Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

IE windows popup: http://www.searc-h.com/normal/y [RESOLVED]


  • This topic is locked This topic is locked

#1
Elodie

Elodie

    Member

  • Member
  • PipPip
  • 11 posts
Hi,

I have this problem for about one month now. When I am connected on internet a lot of IE windows open themselves. :tazz:

Most of them have the URL:http://www.searc-h.com/normal/yyy102.html, but the contents are some advert like Meetics, Casino on line or other.

I installed a lot of software to try to remove this problem but it still here :) : SpyDoctor, Adware, TuneUp, RegisteryMechanic.... I have Symantec antivirus and ZoneAlarm Firewall installed.

I have seen several solutions on the forum recommending download LQFix (http://users.pandora...atchy/LQfix.zip) but the link does not link.

It seems that more I try to solve the problem more I have windows, PLEASE HELP ME!!!! :)

Thanks a lot in advance
Elodie



here below is my Hijack log:

************************
Logfile of HijackThis v1.99.1
Scan saved at 15:55:26, on 21/09/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINNT\System32\locator.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\TOSHIBA\TME2\Tmesrv2.exe
C:\WINNT\SYSTEM32\ZONELABS\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\TPWRTRAY.EXE
C:\WINNT\system32\Promon.exe
C:\Program Files\MSN Apps\Updater\01.03.0000.1005\fr\msnappau.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Fichiers communs\RTE\RTEGPRS.exe
C:\Program Files\TOSHIBA\NetDevSw\NetDevSW.exe
C:\Program Files\Dexxa Optical Mouse\scw64.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\system32\ntvdm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Ultralingua\Ultralingua French-English\ultralingua.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Personnel\Download\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://support.free.fr/proxu.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME2\TMESRV2.EXE /logon
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\fr\msnappau.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [RTEGPRS] "C:\Program Files\Fichiers communs\RTE\RTEGPRS.exe" tray
O4 - Global Startup: Network Device Switch.lnk = C:\Program Files\TOSHIBA\NetDevSw\NetDevSW.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Dexxa Optical Mouse.lnk = C:\Program Files\Dexxa Optical Mouse\scw64.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O10 - Broken Internet access because of LSP provider 'c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll' missing
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z....iTunesSetup.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1127225458419
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgall..._1/axofupld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsec...scan/axscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = nice.steria.fr
O17 - HKLM\System\CCS\Services\Tcpip\..\{0A7E6F95-F2B0-408E-BBEB-EE8B6536BE62}: NameServer = 10.50.201.53,10.2.0.2,10.1.0.50
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = nice.steria.fr
O17 - HKLM\System\CS1\Services\Tcpip\..\{0A7E6F95-F2B0-408E-BBEB-EE8B6536BE62}: NameServer = 10.50.201.53,10.2.0.2,10.1.0.50
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = nice.steria.fr
O17 - HKLM\System\CS2\Services\Tcpip\..\{0A7E6F95-F2B0-408E-BBEB-EE8B6536BE62}: NameServer = 10.50.201.53,10.2.0.2,10.1.0.50
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O20 - Winlogon Notify: ShellCompatibility - C:\WINNT\system32\enj4l11q1.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: ET dll Locator (frepdll.exe) - Unknown owner - C:\WINNT\frepdll.exe (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MailEnable List Connector (MELCS) - Unknown owner - C:\Program Files\Mail Enable\BIN\MELSC.EXE
O23 - Service: MailEnable Mail Transfer Agent (MEMTAS) - Unknown owner - C:\Program Files\Mail Enable\BIN\MEMTA.EXE
O23 - Service: MailEnable Postoffice Connector (MEPOCS) - Unknown owner - C:\Program Files\Mail Enable\BIN\MEPOC.EXE
O23 - Service: MailEnable POP Service (MEPOPS) - Unknown owner - C:\Program Files\Mail Enable\BIN\MEPOPS.EXE
O23 - Service: MailEnable SMTP Connector (MESMTPCS) - Unknown owner - C:\Program Files\Mail Enable\BIN\MESMTPC.EXE
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Pivotal Active Notification - Pivotal Software Inc. - C:\Program Files\Pivotal\Relation\nserverc.exe
O23 - Service: Tmesrv2 (Tmesrv) - Unknown owner - C:\Program Files\TOSHIBA\TME2\Tmesrv2.exe" /Service (file missing)
O23 - Service: Apache Tomcat (Tomcat5) - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Tomcat 5.0\bin\tomcat.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\SYSTEM32\ZONELABS\vsmon.exe

*******************************************

Edited by Elodie, 27 August 2005 - 10:40 AM.

  • 0

Advertisements


#2
miekiemoes

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Hello,

Download L2mfix from one of these two locations:

http://www.atribune....oads/l2mfix.exe
http://www.downloads....org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!

Also, it is really important you tell me if you get any errors while performing this. :-)
  • 0

#3
Elodie

Elodie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Thank you very much Miekiemoes for helping me!


Here below is the report:

******************
L2MFIX find log 1.04
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
"Asynchronous"=dword:00000000
"DllName"=""
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
"DllName"="C:\\WINNT\\system32\\NavLogon.dll"
"StartShell"="NavStartShellEvent"
"Logoff"="NavLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ShellScrap]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINNT\\system32\\en0ol1d31.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access AUTORITE NT\SYSTEM
(IO) ALLOW Full access AUTORITE NT\SYSTEM
(NI) ALLOW Full access AUTORITE NT\SYSTEM
(IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Utilisateurs
(ID-IO) ALLOW Read BUILTIN\Utilisateurs
(ID-NI) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-IO) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-NI) ALLOW Full access BUILTIN\Administrateurs
(ID-IO) ALLOW Full access BUILTIN\Administrateurs
(ID-NI) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE


**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{DC605352-0AEB-0FE3-B166-18A3A654ECEA}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{E1683449-6FB5-49AE-9636-542E302D9746}"=""
"{2EF0D642-8081-49B6-A7CA-BCBF166B6EAC}"=""
"{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}"="TuneUp Shredder Shell Context Menu Extension"
"{F8E3350F-8F4B-4077-8E8A-ECB13345F130}"=""
"{BDA77241-42F6-11d0-85E2-00AA001FE28C}"="LDVP Shell Extensions"
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"="AVG7 Shell Extension"
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}"="AVG7 Find Extension"
"{60347437-A299-4682-9F58-B7068B4EB31E}"=""
"{55BC1752-E817-414D-B901-ED61E78F4945}"=""

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{E1683449-6FB5-49AE-9636-542E302D9746}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E1683449-6FB5-49AE-9636-542E302D9746}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E1683449-6FB5-49AE-9636-542E302D9746}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E1683449-6FB5-49AE-9636-542E302D9746}\InprocServer32]
@="C:\\WINNT\\system32\\dktmsft.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{F8E3350F-8F4B-4077-8E8A-ECB13345F130}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F8E3350F-8F4B-4077-8E8A-ECB13345F130}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F8E3350F-8F4B-4077-8E8A-ECB13345F130}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F8E3350F-8F4B-4077-8E8A-ECB13345F130}\InprocServer32]
@="C:\\WINNT\\system32\\IE41_QC.DLL"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{55BC1752-E817-414D-B901-ED61E78F4945}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{55BC1752-E817-414D-B901-ED61E78F4945}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{55BC1752-E817-414D-B901-ED61E78F4945}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{55BC1752-E817-414D-B901-ED61E78F4945}\InprocServer32]
@="C:\\WINNT\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINNT\SYSTEM32\
hashlib.dll Tue 12 Jul 2005 15:35:14 A.... 117 976 115,21 K
tsidxp.dll Sun 21 Aug 2005 10:15:28 ..S.R 235 131 229,62 K
dgmodemx.dll Fri 8 Jul 2005 12:42:42 ..S.R 236 071 230,54 K
wahfr.dll Thu 21 Jul 2005 21:41:12 ..S.R 236 156 230,62 K
eh.dll Wed 13 Jul 2005 22:39:26 ..S.R 234 201 228,71 K
mpiwave.dll Mon 1 Aug 2005 21:21:16 ..S.R 233 248 227,78 K
oge32.dll Wed 13 Jul 2005 11:52:48 ..S.R 235 842 230,31 K
spmsg.dll Sat 2 Jul 2005 4:53:22 ..... 14 560 14,22 K
ibign32.dll Tue 16 Aug 2005 21:01:52 ..S.R 236 213 230,68 K
rccres.dll Fri 19 Aug 2005 22:43:56 ..S.R 233 262 227,79 K
mpxclu.dll Fri 19 Aug 2005 13:05:34 ..S.R 233 281 227,81 K
fixmapi.dll Sat 25 Jun 2005 18:45:12 ..S.R 236 186 230,65 K
tapisrv.dll Sat 2 Jul 2005 13:30:20 A.... 175 888 171,77 K
dktmsft.dll Thu 22 Sep 2005 3:29:18 ..S.R 233 281 227,81 K
ode32.dll Fri 29 Jul 2005 19:25:32 ..S.R 234 272 228,78 K
lirmonui.dll Sat 20 Aug 2005 20:44:22 ..S.R 233 281 227,81 K
wznstrm.dll Sat 20 Aug 2005 0:28:00 ..S.R 233 281 227,81 K
rbelm.dll Fri 29 Jul 2005 19:32:40 ..S.R 233 248 227,78 K
czbcatex.dll Sat 20 Aug 2005 0:47:32 ..S.R 233 281 227,81 K
umpnpmgr.dll Wed 29 Jun 2005 8:45:22 A.... 90 384 88,27 K
spoolss.dll Wed 13 Jul 2005 9:22:08 A.... 81 168 79,27 K
cfrpol.dll Sat 25 Jun 2005 22:56:50 ..S.R 235 828 230,30 K
cnmuid.dll Sun 26 Jun 2005 11:58:34 ..S.R 235 839 230,31 K
jtmi500.dll Sat 16 Jul 2005 11:47:32 ..S.R 234 272 228,78 K
nsdsa.dll Sun 26 Jun 2005 12:12:20 ..S.R 233 337 227,87 K
dlcpcsvc.dll Sun 26 Jun 2005 18:07:10 ..S.R 235 560 230,04 K
eisec32.dll Mon 27 Jun 2005 19:06:38 ..S.R 233 314 227,84 K
kcdfr.dll Fri 15 Jul 2005 23:39:38 ..S.R 234 201 228,71 K
labmp60n.dll Sat 16 Jul 2005 11:47:40 ..S.R 234 272 228,78 K
itetcomm.dll Sun 26 Jun 2005 14:07:42 ..S.R 235 839 230,31 K
sworder.dll Sat 20 Aug 2005 0:36:44 ..S.R 235 131 229,62 K
svvsvc.dll Sat 23 Jul 2005 22:26:08 ..S.R 233 248 227,78 K
taflog.dll Sun 21 Aug 2005 22:56:16 ..S.R 233 281 227,81 K
mshtml.dll Tue 19 Jul 2005 12:39:30 A.... 2 699 264 2,57 M
o0pq0a~1.dll Tue 20 Sep 2005 11:32:18 ..S.R 233 969 228,48 K
win32spl.dll Wed 13 Jul 2005 9:22:08 A.... 88 848 86,77 K
faxui.dll Wed 13 Jul 2005 9:22:08 A.... 142 096 138,77 K
ceonts.dll Sat 16 Jul 2005 13:06:28 ..S.R 234 272 228,78 K
rkboex32.dll Wed 13 Jul 2005 12:43:36 ..S.R 235 842 230,31 K
en0ol1~1.dll Tue 20 Sep 2005 17:32:48 ..S.R 233 281 227,81 K
misystem.dll Tue 5 Jul 2005 14:16:02 ..S.R 236 288 230,75 K
icm32.dll Wed 29 Jun 2005 9:31:08 A.... 246 032 240,27 K
org.dll Sun 26 Jun 2005 17:33:10 ..S.R 233 601 228,13 K
azpmgr.dll Mon 27 Jun 2005 19:42:02 ..S.R 234 791 229,29 K
lcasrv.dll Tue 12 Jul 2005 17:15:08 ..S.R 234 640 229,14 K
ducprop2.dll Tue 12 Jul 2005 17:49:36 ..S.R 234 784 229,28 K
dtrawex.dll Tue 12 Jul 2005 19:04:36 ..S.R 235 842 230,31 K
bptt.dll Wed 13 Jul 2005 11:31:16 ..S.R 235 842 230,31 K
resmxs.dll Wed 13 Jul 2005 11:43:16 ..S.R 233 406 227,93 K
mscms.dll Wed 29 Jun 2005 9:31:08 A.... 69 904 68,27 K
fpr203~1.dll Thu 14 Jul 2005 1:18:32 ..S.R 234 201 228,71 K
ir22l5~1.dll Wed 20 Jul 2005 20:58:32 ..S.R 234 272 228,78 K
i6nmlg~1.dll Sun 26 Jun 2005 21:49:34 ..S.R 233 314 227,84 K
r0r60a~1.dll Tue 20 Sep 2005 17:39:48 ..S.R 234 692 229,19 K
l28m0c~1.dll Thu 21 Jul 2005 22:19:14 ..S.R 236 156 230,62 K
fpru03~1.dll Mon 27 Jun 2005 19:06:36 ..S.R 234 307 228,81 K
sxorder.dll Mon 27 Jun 2005 19:28:40 ..S.R 234 272 228,78 K
mv40l9~1.dll Fri 8 Jul 2005 12:52:26 ..S.R 234 640 229,14 K
hr0m05~1.dll Fri 8 Jul 2005 20:50:28 ..S.R 233 591 228,11 K
h6n00g~1.dll Fri 8 Jul 2005 22:56:44 ..S.R 234 696 229,20 K
dwvx_x~1.dll Wed 13 Jul 2005 11:24:20 ..S.R 236 458 230,91 K
p66s0g~1.dll Tue 12 Jul 2005 17:15:08 ..S.R 235 406 229,89 K
pp6s0e~1.dll Wed 13 Jul 2005 12:24:40 ..S.R 236 196 230,66 K
lv8o09~1.dll Fri 29 Jul 2005 19:03:18 ..S.R 233 248 227,78 K
gcunco~1.dll Tue 12 Jul 2005 15:35:10 A.... 95 448 93,21 K
gccoll~1.dll Tue 12 Jul 2005 15:35:14 A.... 126 680 123,71 K
m428le~1.dll Mon 25 Jul 2005 0:50:26 ..S.R 234 272 228,78 K
hrno05~1.dll Fri 5 Aug 2005 10:50:44 ..S.R 233 248 227,78 K
l2p2lc~1.dll Fri 5 Aug 2005 12:07:14 ..S.R 235 008 229,50 K
hr6o05~1.dll Fri 5 Aug 2005 12:21:18 ..S.R 235 373 229,86 K
ie41_qc.dll Sat 6 Aug 2005 20:38:58 ..S.R 235 008 229,50 K
dukquoui.dll Sat 6 Aug 2005 20:42:34 ..S.R 235 008 229,50 K
cfyptnet.dll Sun 7 Aug 2005 0:15:58 ..S.R 233 681 228,20 K
mwwebdvd.dll Sun 7 Aug 2005 13:01:10 ..S.R 235 008 229,50 K
iqnathlp.dll Mon 8 Aug 2005 20:30:42 ..S.R 235 586 230,06 K
s32evnt1.dll Mon 8 Aug 2005 20:34:32 A.... 83 208 81,26 K
msvcr71.dll Wed 10 Aug 2005 22:30:10 A.... 348 160 340,00 K
msvcp71.dll Wed 10 Aug 2005 22:30:12 A.... 499 712 488,00 K
rvsdlg.dll Thu 11 Aug 2005 20:54:42 ..S.R 235 226 229,71 K
tvpisrv.dll Thu 11 Aug 2005 21:32:50 ..S.R 233 351 227,88 K
ob30.dll Thu 11 Aug 2005 22:05:28 ..S.R 235 250 229,73 K
mrdxmlc.dll Sat 13 Aug 2005 22:31:24 ..S.R 235 709 230,18 K
azthz.dll Sun 14 Aug 2005 0:13:02 ..S.R 235 250 229,73 K
mjxoci.dll Sun 14 Aug 2005 2:45:20 ..S.R 236 213 230,68 K
oqtwa400.dll Sun 14 Aug 2005 10:27:20 ..S.R 233 413 227,94 K

85 items found: 85 files (70 H/S), 0 directories.
Total of file sizes: 21 302 296 bytes 20,31 M
Locate .tmp files:

C:\WINNT\SYSTEM32\
e_s2cd.tmp Wed 21 Sep 2005 18:06:28 A.... 59 0,05 K

1 item found: 1 file, 0 directories.
Total of file sizes: 59 bytes 0,05 K
**********************************************************************************
Directory Listing of system files:
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 146C-17E5

R‚pertoire de C:\WINNT\System32

22/09/2005 03:29 233˙281 dktmsft.dll
20/09/2005 17:39 234˙692 r0r60a9sed.dll
20/09/2005 17:32 233˙281 en0ol1d31.dll
20/09/2005 11:32 233˙969 o0pq0a75ed.dll
21/08/2005 22:56 233˙281 TAFLOG.DLL
21/08/2005 10:15 235˙131 TSIDXP.DLL
20/08/2005 20:44 233˙281 LIRMONUI.DLL
20/08/2005 00:47 233˙281 czbcatex.dll
20/08/2005 00:36 235˙131 SwOrder.dll
20/08/2005 00:28 233˙281 WZNSTRM.DLL
19/08/2005 22:43 233˙262 RCCRES.dll
19/08/2005 13:05 233˙281 mpxclu.dll
16/08/2005 21:01 236˙213 ibign32.dll
14/08/2005 10:27 233˙413 OQTWA400.DLL
14/08/2005 02:45 236˙213 mjxoci.dll
14/08/2005 00:13 235˙250 azthz.dll
13/08/2005 22:31 235˙709 mrdxmlc.dll
11/08/2005 22:05 235˙250 ob30.dll
11/08/2005 21:32 233˙351 tVpisrv.dll
11/08/2005 20:54 235˙226 RVSDLG.DLL
08/08/2005 20:30 235˙586 iqnathlp.dll
07/08/2005 13:01 235˙008 mwwebdvd.dll
07/08/2005 00:15 233˙681 CFYPTNET.DLL
06/08/2005 20:42 235˙008 dukquoui.dll
06/08/2005 20:38 235˙008 IE41_QC.DLL
05/08/2005 12:21 235˙373 hr6o05j3e.dll
05/08/2005 12:07 235˙008 l2p2lc7o1f.dll
05/08/2005 10:50 233˙248 hrno0553e.dll
01/08/2005 21:21 233˙248 MPIWAVE.DLL
29/07/2005 19:32 233˙248 RBELM.dll
29/07/2005 19:25 234˙272 ODE32.DLL
29/07/2005 19:03 233˙248 lv8o09l3e.dll
25/07/2005 00:50 234˙272 m428lefu1h28.dll
23/07/2005 22:26 233˙248 svvsvc.dll
21/07/2005 22:19 236˙156 l28m0cl1efq.dll
21/07/2005 21:41 236˙156 wahfr.dll
20/07/2005 20:58 234˙272 ir22l5fo1.dll
16/07/2005 13:06 234˙272 ceonts.dll
16/07/2005 11:47 234˙272 labmp60n.dll
16/07/2005 11:47 234˙272 JTMI500.DLL
15/07/2005 23:39 234˙201 KCDFR.DLL
14/07/2005 01:18 234˙201 fpr2039oe.dll
13/07/2005 22:39 234˙201 eh.dll
13/07/2005 12:43 235˙842 Rkboex32.dll
13/07/2005 12:24 236˙196 pP6s0ej7eho.dll
13/07/2005 11:52 235˙842 OGE32.DLL
13/07/2005 11:43 233˙406 RESMXS.DLL
13/07/2005 11:31 235˙842 BPTT.DLL
13/07/2005 11:24 236˙458 dwvx_xx07.dll
12/07/2005 19:04 235˙842 DTRAWEX.DLL
12/07/2005 17:49 234˙784 DUCPROP2.DLL
12/07/2005 17:15 234˙640 LCASRV.DLL
12/07/2005 17:15 235˙406 p66s0gj7e6o.dll
08/07/2005 22:56 234˙696 h6n00g5me6.dll
08/07/2005 20:50 233˙591 hr0m05d1e.dll
08/07/2005 12:52 234˙640 mv40l9hm1.dll
08/07/2005 12:42 236˙071 dgmodemx.dll
05/07/2005 14:16 236˙288 MISYSTEM.DLL
27/06/2005 19:42 234˙791 azpmgr.dll
27/06/2005 19:28 234˙272 SxOrder.dll
27/06/2005 19:06 233˙314 EISEC32.DLL
27/06/2005 19:06 234˙307 fpru0399e.dll
26/06/2005 21:49 233˙314 i6nmlg5116.dll
26/06/2005 18:07 235˙560 DLCPCSVC.DLL
26/06/2005 17:33 233˙601 org.dll
26/06/2005 14:07 235˙839 ITETCOMM.DLL
26/06/2005 12:12 233˙337 nsdsa.dll
26/06/2005 11:58 235˙839 cnmuid.dll
25/06/2005 22:56 235˙828 cfrpol.dll
25/06/2005 18:45 236˙186 FIXMAPI.DLL
23/06/2005 19:54 235˙828 dargsnap.dll
21/06/2005 19:47 236˙186 pgcrt.dll
20/06/2005 21:40 235˙828 gktext.dll
20/06/2005 08:57 235˙828 ampmgr.dll
19/06/2005 01:00 235˙239 wnpcd.dll
19/06/2005 01:00 235˙914 hrp6057se.dll
14/06/2005 23:16 235˙239 fppq0375e.dll
13/06/2005 20:04 235˙239 iFsperf.dll
12/06/2005 22:35 234˙092 MGVCP50.DLL
12/06/2005 21:37 235˙239 MBCANS32.DLL
12/06/2005 07:47 234˙092 jlproxy.dll
11/06/2005 15:10 235˙239 ricrt4.dll
10/06/2005 19:29 234˙092 DERAWEX.DLL
09/06/2005 13:44 233˙699 shns.dll
09/06/2005 13:15 234˙772 szofr.dll
09/06/2005 08:29 233˙699 KMDMAC.DLL
07/06/2005 10:45 236˙691 drdlgs.dll
06/06/2005 17:08 233˙699 mkencode.dll
05/06/2005 23:19 236˙691 NXMSEVT.DLL
26/05/2005 22:25 236˙691 MGC42LOC.DLL
26/05/2005 22:25 233˙013 m4nq0e55eh.dll
25/05/2005 20:15 233˙094 mlc42.dll
23/05/2005 18:58 236˙691 myiqtz32.dll
21/05/2005 23:28 233˙217 MCCANS32.DLL
20/05/2005 20:15 236˙691 of30.dll
20/05/2005 14:27 236˙668 CLELLANG.DLL
18/05/2005 19:14 236˙668 JLIQ500.DLL
14/05/2005 20:33 235˙540 MZV1_0.DLL
13/05/2005 20:43 235˙540 FQIFS.DLL
13/05/2005 11:11 235˙418 jtpu0779e.dll
13/05/2005 09:31 235˙418 OSE32.DLL
12/05/2005 22:11 235˙418 nsmsdba.dll
11/05/2005 19:35 235˙268 p46s0ej7eho.dll
11/05/2005 19:35 234˙504 CFTDLL.DLL
11/05/2005 18:50 234˙504 gplml3311.dll
10/05/2005 21:35 234˙504 dcimg301.dll
07/05/2005 23:27 233˙165 ojecli32.dll
07/05/2005 00:06 234˙504 orcache.dll
06/05/2005 12:10 234˙504 SDLWAPI.DLL
06/05/2005 12:00 232˙967 m482lelo1hqc.dll
05/05/2005 16:41 234˙504 xsob2res.dll
05/05/2005 11:12 232˙967 iqsetup.dll
05/05/2005 11:12 245˙760 wthfr.dll
05/05/2005 00:12 235˙826 g0jo0a13ed.dll
04/05/2005 23:12 56 D4748EB785.sys
04/05/2005 23:12 12˙208 KGyGaAvL.sys
01/05/2005 23:48 235˙826 wvnhttp.dll
01/05/2005 22:05 235˙781 distyle.dll
30/04/2005 16:34 232˙814 mpltus40.dll
26/04/2005 21:14 232˙602 cprpol.dll
26/04/2005 19:49 235˙781 deus10.dll
25/04/2005 20:22 232˙602 KODFR.DLL
19/04/2005 18:36 235˙781 MML_HP.DLL
18/04/2005 19:22 235˙781 MFSIP32.DLL
15/04/2005 21:27 233˙870 CXNSOLE.DLL
13/02/2004 16:17 <DIR> DLLCACHE
125 fichier(s) 28˙896˙420 octets
1 R‚p(s) 2˙398˙191˙616 octets libres
***********************************


Translation
As I installed the french version some word are in french, please find below the translation:

Utilisateurs avec pouvoir => Power Users
Administrateurs => Administrators
CREATEUR PROPRIETAIRE => CREATOR OWNER
Le volume dans le lecteur C n'a pas de nom. => C drive do not have volume name
Le num‚ro de s‚rie du volume est 146C-17E5 => Volume Serial number is 146C-17E5
R‚pertoire de => Directory of
125 fichier(s) 28˙896˙420 octets => 125 file(s) 28˙896˙420 bytes
1 R‚p(s) 2˙398˙191˙616 octets libres => 1 Directory 2˙398˙191˙616 free bytes


Error Msg

I had the following error message (just after the ;{1,2,3,4,5,E}1)
The specified file is not found
The specified file is not found
Scanning please wait


Do not hesitate to tell me if you need more information.

Elodie

Edited by Elodie, 28 August 2005 - 04:55 AM.

  • 0

#4
miekiemoes

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Hi, yes, I do understand a bit of french, so that isn't a problem.
Ignore the error messages in the dos-window. Most important thing is other error messages that are not in the dos-window.

So now we can perform next step..

Close any programs you have open since this step requires a reboot.

From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter, then press any key to reboot your computer. After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log.

IMPORTANT: Do NOT run any other files in the l2mfix folder until you are asked to do so!

Extra note... after reboot and logging in, normally a screen will pop up and perform the rest of the fix and notepad opens automatically afterwards.
If that doesn't happen, you'll have to do it manually, so open your L2M-folder which is present on your desktop and doubleclick second.bat.
Let it run and notepad (log.txt) will open then. Copy and paste the contents of it in your next reply with a new hijackthislog.
  • 0

#5
Elodie

Elodie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Great!

Here below is the log.txt :

/////////////////////////////////////////////////////////////////
L2Mfix 1.04

Running From:
C:\Documents and Settings\ebertot\Bureau\l2mfix



RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access AUTORITE NT\SYSTEM
(IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Utilisateurs
(ID-IO) ALLOW Read BUILTIN\Utilisateurs
(ID-NI) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-IO) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-NI) ALLOW Full access BUILTIN\Administrateurs
(ID-IO) ALLOW Full access BUILTIN\Administrateurs
(ID-NI) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE



Setting registry permissions:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Denying C(CI) access for predefined group "Administrators"
- adding new ACCESS DENY entry


Registry Permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(CI) DENY --C------- BUILTIN\Administrateurs
(NI) ALLOW Full access AUTORITE NT\SYSTEM
(IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Utilisateurs
(ID-IO) ALLOW Read BUILTIN\Utilisateurs
(ID-NI) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-IO) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-NI) ALLOW Full access BUILTIN\Administrateurs
(ID-IO) ALLOW Full access BUILTIN\Administrateurs
(ID-NI) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE



Setting up for Reboot


Starting Reboot!

C:\Documents and Settings\ebertot\Bureau\l2mfix
System Rebooted!

Running From:
C:\Documents and Settings\ebertot\Bureau\l2mfix

killing explorer and rundll32.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1352 'explorer.exe'
Killing PID 1352 'explorer.exe'
Error 0x5 : Accčs refusé.


Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1448 'rundll32.exe'

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!
Backing Up: C:\WINNT\system32\ampmgr.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\azpmgr.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\azthz.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\BPTT.DLL
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\ceonts.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\cfrpol.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\CFTDLL.DLL
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\CFYPTNET.DLL
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\CLELLANG.DLL
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\cnmuid.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\cprpol.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\CXNSOLE.DLL
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\czbcatex.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\dargsnap.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\dcimg301.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\DERAWEX.DLL
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\deus10.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\dgmodemx.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\distyle.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\dkactfrm.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\dktmsft.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\DLCPCSVC.DLL
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\drdlgs.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\DTRAWEX.DLL
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\DUCPROP2.DLL
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\dukquoui.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\dwvx_xx07.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\eh.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\EISEC32.DLL
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\FIXMAPI.DLL
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\fppq0375e.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\fpr2039oe.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\fpru0399e.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\FQIFS.DLL
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\g0jo0a13ed.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\gktext.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\gplml3311.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\h6n00g5me6.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\hr0m05d1e.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\hr6o05j3e.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\hrno0553e.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\hrp6057se.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\i0420ahoed4c0.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\i6nmlg5116.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\ibign32.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\IE41_QC.DLL
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\iFsperf.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\iqnathlp.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\iqsetup.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\ir22l5fo1.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\ITETCOMM.DLL
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\JLIQ500.DLL
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\jlproxy.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\JTMI500.DLL
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\jtpu0779e.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\KCDFR.DLL
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\KMDMAC.DLL
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\KODFR.DLL
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\l28m0cl1efq.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\l2p2lc7o1f.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\labmp60n.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\LCASRV.DLL
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\LIRMONUI.DLL
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\lv8o09l3e.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\m428lefu1h28.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\m482lelo1hqc.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\m4nq0e55eh.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\MBCANS32.DLL
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\MCCANS32.DLL
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\MFSIP32.DLL
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\MGC42LOC.DLL
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\MGVCP50.DLL
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\MISYSTEM.DLL
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\mjxoci.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\mkencode.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\mlc42.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\MML_HP.DLL
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\MPIWAVE.DLL
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\mpltus40.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\mpxclu.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\mrdxmlc.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\mv40l9hm1.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\mwwebdvd.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\myiqtz32.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\MZV1_0.DLL
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\nsdsa.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\nsmsdba.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\NXMSEVT.DLL
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\o0pq0a75ed.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\ob30.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\ODE32.DLL
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\of30.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\OGE32.DLL
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\ojecli32.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\OQTWA400.DLL
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\orcache.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\org.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\OSE32.DLL
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\p46s0ej7eho.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\p66s0gj7e6o.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\pgcrt.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\pP6s0ej7eho.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\r0r60a9sed.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\RBELM.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\RCCRES.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\RESMXS.DLL
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\ricrt4.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\Rkboex32.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\RVSDLG.DLL
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\SDLWAPI.DLL
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\shns.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\svvsvc.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\SwOrder.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\SxOrder.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\szofr.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\TAFLOG.DLL
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\TSIDXP.DLL
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\tVpisrv.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\wahfr.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\wnpcd.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\wthfr.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\wvnhttp.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\WZNSTRM.DLL
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\xsob2res.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINNT\system32\guard.tmp
1 fichier(s) copi‚(s).
deleting: C:\WINNT\system32\ampmgr.dll
Successfully Deleted: C:\WINNT\system32\ampmgr.dll
deleting: C:\WINNT\system32\azpmgr.dll
Successfully Deleted: C:\WINNT\system32\azpmgr.dll
deleting: C:\WINNT\system32\azthz.dll
Successfully Deleted: C:\WINNT\system32\azthz.dll
deleting: C:\WINNT\system32\BPTT.DLL
Successfully Deleted: C:\WINNT\system32\BPTT.DLL
deleting: C:\WINNT\system32\ceonts.dll
Successfully Deleted: C:\WINNT\system32\ceonts.dll
deleting: C:\WINNT\system32\cfrpol.dll
Successfully Deleted: C:\WINNT\system32\cfrpol.dll
deleting: C:\WINNT\system32\CFTDLL.DLL
Successfully Deleted: C:\WINNT\system32\CFTDLL.DLL
deleting: C:\WINNT\system32\CFYPTNET.DLL
Successfully Deleted: C:\WINNT\system32\CFYPTNET.DLL
deleting: C:\WINNT\system32\CLELLANG.DLL
Successfully Deleted: C:\WINNT\system32\CLELLANG.DLL
deleting: C:\WINNT\system32\cnmuid.dll
Successfully Deleted: C:\WINNT\system32\cnmuid.dll
deleting: C:\WINNT\system32\cprpol.dll
Successfully Deleted: C:\WINNT\system32\cprpol.dll
deleting: C:\WINNT\system32\CXNSOLE.DLL
Successfully Deleted: C:\WINNT\system32\CXNSOLE.DLL
deleting: C:\WINNT\system32\czbcatex.dll
Successfully Deleted: C:\WINNT\system32\czbcatex.dll
deleting: C:\WINNT\system32\dargsnap.dll
Successfully Deleted: C:\WINNT\system32\dargsnap.dll
deleting: C:\WINNT\system32\dcimg301.dll
Successfully Deleted: C:\WINNT\system32\dcimg301.dll
deleting: C:\WINNT\system32\DERAWEX.DLL
Successfully Deleted: C:\WINNT\system32\DERAWEX.DLL
deleting: C:\WINNT\system32\deus10.dll
Successfully Deleted: C:\WINNT\system32\deus10.dll
deleting: C:\WINNT\system32\dgmodemx.dll
Successfully Deleted: C:\WINNT\system32\dgmodemx.dll
deleting: C:\WINNT\system32\distyle.dll
Successfully Deleted: C:\WINNT\system32\distyle.dll
deleting: C:\WINNT\system32\dkactfrm.dll
Successfully Deleted: C:\WINNT\system32\dkactfrm.dll
deleting: C:\WINNT\system32\dktmsft.dll
Successfully Deleted: C:\WINNT\system32\dktmsft.dll
deleting: C:\WINNT\system32\DLCPCSVC.DLL
Successfully Deleted: C:\WINNT\system32\DLCPCSVC.DLL
deleting: C:\WINNT\system32\drdlgs.dll
Successfully Deleted: C:\WINNT\system32\drdlgs.dll
deleting: C:\WINNT\system32\DTRAWEX.DLL
Successfully Deleted: C:\WINNT\system32\DTRAWEX.DLL
deleting: C:\WINNT\system32\DUCPROP2.DLL
Successfully Deleted: C:\WINNT\system32\DUCPROP2.DLL
deleting: C:\WINNT\system32\dukquoui.dll
Successfully Deleted: C:\WINNT\system32\dukquoui.dll
deleting: C:\WINNT\system32\dwvx_xx07.dll
Successfully Deleted: C:\WINNT\system32\dwvx_xx07.dll
deleting: C:\WINNT\system32\eh.dll
Successfully Deleted: C:\WINNT\system32\eh.dll
deleting: C:\WINNT\system32\EISEC32.DLL
Successfully Deleted: C:\WINNT\system32\EISEC32.DLL
deleting: C:\WINNT\system32\FIXMAPI.DLL
Successfully Deleted: C:\WINNT\system32\FIXMAPI.DLL
deleting: C:\WINNT\system32\fppq0375e.dll
Successfully Deleted: C:\WINNT\system32\fppq0375e.dll
deleting: C:\WINNT\system32\fpr2039oe.dll
Successfully Deleted: C:\WINNT\system32\fpr2039oe.dll
deleting: C:\WINNT\system32\fpru0399e.dll
Successfully Deleted: C:\WINNT\system32\fpru0399e.dll
deleting: C:\WINNT\system32\FQIFS.DLL
Successfully Deleted: C:\WINNT\system32\FQIFS.DLL
deleting: C:\WINNT\system32\g0jo0a13ed.dll
Successfully Deleted: C:\WINNT\system32\g0jo0a13ed.dll
deleting: C:\WINNT\system32\gktext.dll
Successfully Deleted: C:\WINNT\system32\gktext.dll
deleting: C:\WINNT\system32\gplml3311.dll
Successfully Deleted: C:\WINNT\system32\gplml3311.dll
deleting: C:\WINNT\system32\h6n00g5me6.dll
Successfully Deleted: C:\WINNT\system32\h6n00g5me6.dll
deleting: C:\WINNT\system32\hr0m05d1e.dll
Successfully Deleted: C:\WINNT\system32\hr0m05d1e.dll
deleting: C:\WINNT\system32\hr6o05j3e.dll
Successfully Deleted: C:\WINNT\system32\hr6o05j3e.dll
deleting: C:\WINNT\system32\hrno0553e.dll
Successfully Deleted: C:\WINNT\system32\hrno0553e.dll
deleting: C:\WINNT\system32\hrp6057se.dll
Successfully Deleted: C:\WINNT\system32\hrp6057se.dll
deleting: C:\WINNT\system32\i0420ahoed4c0.dll
Successfully Deleted: C:\WINNT\system32\i0420ahoed4c0.dll
deleting: C:\WINNT\system32\i6nmlg5116.dll
Successfully Deleted: C:\WINNT\system32\i6nmlg5116.dll
deleting: C:\WINNT\system32\ibign32.dll
Successfully Deleted: C:\WINNT\system32\ibign32.dll
deleting: C:\WINNT\system32\IE41_QC.DLL
Successfully Deleted: C:\WINNT\system32\IE41_QC.DLL
deleting: C:\WINNT\system32\iFsperf.dll
Successfully Deleted: C:\WINNT\system32\iFsperf.dll
deleting: C:\WINNT\system32\iqnathlp.dll
Successfully Deleted: C:\WINNT\system32\iqnathlp.dll
deleting: C:\WINNT\system32\iqsetup.dll
Successfully Deleted: C:\WINNT\system32\iqsetup.dll
deleting: C:\WINNT\system32\ir22l5fo1.dll
Successfully Deleted: C:\WINNT\system32\ir22l5fo1.dll
deleting: C:\WINNT\system32\ITETCOMM.DLL
Successfully Deleted: C:\WINNT\system32\ITETCOMM.DLL
deleting: C:\WINNT\system32\JLIQ500.DLL
Successfully Deleted: C:\WINNT\system32\JLIQ500.DLL
deleting: C:\WINNT\system32\jlproxy.dll
Successfully Deleted: C:\WINNT\system32\jlproxy.dll
deleting: C:\WINNT\system32\JTMI500.DLL
Successfully Deleted: C:\WINNT\system32\JTMI500.DLL
deleting: C:\WINNT\system32\jtpu0779e.dll
Successfully Deleted: C:\WINNT\system32\jtpu0779e.dll
deleting: C:\WINNT\system32\KCDFR.DLL
Successfully Deleted: C:\WINNT\system32\KCDFR.DLL
deleting: C:\WINNT\system32\KMDMAC.DLL
Successfully Deleted: C:\WINNT\system32\KMDMAC.DLL
deleting: C:\WINNT\system32\KODFR.DLL
Successfully Deleted: C:\WINNT\system32\KODFR.DLL
deleting: C:\WINNT\system32\l28m0cl1efq.dll
Successfully Deleted: C:\WINNT\system32\l28m0cl1efq.dll
deleting: C:\WINNT\system32\l2p2lc7o1f.dll
Successfully Deleted: C:\WINNT\system32\l2p2lc7o1f.dll
deleting: C:\WINNT\system32\labmp60n.dll
Successfully Deleted: C:\WINNT\system32\labmp60n.dll
deleting: C:\WINNT\system32\LCASRV.DLL
Successfully Deleted: C:\WINNT\system32\LCASRV.DLL
deleting: C:\WINNT\system32\LIRMONUI.DLL
Successfully Deleted: C:\WINNT\system32\LIRMONUI.DLL
deleting: C:\WINNT\system32\lv8o09l3e.dll
Successfully Deleted: C:\WINNT\system32\lv8o09l3e.dll
deleting: C:\WINNT\system32\m428lefu1h28.dll
Successfully Deleted: C:\WINNT\system32\m428lefu1h28.dll
deleting: C:\WINNT\system32\m482lelo1hqc.dll
Successfully Deleted: C:\WINNT\system32\m482lelo1hqc.dll
deleting: C:\WINNT\system32\m4nq0e55eh.dll
Successfully Deleted: C:\WINNT\system32\m4nq0e55eh.dll
deleting: C:\WINNT\system32\MBCANS32.DLL
Successfully Deleted: C:\WINNT\system32\MBCANS32.DLL
deleting: C:\WINNT\system32\MCCANS32.DLL
Successfully Deleted: C:\WINNT\system32\MCCANS32.DLL
deleting: C:\WINNT\system32\MFSIP32.DLL
Successfully Deleted: C:\WINNT\system32\MFSIP32.DLL
deleting: C:\WINNT\system32\MGC42LOC.DLL
Successfully Deleted: C:\WINNT\system32\MGC42LOC.DLL
deleting: C:\WINNT\system32\MGVCP50.DLL
Successfully Deleted: C:\WINNT\system32\MGVCP50.DLL
deleting: C:\WINNT\system32\MISYSTEM.DLL
Successfully Deleted: C:\WINNT\system32\MISYSTEM.DLL
deleting: C:\WINNT\system32\mjxoci.dll
Successfully Deleted: C:\WINNT\system32\mjxoci.dll
deleting: C:\WINNT\system32\mkencode.dll
Successfully Deleted: C:\WINNT\system32\mkencode.dll
deleting: C:\WINNT\system32\mlc42.dll
Successfully Deleted: C:\WINNT\system32\mlc42.dll
deleting: C:\WINNT\system32\MML_HP.DLL
Successfully Deleted: C:\WINNT\system32\MML_HP.DLL
deleting: C:\WINNT\system32\MPIWAVE.DLL
Successfully Deleted: C:\WINNT\system32\MPIWAVE.DLL
deleting: C:\WINNT\system32\mpltus40.dll
Successfully Deleted: C:\WINNT\system32\mpltus40.dll
deleting: C:\WINNT\system32\mpxclu.dll
Successfully Deleted: C:\WINNT\system32\mpxclu.dll
deleting: C:\WINNT\system32\mrdxmlc.dll
Successfully Deleted: C:\WINNT\system32\mrdxmlc.dll
deleting: C:\WINNT\system32\mv40l9hm1.dll
Successfully Deleted: C:\WINNT\system32\mv40l9hm1.dll
deleting: C:\WINNT\system32\mwwebdvd.dll
Successfully Deleted: C:\WINNT\system32\mwwebdvd.dll
deleting: C:\WINNT\system32\myiqtz32.dll
Successfully Deleted: C:\WINNT\system32\myiqtz32.dll
deleting: C:\WINNT\system32\MZV1_0.DLL
Successfully Deleted: C:\WINNT\system32\MZV1_0.DLL
deleting: C:\WINNT\system32\nsdsa.dll
Successfully Deleted: C:\WINNT\system32\nsdsa.dll
deleting: C:\WINNT\system32\nsmsdba.dll
Successfully Deleted: C:\WINNT\system32\nsmsdba.dll
deleting: C:\WINNT\system32\NXMSEVT.DLL
Successfully Deleted: C:\WINNT\system32\NXMSEVT.DLL
deleting: C:\WINNT\system32\o0pq0a75ed.dll
Successfully Deleted: C:\WINNT\system32\o0pq0a75ed.dll
deleting: C:\WINNT\system32\ob30.dll
Successfully Deleted: C:\WINNT\system32\ob30.dll
deleting: C:\WINNT\system32\ODE32.DLL
Successfully Deleted: C:\WINNT\system32\ODE32.DLL
deleting: C:\WINNT\system32\of30.dll
Successfully Deleted: C:\WINNT\system32\of30.dll
deleting: C:\WINNT\system32\OGE32.DLL
Successfully Deleted: C:\WINNT\system32\OGE32.DLL
deleting: C:\WINNT\system32\ojecli32.dll
Successfully Deleted: C:\WINNT\system32\ojecli32.dll
deleting: C:\WINNT\system32\OQTWA400.DLL
Successfully Deleted: C:\WINNT\system32\OQTWA400.DLL
deleting: C:\WINNT\system32\orcache.dll
Successfully Deleted: C:\WINNT\system32\orcache.dll
deleting: C:\WINNT\system32\org.dll
Successfully Deleted: C:\WINNT\system32\org.dll
deleting: C:\WINNT\system32\OSE32.DLL
Successfully Deleted: C:\WINNT\system32\OSE32.DLL
deleting: C:\WINNT\system32\p46s0ej7eho.dll
Successfully Deleted: C:\WINNT\system32\p46s0ej7eho.dll
deleting: C:\WINNT\system32\p66s0gj7e6o.dll
Successfully Deleted: C:\WINNT\system32\p66s0gj7e6o.dll
deleting: C:\WINNT\system32\pgcrt.dll
Successfully Deleted: C:\WINNT\system32\pgcrt.dll
deleting: C:\WINNT\system32\pP6s0ej7eho.dll
Successfully Deleted: C:\WINNT\system32\pP6s0ej7eho.dll
deleting: C:\WINNT\system32\r0r60a9sed.dll
Successfully Deleted: C:\WINNT\system32\r0r60a9sed.dll
deleting: C:\WINNT\system32\RBELM.dll
Successfully Deleted: C:\WINNT\system32\RBELM.dll
deleting: C:\WINNT\system32\RCCRES.dll
Successfully Deleted: C:\WINNT\system32\RCCRES.dll
deleting: C:\WINNT\system32\RESMXS.DLL
Successfully Deleted: C:\WINNT\system32\RESMXS.DLL
deleting: C:\WINNT\system32\ricrt4.dll
Successfully Deleted: C:\WINNT\system32\ricrt4.dll
deleting: C:\WINNT\system32\Rkboex32.dll
Successfully Deleted: C:\WINNT\system32\Rkboex32.dll
deleting: C:\WINNT\system32\RVSDLG.DLL
Successfully Deleted: C:\WINNT\system32\RVSDLG.DLL
deleting: C:\WINNT\system32\SDLWAPI.DLL
Successfully Deleted: C:\WINNT\system32\SDLWAPI.DLL
deleting: C:\WINNT\system32\shns.dll
Successfully Deleted: C:\WINNT\system32\shns.dll
deleting: C:\WINNT\system32\svvsvc.dll
Successfully Deleted: C:\WINNT\system32\svvsvc.dll
deleting: C:\WINNT\system32\SwOrder.dll
Successfully Deleted: C:\WINNT\system32\SwOrder.dll
deleting: C:\WINNT\system32\SxOrder.dll
Successfully Deleted: C:\WINNT\system32\SxOrder.dll
deleting: C:\WINNT\system32\szofr.dll
Successfully Deleted: C:\WINNT\system32\szofr.dll
deleting: C:\WINNT\system32\TAFLOG.DLL
Successfully Deleted: C:\WINNT\system32\TAFLOG.DLL
deleting: C:\WINNT\system32\TSIDXP.DLL
Successfully Deleted: C:\WINNT\system32\TSIDXP.DLL
deleting: C:\WINNT\system32\tVpisrv.dll
Successfully Deleted: C:\WINNT\system32\tVpisrv.dll
deleting: C:\WINNT\system32\wahfr.dll
Successfully Deleted: C:\WINNT\system32\wahfr.dll
deleting: C:\WINNT\system32\wnpcd.dll
Successfully Deleted: C:\WINNT\system32\wnpcd.dll
deleting: C:\WINNT\system32\wthfr.dll
Successfully Deleted: C:\WINNT\system32\wthfr.dll
deleting: C:\WINNT\system32\wvnhttp.dll
Successfully Deleted: C:\WINNT\system32\wvnhttp.dll
deleting: C:\WINNT\system32\WZNSTRM.DLL
Successfully Deleted: C:\WINNT\system32\WZNSTRM.DLL
deleting: C:\WINNT\system32\xsob2res.dll
Successfully Deleted: C:\WINNT\system32\xsob2res.dll
deleting: C:\WINNT\system32\guard.tmp
Successfully Deleted: C:\WINNT\system32\guard.tmp

Desktop.ini sucessfully removed


Zipping up files for submission:
adding: ampmgr.dll (deflated 5%)
adding: azpmgr.dll (deflated 4%)
adding: azthz.dll (deflated 5%)
adding: BPTT.DLL (deflated 5%)
adding: ceonts.dll (deflated 4%)
adding: cfrpol.dll (deflated 5%)
adding: CFTDLL.DLL (deflated 5%)
adding: CFYPTNET.DLL (deflated 4%)
adding: CLELLANG.DLL (deflated 5%)
adding: cnmuid.dll (deflated 5%)
adding: cprpol.dll (deflated 4%)
adding: CXNSOLE.DLL (deflated 5%)
adding: czbcatex.dll (deflated 4%)
adding: dargsnap.dll (deflated 5%)
adding: dcimg301.dll (deflated 5%)
adding: DERAWEX.DLL (deflated 5%)
adding: deus10.dll (deflated 5%)
adding: dgmodemx.dll (deflated 5%)
adding: distyle.dll (deflated 5%)
adding: dkactfrm.dll (deflated 4%)
adding: dktmsft.dll (deflated 4%)
adding: DLCPCSVC.DLL (deflated 5%)
adding: drdlgs.dll (deflated 5%)
adding: DTRAWEX.DLL (deflated 5%)
adding: DUCPROP2.DLL (deflated 4%)
adding: dukquoui.dll (deflated 5%)
adding: dwvx_xx07.dll (deflated 5%)
adding: eh.dll (deflated 5%)
adding: EISEC32.DLL (deflated 4%)
adding: FIXMAPI.DLL (deflated 5%)
adding: fppq0375e.dll (deflated 5%)
adding: fpr2039oe.dll (deflated 5%)
adding: fpru0399e.dll (deflated 5%)
adding: FQIFS.DLL (deflated 5%)
adding: g0jo0a13ed.dll (deflated 5%)
adding: gktext.dll (deflated 5%)
adding: gplml3311.dll (deflated 5%)
adding: h6n00g5me6.dll (deflated 5%)
adding: hr0m05d1e.dll (deflated 4%)
adding: hr6o05j3e.dll (deflated 5%)
adding: hrno0553e.dll (deflated 4%)
adding: hrp6057se.dll (deflated 5%)
adding: i0420ahoed4c0.dll (deflated 5%)
adding: i6nmlg5116.dll (deflated 4%)
adding: ibign32.dll (deflated 5%)
adding: IE41_QC.DLL (deflated 5%)
adding: iFsperf.dll (deflated 5%)
adding: iqnathlp.dll (deflated 5%)
adding: iqsetup.dll (deflated 4%)
adding: ir22l5fo1.dll (deflated 4%)
adding: ITETCOMM.DLL (deflated 5%)
adding: JLIQ500.DLL (deflated 5%)
adding: jlproxy.dll (deflated 5%)
adding: JTMI500.DLL (deflated 4%)
adding: jtpu0779e.dll (deflated 5%)
adding: KCDFR.DLL (deflated 5%)
adding: KMDMAC.DLL (deflated 4%)
adding: KODFR.DLL (deflated 4%)
adding: l28m0cl1efq.dll (deflated 5%)
adding: l2p2lc7o1f.dll (deflated 5%)
adding: labmp60n.dll (deflated 4%)
adding: LCASRV.DLL (deflated 5%)
adding: LIRMONUI.DLL (deflated 4%)
adding: lv8o09l3e.dll (deflated 4%)
adding: m428lefu1h28.dll (deflated 4%)
adding: m482lelo1hqc.dll (deflated 4%)
adding: m4nq0e55eh.dll (deflated 4%)
adding: MBCANS32.DLL (deflated 5%)
adding: MCCANS32.DLL (deflated 4%)
adding: MFSIP32.DLL (deflated 5%)
adding: MGC42LOC.DLL (deflated 5%)
adding: MGVCP50.DLL (deflated 5%)
adding: MISYSTEM.DLL (deflated 5%)
adding: mjxoci.dll (deflated 5%)
adding: mkencode.dll (deflated 4%)
adding: mlc42.dll (deflated 4%)
adding: MML_HP.DLL (deflated 5%)
adding: MPIWAVE.DLL (deflated 4%)
adding: mpltus40.dll (deflated 4%)
adding: mpxclu.dll (deflated 4%)
adding: mrdxmlc.dll (deflated 5%)
adding: mv40l9hm1.dll (deflated 5%)
adding: mwwebdvd.dll (deflated 5%)
adding: myiqtz32.dll (deflated 5%)
adding: MZV1_0.DLL (deflated 5%)
adding: nsdsa.dll (deflated 4%)
adding: nsmsdba.dll (deflated 5%)
adding: NXMSEVT.DLL (deflated 5%)
adding: o0pq0a75ed.dll (deflated 5%)
adding: ob30.dll (deflated 5%)
adding: ODE32.DLL (deflated 4%)
adding: of30.dll (deflated 5%)
adding: OGE32.DLL (deflated 5%)
adding: ojecli32.dll (deflated 4%)
adding: OQTWA400.DLL (deflated 4%)
adding: orcache.dll (deflated 5%)
adding: org.dll (deflated 4%)
adding: OSE32.DLL (deflated 5%)
adding: p46s0ej7eho.dll (deflated 5%)
adding: p66s0gj7e6o.dll (deflated 5%)
adding: pgcrt.dll (deflated 5%)
adding: pP6s0ej7eho.dll (deflated 5%)
adding: r0r60a9sed.dll (deflated 5%)
adding: RBELM.dll (deflated 4%)
adding: RCCRES.dll (deflated 4%)
adding: RESMXS.DLL (deflated 4%)
adding: ricrt4.dll (deflated 5%)
adding: Rkboex32.dll (deflated 5%)
adding: RVSDLG.DLL (deflated 5%)
adding: SDLWAPI.DLL (deflated 5%)
adding: shns.dll (deflated 4%)
adding: svvsvc.dll (deflated 4%)
adding: SwOrder.dll (deflated 5%)
adding: SxOrder.dll (deflated 4%)
adding: szofr.dll (deflated 5%)
adding: TAFLOG.DLL (deflated 4%)
adding: TSIDXP.DLL (deflated 5%)
adding: tVpisrv.dll (deflated 4%)
adding: wahfr.dll (deflated 5%)
adding: wnpcd.dll (deflated 5%)
adding: wthfr.dll (deflated 4%)
adding: wvnhttp.dll (deflated 5%)
adding: WZNSTRM.DLL (deflated 4%)
adding: xsob2res.dll (deflated 5%)
adding: guard.tmp (deflated 4%)
adding: echo.reg (deflated 9%)
adding: clear.reg (deflated 58%)
adding: desktop.ini (stored 0%)
adding: readme.txt (deflated 52%)
adding: direct.txt (stored 0%)
adding: report.txt (deflated 72%)
adding: lo2.txt (deflated 88%)
adding: test2.txt (deflated 39%)
adding: test3.txt (deflated 39%)
adding: test5.txt (deflated 39%)
adding: test.txt (deflated 84%)
adding: xfind.txt (deflated 78%)
adding: backregs/notibac.reg (deflated 77%)
adding: backregs/shell.reg (deflated 59%)
adding: backregs/E1683449-6FB5-49AE-9636-542E302D9746.reg (deflated 70%)
adding: backregs/F8E3350F-8F4B-4077-8E8A-ECB13345F130.reg (deflated 70%)
adding: backregs/55BC1752-E817-414D-B901-ED61E78F4945.reg (deflated 70%)
adding: backregs/69DE18C4-0B0E-420C-B944-40EBB3824F32.reg (deflated 70%)

Restoring Registry Permissions:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Revoking access for predefined group "Administrators"
Inherited ACE can not be revoked here!
Inherited ACE can not be revoked here!


Registry permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access AUTORITE NT\SYSTEM
(IO) ALLOW Full access AUTORITE NT\SYSTEM
(NI) ALLOW Full access AUTORITE NT\SYSTEM
(IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Utilisateurs
(ID-IO) ALLOW Read BUILTIN\Utilisateurs
(ID-NI) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-IO) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-NI) ALLOW Full access BUILTIN\Administrateurs
(ID-IO) ALLOW Full access BUILTIN\Administrateurs
(ID-NI) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE


Restoring Sedebugprivilege:

Granting SeDebugPrivilege to Administrators ... failed (GetAccountSid(Administrators)=1789

Restoring Windows Update Certificates.:

deleting local copy: ampmgr.dll
deleting local copy: azpmgr.dll
deleting local copy: azthz.dll
deleting local copy: BPTT.DLL
deleting local copy: ceonts.dll
deleting local copy: cfrpol.dll
deleting local copy: CFTDLL.DLL
deleting local copy: CFYPTNET.DLL
deleting local copy: CLELLANG.DLL
deleting local copy: cnmuid.dll
deleting local copy: cprpol.dll
deleting local copy: CXNSOLE.DLL
deleting local copy: czbcatex.dll
deleting local copy: dargsnap.dll
deleting local copy: dcimg301.dll
deleting local copy: DERAWEX.DLL
deleting local copy: deus10.dll
deleting local copy: dgmodemx.dll
deleting local copy: distyle.dll
deleting local copy: dkactfrm.dll
deleting local copy: dktmsft.dll
deleting local copy: DLCPCSVC.DLL
deleting local copy: drdlgs.dll
deleting local copy: DTRAWEX.DLL
deleting local copy: DUCPROP2.DLL
deleting local copy: dukquoui.dll
deleting local copy: dwvx_xx07.dll
deleting local copy: eh.dll
deleting local copy: EISEC32.DLL
deleting local copy: FIXMAPI.DLL
deleting local copy: fppq0375e.dll
deleting local copy: fpr2039oe.dll
deleting local copy: fpru0399e.dll
deleting local copy: FQIFS.DLL
deleting local copy: g0jo0a13ed.dll
deleting local copy: gktext.dll
deleting local copy: gplml3311.dll
deleting local copy: h6n00g5me6.dll
deleting local copy: hr0m05d1e.dll
deleting local copy: hr6o05j3e.dll
deleting local copy: hrno0553e.dll
deleting local copy: hrp6057se.dll
deleting local copy: i0420ahoed4c0.dll
deleting local copy: i6nmlg5116.dll
deleting local copy: ibign32.dll
deleting local copy: IE41_QC.DLL
deleting local copy: iFsperf.dll
deleting local copy: iqnathlp.dll
deleting local copy: iqsetup.dll
deleting local copy: ir22l5fo1.dll
deleting local copy: ITETCOMM.DLL
deleting local copy: JLIQ500.DLL
deleting local copy: jlproxy.dll
deleting local copy: JTMI500.DLL
deleting local copy: jtpu0779e.dll
deleting local copy: KCDFR.DLL
deleting local copy: KMDMAC.DLL
deleting local copy: KODFR.DLL
deleting local copy: l28m0cl1efq.dll
deleting local copy: l2p2lc7o1f.dll
deleting local copy: labmp60n.dll
deleting local copy: LCASRV.DLL
deleting local copy: LIRMONUI.DLL
deleting local copy: lv8o09l3e.dll
deleting local copy: m428lefu1h28.dll
deleting local copy: m482lelo1hqc.dll
deleting local copy: m4nq0e55eh.dll
deleting local copy: MBCANS32.DLL
deleting local copy: MCCANS32.DLL
deleting local copy: MFSIP32.DLL
deleting local copy: MGC42LOC.DLL
deleting local copy: MGVCP50.DLL
deleting local copy: MISYSTEM.DLL
deleting local copy: mjxoci.dll
deleting local copy: mkencode.dll
deleting local copy: mlc42.dll
deleting local copy: MML_HP.DLL
deleting local copy: MPIWAVE.DLL
deleting local copy: mpltus40.dll
deleting local copy: mpxclu.dll
deleting local copy: mrdxmlc.dll
deleting local copy: mv40l9hm1.dll
deleting local copy: mwwebdvd.dll
deleting local copy: myiqtz32.dll
deleting local copy: MZV1_0.DLL
deleting local copy: nsdsa.dll
deleting local copy: nsmsdba.dll
deleting local copy: NXMSEVT.DLL
deleting local copy: o0pq0a75ed.dll
deleting local copy: ob30.dll
deleting local copy: ODE32.DLL
deleting local copy: of30.dll
deleting local copy: OGE32.DLL
deleting local copy: ojecli32.dll
deleting local copy: OQTWA400.DLL
deleting local copy: orcache.dll
deleting local copy: org.dll
deleting local copy: OSE32.DLL
deleting local copy: p46s0ej7eho.dll
deleting local copy: p66s0gj7e6o.dll
deleting local copy: pgcrt.dll
deleting local copy: pP6s0ej7eho.dll
deleting local copy: r0r60a9sed.dll
deleting local copy: RBELM.dll
deleting local copy: RCCRES.dll
deleting local copy: RESMXS.DLL
deleting local copy: ricrt4.dll
deleting local copy: Rkboex32.dll
deleting local copy: RVSDLG.DLL
deleting local copy: SDLWAPI.DLL
deleting local copy: shns.dll
deleting local copy: svvsvc.dll
deleting local copy: SwOrder.dll
deleting local copy: SxOrder.dll
deleting local copy: szofr.dll
deleting local copy: TAFLOG.DLL
deleting local copy: TSIDXP.DLL
deleting local copy: tVpisrv.dll
deleting local copy: wahfr.dll
deleting local copy: wnpcd.dll
deleting local copy: wthfr.dll
deleting local copy: wvnhttp.dll
deleting local copy: WZNSTRM.DLL
deleting local copy: xsob2res.dll
deleting local copy: guard.tmp

The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
"DllName"="C:\\WINNT\\system32\\NavLogon.dll"
"StartShell"="NavStartShellEvent"
"Logoff"="NavLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
"DLLName"="wzcdlg.dll"
"Logon"="WZCEventLogon"
"Logoff"="WZCEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000000


The following are the files found:
****************************************************************************
C:\WINNT\system32\ampmgr.dll
C:\WINNT\system32\azpmgr.dll
C:\WINNT\system32\azthz.dll
C:\WINNT\system32\BPTT.DLL
C:\WINNT\system32\ceonts.dll
C:\WINNT\system32\cfrpol.dll
C:\WINNT\system32\CFTDLL.DLL
C:\WINNT\system32\CFYPTNET.DLL
C:\WINNT\system32\CLELLANG.DLL
C:\WINNT\system32\cnmuid.dll
C:\WINNT\system32\cprpol.dll
C:\WINNT\system32\CXNSOLE.DLL
C:\WINNT\system32\czbcatex.dll
C:\WINNT\system32\dargsnap.dll
C:\WINNT\system32\dcimg301.dll
C:\WINNT\system32\DERAWEX.DLL
C:\WINNT\system32\deus10.dll
C:\WINNT\system32\dgmodemx.dll
C:\WINNT\system32\distyle.dll
C:\WINNT\system32\dkactfrm.dll
C:\WINNT\system32\dktmsft.dll
C:\WINNT\system32\DLCPCSVC.DLL
C:\WINNT\system32\drdlgs.dll
C:\WINNT\system32\DTRAWEX.DLL
C:\WINNT\system32\DUCPROP2.DLL
C:\WINNT\system32\dukquoui.dll
C:\WINNT\system32\dwvx_xx07.dll
C:\WINNT\system32\eh.dll
C:\WINNT\system32\EISEC32.DLL
C:\WINNT\system32\FIXMAPI.DLL
C:\WINNT\system32\fppq0375e.dll
C:\WINNT\system32\fpr2039oe.dll
C:\WINNT\system32\fpru0399e.dll
C:\WINNT\system32\FQIFS.DLL
C:\WINNT\system32\g0jo0a13ed.dll
C:\WINNT\system32\gktext.dll
C:\WINNT\system32\gplml3311.dll
C:\WINNT\system32\h6n00g5me6.dll
C:\WINNT\system32\hr0m05d1e.dll
C:\WINNT\system32\hr6o05j3e.dll
C:\WINNT\system32\hrno0553e.dll
C:\WINNT\system32\hrp6057se.dll
C:\WINNT\system32\i0420ahoed4c0.dll
C:\WINNT\system32\i6nmlg5116.dll
C:\WINNT\system32\ibign32.dll
C:\WINNT\system32\IE41_QC.DLL
C:\WINNT\system32\iFsperf.dll
C:\WINNT\system32\iqnathlp.dll
C:\WINNT\system32\iqsetup.dll
C:\WINNT\system32\ir22l5fo1.dll
C:\WINNT\system32\ITETCOMM.DLL
C:\WINNT\system32\JLIQ500.DLL
C:\WINNT\system32\jlproxy.dll
C:\WINNT\system32\JTMI500.DLL
C:\WINNT\system32\jtpu0779e.dll
C:\WINNT\system32\KCDFR.DLL
C:\WINNT\system32\KMDMAC.DLL
C:\WINNT\system32\KODFR.DLL
C:\WINNT\system32\l28m0cl1efq.dll
C:\WINNT\system32\l2p2lc7o1f.dll
C:\WINNT\system32\labmp60n.dll
C:\WINNT\system32\LCASRV.DLL
C:\WINNT\system32\LIRMONUI.DLL
C:\WINNT\system32\lv8o09l3e.dll
C:\WINNT\system32\m428lefu1h28.dll
C:\WINNT\system32\m482lelo1hqc.dll
C:\WINNT\system32\m4nq0e55eh.dll
C:\WINNT\system32\MBCANS32.DLL
C:\WINNT\system32\MCCANS32.DLL
C:\WINNT\system32\MFSIP32.DLL
C:\WINNT\system32\MGC42LOC.DLL
C:\WINNT\system32\MGVCP50.DLL
C:\WINNT\system32\MISYSTEM.DLL
C:\WINNT\system32\mjxoci.dll
C:\WINNT\system32\mkencode.dll
C:\WINNT\system32\mlc42.dll
C:\WINNT\system32\MML_HP.DLL
C:\WINNT\system32\MPIWAVE.DLL
C:\WINNT\system32\mpltus40.dll
C:\WINNT\system32\mpxclu.dll
C:\WINNT\system32\mrdxmlc.dll
C:\WINNT\system32\mv40l9hm1.dll
C:\WINNT\system32\mwwebdvd.dll
C:\WINNT\system32\myiqtz32.dll
C:\WINNT\system32\MZV1_0.DLL
C:\WINNT\system32\nsdsa.dll
C:\WINNT\system32\nsmsdba.dll
C:\WINNT\system32\NXMSEVT.DLL
C:\WINNT\system32\o0pq0a75ed.dll
C:\WINNT\system32\ob30.dll
C:\WINNT\system32\ODE32.DLL
C:\WINNT\system32\of30.dll
C:\WINNT\system32\OGE32.DLL
C:\WINNT\system32\ojecli32.dll
C:\WINNT\system32\OQTWA400.DLL
C:\WINNT\system32\orcache.dll
C:\WINNT\system32\org.dll
C:\WINNT\system32\OSE32.DLL
C:\WINNT\system32\p46s0ej7eho.dll
C:\WINNT\system32\p66s0gj7e6o.dll
C:\WINNT\system32\pgcrt.dll
C:\WINNT\system32\pP6s0ej7eho.dll
C:\WINNT\system32\r0r60a9sed.dll
C:\WINNT\system32\RBELM.dll
C:\WINNT\system32\RCCRES.dll
C:\WINNT\system32\RESMXS.DLL
C:\WINNT\system32\ricrt4.dll
C:\WINNT\system32\Rkboex32.dll
C:\WINNT\system32\RVSDLG.DLL
C:\WINNT\system32\SDLWAPI.DLL
C:\WINNT\system32\shns.dll
C:\WINNT\system32\svvsvc.dll
C:\WINNT\system32\SwOrder.dll
C:\WINNT\system32\SxOrder.dll
C:\WINNT\system32\szofr.dll
C:\WINNT\system32\TAFLOG.DLL
C:\WINNT\system32\TSIDXP.DLL
C:\WINNT\system32\tVpisrv.dll
C:\WINNT\system32\wahfr.dll
C:\WINNT\system32\wnpcd.dll
C:\WINNT\system32\wthfr.dll
C:\WINNT\system32\wvnhttp.dll
C:\WINNT\system32\WZNSTRM.DLL
C:\WINNT\system32\xsob2res.dll
C:\WINNT\system32\guard.tmp

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{E1683449-6FB5-49AE-9636-542E302D9746}"=-
"{2EF0D642-8081-49B6-A7CA-BCBF166B6EAC}"=-
"{F8E3350F-8F4B-4077-8E8A-ECB13345F130}"=-
"{60347437-A299-4682-9F58-B7068B4EB31E}"=-
"{55BC1752-E817-414D-B901-ED61E78F4945}"=-
"{69DE18C4-0B0E-420C-B944-40EBB3824F32}"=-
[-HKEY_CLASSES_ROOT\CLSID\{E1683449-6FB5-49AE-9636-542E302D9746}]
[-HKEY_CLASSES_ROOT\CLSID\{2EF0D642-8081-49B6-A7CA-BCBF166B6EAC}]
[-HKEY_CLASSES_ROOT\CLSID\{F8E3350F-8F4B-4077-8E8A-ECB13345F130}]
[-HKEY_CLASSES_ROOT\CLSID\{60347437-A299-4682-9F58-B7068B4EB31E}]
[-HKEY_CLASSES_ROOT\CLSID\{55BC1752-E817-414D-B901-ED61E78F4945}]
[-HKEY_CLASSES_ROOT\CLSID\{69DE18C4-0B0E-420C-B944-40EBB3824F32}]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
****************************************************************************
Desktop.ini Contents:
****************************************************************************
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
****************************************************************************

/////////////////////////////////////////////////////////////////


Here below is HijackThis.log

Logfile of HijackThis v1.99.1
Scan saved at 19:59:16, on 22/09/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINNT\System32\locator.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\TOSHIBA\TME2\Tmesrv2.exe
C:\WINNT\SYSTEM32\ZONELABS\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\TPWRTRAY.EXE
C:\WINNT\system32\Promon.exe
C:\Program Files\MSN Apps\Updater\01.03.0000.1005\fr\msnappau.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINNT\system32\wuauclt.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Fichiers communs\RTE\RTEGPRS.exe
C:\Program Files\TOSHIBA\NetDevSw\NetDevSW.exe
C:\Program Files\Dexxa Optical Mouse\scw64.exe
C:\WINNT\explorer.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Personnel\Download\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://support.free.fr/proxu.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME2\TMESRV2.EXE /logon
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\fr\msnappau.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [RTEGPRS] "C:\Program Files\Fichiers communs\RTE\RTEGPRS.exe" tray
O4 - HKCU\..\Run: [EPSON Stylus CX3200] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /A "C:\WINNT\system32\E_S2CD.tmp"
O4 - Global Startup: Network Device Switch.lnk = C:\Program Files\TOSHIBA\NetDevSw\NetDevSW.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Dexxa Optical Mouse.lnk = C:\Program Files\Dexxa Optical Mouse\scw64.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O10 - Broken Internet access because of LSP provider 'c:\program files\bulletproofsoft.com&
  • 0

#6
miekiemoes

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Hi,

It seems like your hijackthislog cut off in the middle, so can you post a new hijackthislog please? :tazz:
  • 0

#7
Elodie

Elodie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Ooops yes I think the message was too long.

Logfile of HijackThis v1.99.1
Scan saved at 20:32:57, on 22/09/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINNT\System32\locator.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\TOSHIBA\TME2\Tmesrv2.exe
C:\WINNT\SYSTEM32\ZONELABS\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\TPWRTRAY.EXE
C:\WINNT\system32\Promon.exe
C:\Program Files\MSN Apps\Updater\01.03.0000.1005\fr\msnappau.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINNT\system32\wuauclt.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Fichiers communs\RTE\RTEGPRS.exe
C:\Program Files\TOSHIBA\NetDevSw\NetDevSW.exe
C:\Program Files\Dexxa Optical Mouse\scw64.exe
C:\WINNT\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Personnel\Download\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://support.free.fr/proxu.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME2\TMESRV2.EXE /logon
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\fr\msnappau.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [RTEGPRS] "C:\Program Files\Fichiers communs\RTE\RTEGPRS.exe" tray
O4 - HKCU\..\Run: [EPSON Stylus CX3200] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /A "C:\WINNT\system32\E_S2CD.tmp"
O4 - Global Startup: Network Device Switch.lnk = C:\Program Files\TOSHIBA\NetDevSw\NetDevSW.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Dexxa Optical Mouse.lnk = C:\Program Files\Dexxa Optical Mouse\scw64.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O10 - Broken Internet access because of LSP provider 'c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll' missing
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z....iTunesSetup.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1127225458419
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgall..._1/axofupld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsec...scan/axscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = nice.steria.fr
O17 - HKLM\System\CCS\Services\Tcpip\..\{0A7E6F95-F2B0-408E-BBEB-EE8B6536BE62}: NameServer = 10.50.201.53,10.2.0.2,10.1.0.50
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = nice.steria.fr
O17 - HKLM\System\CS1\Services\Tcpip\..\{0A7E6F95-F2B0-408E-BBEB-EE8B6536BE62}: NameServer = 10.50.201.53,10.2.0.2,10.1.0.50
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = nice.steria.fr
O17 - HKLM\System\CS2\Services\Tcpip\..\{0A7E6F95-F2B0-408E-BBEB-EE8B6536BE62}: NameServer = 10.50.201.53,10.2.0.2,10.1.0.50
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: ET dll Locator (frepdll.exe) - Unknown owner - C:\WINNT\frepdll.exe (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MailEnable List Connector (MELCS) - Unknown owner - C:\Program Files\Mail Enable\BIN\MELSC.EXE
O23 - Service: MailEnable Mail Transfer Agent (MEMTAS) - Unknown owner - C:\Program Files\Mail Enable\BIN\MEMTA.EXE
O23 - Service: MailEnable Postoffice Connector (MEPOCS) - Unknown owner - C:\Program Files\Mail Enable\BIN\MEPOC.EXE
O23 - Service: MailEnable POP Service (MEPOPS) - Unknown owner - C:\Program Files\Mail Enable\BIN\MEPOPS.EXE
O23 - Service: MailEnable SMTP Connector (MESMTPCS) - Unknown owner - C:\Program Files\Mail Enable\BIN\MESMTPC.EXE
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Pivotal Active Notification - Pivotal Software Inc. - C:\Program Files\Pivotal\Relation\nserverc.exe
O23 - Service: Tmesrv2 (Tmesrv) - Unknown owner - C:\Program Files\TOSHIBA\TME2\Tmesrv2.exe" /Service (file missing)
O23 - Service: Apache Tomcat (Tomcat5) - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Tomcat 5.0\bin\tomcat.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\SYSTEM32\ZONELABS\vsmon.exe



Elodie
  • 0

#8
miekiemoes

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Ok,let's fix the rest now..

Please download LSPfix and save it to the Desktop and unzip it.

Run LSPfix and place a check against the I know what I am doing checkbox.

Highlight every instance of apptoport.dll and move it from the Keep to the Remove panel. Be sure to move nothing other than apptoport.dll otherwise you'll loose your internet connection!

When done, click on Finish to exit the program; do not use the X in the top right-hand corner as nothing will happen!

*Go to start >run and type: services.msc and click OK
Scroll down in that list until you find the service ET dll Locator
Doubleclick on it. In the window that will appear, click on "Stop" (if not greyed out) and change the Startup Type to disabled.
Click apply and OK and close all open windows.

Reboot and post a new hijackthislog. :tazz:
  • 0

#9
Elodie

Elodie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Here is the new HijackThis.log


Logfile of HijackThis v1.99.1
Scan saved at 22:21:17, on 22/09/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINNT\System32\locator.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\TOSHIBA\TME2\Tmesrv2.exe
C:\WINNT\SYSTEM32\ZONELABS\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\wuauclt.exe
C:\WINNT\system32\TPWRTRAY.EXE
C:\WINNT\system32\Promon.exe
C:\Program Files\MSN Apps\Updater\01.03.0000.1005\fr\msnappau.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINNT\system32\internat.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Fichiers communs\RTE\RTEGPRS.exe
C:\Program Files\TOSHIBA\NetDevSw\NetDevSW.exe
C:\Program Files\Dexxa Optical Mouse\scw64.exe
C:\Program Files\eMule\emule.exe
C:\Personnel\Download\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://support.free.fr/proxu.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME2\TMESRV2.EXE /logon
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\fr\msnappau.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [RTEGPRS] "C:\Program Files\Fichiers communs\RTE\RTEGPRS.exe" tray
O4 - HKCU\..\Run: [EPSON Stylus CX3200] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /A "C:\WINNT\system32\E_S2CD.tmp"
O4 - Global Startup: Network Device Switch.lnk = C:\Program Files\TOSHIBA\NetDevSw\NetDevSW.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Dexxa Optical Mouse.lnk = C:\Program Files\Dexxa Optical Mouse\scw64.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O10 - Broken Internet access because of LSP provider 'c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll' missing
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z....iTunesSetup.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1127225458419
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgall..._1/axofupld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsec...scan/axscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = nice.steria.fr
O17 - HKLM\System\CCS\Services\Tcpip\..\{0A7E6F95-F2B0-408E-BBEB-EE8B6536BE62}: NameServer = 10.50.201.53,10.2.0.2,10.1.0.50
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = nice.steria.fr
O17 - HKLM\System\CS1\Services\Tcpip\..\{0A7E6F95-F2B0-408E-BBEB-EE8B6536BE62}: NameServer = 10.50.201.53,10.2.0.2,10.1.0.50
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = nice.steria.fr
O17 - HKLM\System\CS2\Services\Tcpip\..\{0A7E6F95-F2B0-408E-BBEB-EE8B6536BE62}: NameServer = 10.50.201.53,10.2.0.2,10.1.0.50
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MailEnable List Connector (MELCS) - Unknown owner - C:\Program Files\Mail Enable\BIN\MELSC.EXE
O23 - Service: MailEnable Mail Transfer Agent (MEMTAS) - Unknown owner - C:\Program Files\Mail Enable\BIN\MEMTA.EXE
O23 - Service: MailEnable Postoffice Connector (MEPOCS) - Unknown owner - C:\Program Files\Mail Enable\BIN\MEPOC.EXE
O23 - Service: MailEnable POP Service (MEPOPS) - Unknown owner - C:\Program Files\Mail Enable\BIN\MEPOPS.EXE
O23 - Service: MailEnable SMTP Connector (MESMTPCS) - Unknown owner - C:\Program Files\Mail Enable\BIN\MESMTPC.EXE
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Pivotal Active Notification - Pivotal Software Inc. - C:\Program Files\Pivotal\Relation\nserverc.exe
O23 - Service: Tmesrv2 (Tmesrv) - Unknown owner - C:\Program Files\TOSHIBA\TME2\Tmesrv2.exe" /Service (file missing)
O23 - Service: Apache Tomcat (Tomcat5) - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Tomcat 5.0\bin\tomcat.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\SYSTEM32\ZONELABS\vsmon.exe
  • 0

#10
miekiemoes

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Hi, did something went wrong with LSPfix?
Because that O10 entry is still present in your hijackthislog.
Is bulletproof bps spyware & adware remover still present on your system? If so, uninstall it via add/remove, because this is a so called spywareremover that has/had a bad reputation. Also look in my signature for more info about it (Click here and you'll find out which scanners NOT to install!! )
  • 0

Advertisements


#11
Elodie

Elodie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I do not have spyware & adware remover installed on my computer.

I do not have any 'c:\program files\bulletproofsoft.com\ repository neither

I cleaned my registery and programs with TuneUp, Cleaner and RegisteryMechanic. But the O10 still in the hijackthislog.

I am in the office today. Tonight at home, I will try to find which program uses "apptoport.dll".

Cheers

Elodie
  • 0

#12
miekiemoes

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Hi Elodie,

Well, it's clearly in here that c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll was on your system before, because it's in your O10 in hijackthis. But it seems like it is missing, so it's not there anymore.

Can you please perform this step again?
Because that's the way to solve it:

Please download LSPfix and save it to the Desktop and unzip it.

Run LSPfix and place a check against the I know what I am doing checkbox.

Highlight every instance of apptoport.dll and move it from the Keep to the Remove panel.  Be sure to move nothing other than apptoport.dll otherwise you'll loose your internet connection!

When done, click on Finish to exit the program; do not use the X in the top right-hand corner as nothing will happen!


REBOOT and post a new hijackthislog.
  • 0

#13
Elodie

Elodie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
How stupid I am, I have been disturb and I did exactly the opposite of what you told me…. :tazz: (see attached file)

I try to recover from the information on lspfix.txt but
http://support.earth...3/5289.psc.html is for windows 9x and I have windows 2000
I have now to found my win2000 cd to repair that. :)

Do I have another solution? :)

Edited by Elodie, 30 August 2005 - 07:58 AM.

  • 0

#14
miekiemoes

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Oh boy.. well that can happen.

We can restore this..

Are you posting from another computer now?
If so, please download WinsockFix

Transfer winsockfix to your other computer.
Unzip it and place it on your desktop.
Start Winsockfix.exe
Then click FIX
Your system will reboot.

That will restore your winsock, because you broke it before, fixing the wrong files.

Edited by miekiemoes, 30 August 2005 - 08:26 AM.

  • 0

#15
Elodie

Elodie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Yes I am connected from work :tazz:


Great ! I seems to work I will check my internet connection tonight at home.

Let wait and see, I keep you informed.
In the meantime I want to thank you for your very fast and very efficient help :) Your explanation are very clear (if stupid people do the opposite it is not your fault :) )

Cheers

Elodie
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP