:00 A.... 258.048 252,00 K
nvrsptb.dll Thu 12 May 2005 0:34:00 A.... 253.952 248,00 K
nvrsru.dll Thu 12 May 2005 0:34:00 A.... 258.048 252,00 K
nvrssk.dll Thu 12 May 2005 0:34:00 A.... 245.760 240,00 K
nvrssl.dll Thu 12 May 2005 0:34:00 A.... 241.664 236,00 K
nvrssv.dll Thu 12 May 2005 0:34:00 A.... 241.664 236,00 K
nvrstr.dll Thu 12 May 2005 0:34:00 A.... 245.760 240,00 K
nvrszhc.dll Thu 12 May 2005 0:34:00 A.... 212.992 208,00 K
nvrszht.dll Thu 12 May 2005 0:34:00 A.... 114.688 112,00 K
nvshell.dll Thu 12 May 2005 0:34:00 A.... 466.944 456,00 K
nvwddi.dll Thu 12 May 2005 0:34:00 A.... 81.920 80,00 K
nvwdmcpl.dll Thu 12 May 2005 0:34:00 A.... 1.662.976 1,59 M
nvwimg.dll Thu 12 May 2005 0:34:00 A.... 1.019.904 996,00 K
nvwrsar.dll Thu 12 May 2005 0:34:00 A.... 282.624 276,00 K
nvwrscs.dll Thu 12 May 2005 0:34:00 A.... 286.720 280,00 K
nvwrsda.dll Thu 12 May 2005 0:34:00 A.... 294.912 288,00 K
nvwrsde.dll Thu 12 May 2005 0:34:00 A.... 311.296 304,00 K
nvwrsel.dll Thu 12 May 2005 0:34:00 A.... 335.872 328,00 K
nvwrseng.dll Thu 12 May 2005 0:34:00 A.... 286.720 280,00 K
nvwrses.dll Thu 12 May 2005 0:34:00 A.... 335.872 328,00 K
nvwrsesm.dll Thu 12 May 2005 0:34:00 A.... 327.680 320,00 K
nvwrsfi.dll Thu 12 May 2005 0:34:00 A.... 303.104 296,00 K
nvwrsfr.dll Thu 12 May 2005 0:34:00 A.... 327.680 320,00 K
nvwrshe.dll Thu 12 May 2005 0:34:00 A.... 278.528 272,00 K
nvwrshu.dll Thu 12 May 2005 0:34:00 A.... 315.392 308,00 K
nvwrsit.dll Thu 12 May 2005 0:34:00 A.... 323.584 316,00 K
nvwrsja.dll Thu 12 May 2005 0:34:00 A.... 212.992 208,00 K
nvwrsko.dll Thu 12 May 2005 0:34:00 A.... 200.704 196,00 K
nvwrsnl.dll Thu 12 May 2005 0:34:00 A.... 319.488 312,00 K
nvwrsno.dll Thu 12 May 2005 0:34:00 A.... 299.008 292,00 K
nvwrspl.dll Thu 12 May 2005 0:34:00 A.... 294.912 288,00 K
nvwrspt.dll Thu 12 May 2005 0:34:00 A.... 323.584 316,00 K
nvwrsptb.dll Thu 12 May 2005 0:34:00 A.... 319.488 312,00 K
nvwrsru.dll Thu 12 May 2005 0:34:00 A.... 315.392 308,00 K
nvwrssk.dll Thu 12 May 2005 0:34:00 A.... 299.008 292,00 K
nvwrssl.dll Thu 12 May 2005 0:34:00 A.... 303.104 296,00 K
nvwrssv.dll Thu 12 May 2005 0:34:00 A.... 294.912 288,00 K
nvwrstr.dll Thu 12 May 2005 0:34:00 A.... 303.104 296,00 K
nvwrszhc.dll Thu 12 May 2005 0:34:00 A.... 167.936 164,00 K
nvwrszht.dll Thu 12 May 2005 0:34:00 A.... 172.032 168,00 K
oannm.dll Fri 24 Jun 2005 7:33:54 A.... 0 0,00 K
ofmyn.dll Sun 26 Jun 2005 22:19:34 A.... 66.560 65,00 K
pngfilt.dll Mon 2 May 2005 22:57:12 A.... 39.424 38,50 K
qohbs.dll Sat 16 Jul 2005 5:39:32 A.... 66.560 65,00 K
rqami.dll Tue 12 Jul 2005 10:32:06 A.... 66.560 65,00 K
s32evnt1.dll Fri 13 May 2005 19:50:10 A.... 91.856 89,70 K
sdkbw.dll Sat 25 Jun 2005 20:19:32 ..... 84.642 82,66 K
sdkik32.dll Wed 29 Jun 2005 7:18:54 ..... 84.642 82,66 K
sdkkg.dll Fri 17 Jun 2005 22:04:22 ..... 84.642 82,66 K
sdkkp32.dll Sat 25 Jun 2005 23:04:06 ..... 84.642 82,66 K
sdksf.dll Sat 25 Jun 2005 6:19:28 ..... 84.642 82,66 K
sdkyv.dll Sun 3 Jul 2005 20:48:14 ..... 84.642 82,66 K
sdkzj.dll Sat 25 Jun 2005 5:34:30 ..... 84.642 82,66 K
shdocvw.dll Mon 2 May 2005 22:57:12 A.... 1.484.288 1,41 M
shktj.dll Mon 4 Jul 2005 23:21:24 A.... 66.560 65,00 K
shlwapi.dll Mon 2 May 2005 22:57:12 A.... 474.112 463,00 K
syssi32.dll Fri 8 Jul 2005 15:29:32 ..... 84.642 82,66 K
sysyc32.dll Mon 11 Jul 2005 1:51:06 ..... 84.642 82,66 K
sysyl32.dll Thu 30 Jun 2005 12:21:06 ..... 84.642 82,66 K
tcyrn.dll Mon 27 Jun 2005 18:55:42 A.... 0 0,00 K
tfziw.dll Fri 15 Jul 2005 12:58:38 A.... 66.560 65,00 K
urlmon.dll Mon 2 May 2005 22:57:12 A.... 605.696 591,50 K
winhb32.dll Fri 17 Jun 2005 6:23:04 A.... 84.642 82,66 K
wininet.dll Mon 2 May 2005 22:57:12 A.... 662.016 646,50 K
winqx.dll Fri 1 Jul 2005 4:38:56 ..... 84.642 82,66 K
winuc.dll Mon 13 Jun 2005 10:54:06 ..... 84.642 82,66 K
wuapi.dll Thu 26 May 2005 4:16:30 A.... 467.224 456,27 K
wuaueng.dll Thu 26 May 2005 4:16:30 A.... 1.343.768 1,28 M
wuaueng1.dll Thu 26 May 2005 4:16:32 A.... 195.352 190,77 K
wucltui.dll Thu 26 May 2005 4:16:32 A.... 128.792 125,77 K
wups.dll Thu 26 May 2005 4:16:30 A.... 41.240 40,27 K
wups2.dll Thu 26 May 2005 4:16:30 A.... 18.200 17,77 K
wuweb.dll Thu 26 May 2005 4:16:30 A.... 173.536 169,47 K
xpsp3res.dll Tue 17 May 2005 2:42:14 ..... 16.896 16,50 K
zoouv.dll Wed 22 Jun 2005 6:39:56 A.... 66.560 65,00 K

182 items found: 182 files, 0 directories.
Total of file sizes: 57.470.696 bytes 54,80 M
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
Le volume dans le lecteur C s'appelle BOOT
Le num‚ro de s‚rie du volume est 646C-6A9F

R‚pertoire de C:\WINDOWS\System32

02/07/2005 14:01 <REP> dllcache
25/06/2004 17:25 <REP> Microsoft
0 fichier(s) 0 octets
2 R‚p(s) 83.056.336.896 octets libres
0
Réponse 19 / 56
balltrap34 Messages postés 16240 Date d'inscription jeudi 8 janvier 2004 Statut Contributeur sécurité Dernière intervention 28 novembre 2009 331
16 juil. 2005 à 19:42
non
relance l2mfix et cette fois clik sur l option 2 et donne le rapport
ensuite relance le fix smitfraud et fait l option 2 et donne aussi le rapport et refait un hijack
0
Réponse 20 / 56
dzadzou
16 juil. 2005 à 22:14
et de un:

L2Mfix 1.03a

Running From:
C:\Documents and Settings\dzazdou\Bureau\l2mfix



RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(ID-NI) ALLOW Read BUILTIN\Utilisateurs
(ID-IO) ALLOW Read BUILTIN\Utilisateurs
(ID-NI) ALLOW Full access BUILTIN\Administrateurs
(ID-IO) ALLOW Full access BUILTIN\Administrateurs
(ID-NI) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE



Setting registry permissions:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Denying C(CI) access for predefined group "Administrators"
- adding new ACCESS DENY entry


Registry Permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(CI) DENY --C------- BUILTIN\Administrateurs
(ID-NI) ALLOW Read BUILTIN\Utilisateurs
(ID-IO) ALLOW Read BUILTIN\Utilisateurs
(ID-NI) ALLOW Full access BUILTIN\Administrateurs
(ID-IO) ALLOW Full access BUILTIN\Administrateurs
(ID-NI) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE



Setting up for Reboot


Starting Reboot!

C:\Documents and Settings\dzazdou\Bureau\l2mfix
System Rebooted!

Running From:
C:\Documents and Settings\dzazdou\Bureau\l2mfix

killing explorer and rundll32.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1204 'explorer.exe'
Killing PID 1204 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Error, Cannot find a process with an image name of rundll32.exe

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!

Zipping up files for submission:
adding: clear.reg (164 bytes security) (deflated 2%)
adding: echo.reg (164 bytes security) (deflated 9%)
adding: direct.txt (164 bytes security) (stored 0%)
adding: lo2.txt (164 bytes security) (deflated 70%)
adding: readme.txt (164 bytes security) (deflated 49%)
adding: report.txt (164 bytes security) (deflated 71%)
adding: test.txt (164 bytes security) (stored 0%)
adding: test2.txt (164 bytes security) (stored 0%)
adding: test3.txt (164 bytes security) (stored 0%)
adding: test5.txt (164 bytes security) (stored 0%)
adding: backregs/shell.reg (164 bytes security) (deflated 74%)

Restoring Registry Permissions:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Revoking access for predefined group "Administrators"
Inherited ACE can not be revoked here!
Inherited ACE can not be revoked here!


Registry permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(ID-NI) ALLOW Read BUILTIN\Utilisateurs
(ID-IO) ALLOW Read BUILTIN\Utilisateurs
(ID-NI) ALLOW Full access BUILTIN\Administrateurs
(ID-IO) ALLOW Full access BUILTIN\Administrateurs
(ID-NI) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE


Restoring Sedebugprivilege:

Granting SeDebugPrivilege to Administrators ... failed (GetAccountSid(Administrators)=1332


The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


The following are the files found:
****************************************************************************

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************
****************************************************************************

0

Discussions similaires

[DVD] différence entre une piste 2.0 et 5.1 ?
ROSE -
Lepitinicolas -

2 réponses
telecharger Opengl 2.0
KeN -
java0707 -

8 réponses
Où télécharger OpenGL SVP ?
Stephyfr -
YounessX3 -

68 réponses
problème de OpenGL 2.0
startime -
startime -

6 réponses