voila le rapport ( desolé pour le retard )
L2mfix 051206
Creating Account.
La commande s'est termine correctement.
Adding Administrative privleges.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful
Running From:
C:\WINDOWS\system32
Killing Processes!
Killing 'smss.exe'
\SystemRoot\System32\smss.exe (580)
Killing 'winlogon.exe'
winlogon.exe (676)
Killing 'explorer.exe'
C:\WINDOWS\Explorer.EXE (3076)
Killing 'rundll32.exe'
rundll32.exe "C:\WINDOWS\system32\cfbcatq.dll",DllGetVersion (1692)
rundll32.exe "C:\WINDOWS\system32\cdbjmon.dll",DllGetVersion (272)
"C:\WINDOWS\system32\RUNDLL32.EXE" w21a4daa.dll,n 0018c2490000000a21a4daa (3628)
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administrateurs ... successful
Scanning First Pass. Please Wait!
First Pass Completed
Second Pass Scanning
Second pass Completed!
1 fichier(s) copi(s).
1 fichier(s) copi(s).
1 fichier(s) copi(s).
1 fichier(s) copi(s).
1 fichier(s) copi(s).
1 fichier(s) copi(s).
1 fichier(s) copi(s).
1 fichier(s) copi(s).
Deleting: C:\WINDOWS\system32\cdbjmon.dll
Successfully Deleted: C:\WINDOWS\system32\cdbjmon.dll
Deleting: C:\WINDOWS\system32\cfbcatq.dll
Successfully Deleted: C:\WINDOWS\system32\cfbcatq.dll
Deleting: C:\WINDOWS\system32\jt6u07j9e.dll
Successfully Deleted: C:\WINDOWS\system32\jt6u07j9e.dll
Deleting: C:\WINDOWS\system32\l8l6li3s18.dll
Successfully Deleted: C:\WINDOWS\system32\l8l6li3s18.dll
Deleting: C:\WINDOWS\system32\wanmm.dll
Successfully Deleted: C:\WINDOWS\system32\wanmm.dll
Deleting: C:\WINDOWS\system32\wgn32spl.dll
Successfully Deleted: C:\WINDOWS\system32\wgn32spl.dll
Deleting: C:\WINDOWS\system32\wnnipsec.dll
Successfully Deleted: C:\WINDOWS\system32\wnnipsec.dll
Deleting: C:\WINDOWS\system32\wY2time.dll
Successfully Deleted: C:\WINDOWS\system32\wY2time.dll
msg11?.dll
0 fichier(s) copi(s).
Restoring Windows Update Certificates.:
The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Applets]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\wanmm.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\H323TSP]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\wY2time.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Telephony]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\wY2time.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
"Logon"="WLEventLogon"
"Logoff"="WLEventLogoff"
"Startup"="WLEventStartup"
"Shutdown"="WLEventShutdown"
"StartScreenSaver"="WLEventStartScreenSaver"
"StopScreenSaver"="WLEventStopScreenSaver"
"Lock"="WLEventLock"
"Unlock"="WLEventUnlock"
"StartShell"="WLEventStartShell"
"PostShell"="WLEventPostShell"
"Disconnect"="WLEventDisconnect"
"Reconnect"="WLEventReconnect"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000000
"SafeMode"=dword:00000001
"MaxWait"=dword:ffffffff
"DllName"=hex(2):57,00,67,00,61,00,4c,00,6f,00,67,00,6f,00,6e,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Event"=dword:00000000
"InstallNotifyShown"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\Settings]
"Data"=hex:01,00,00,00,d0,8c,9d,df,01,15,d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,\
00,00,15,e2,04,2a,a7,f8,88,41,b4,28,c2,8f,2a,2a,30,5d,04,00,00,00,04,00,00,\
00,53,00,00,00,03,66,00,00,a8,00,00,00,10,00,00,00,d9,c2,d6,b9,af,55,58,be,\
46,f5,7d,04,af,91,57,c8,00,00,00,00,04,80,00,00,a0,00,00,00,10,00,00,00,d5,\
49,16,31,df,09,2e,64,d8,0e,4e,ad,40,f5,a5,34,18,02,00,00,f9,e2,14,ea,77,68,\
16,3c,65,56,c8,b9,64,a8,f4,e4,51,9c,9d,71,18,10,db,b8,62,3c,a4,a1,36,f8,3f,\
39,53,7f,03,f0,2d,61,96,cf,88,fe,49,16,cd,43,d9,0e,1c,38,9f,57,0a,6e,f5,c5,\
cb,ed,4e,67,3c,d4,38,d7,e0,b7,61,ca,46,df,88,8a,64,82,b3,e2,73,1e,5d,b4,55,\
6b,bf,ba,af,23,49,13,6d,b6,79,c9,a7,19,4b,37,df,d0,97,ae,b2,32,fa,d4,9e,5a,\
8a,58,fd,6d,f8,c3,8c,c1,d9,95,b5,d0,57,b6,7a,1b,1c,85,31,e7,9a,ab,15,ee,c8,\
46,bc,54,bf,54,b7,2a,fc,07,95,24,6c,9c,15,6b,b7,4b,3b,39,80,82,d7,cb,99,b3,\
ad,bf,ca,3b,f5,02,49,b1,8b,05,4b,0a,93,f5,b4,71,a7,d2,53,ad,e9,99,fe,96,3a,\
d5,03,b5,b6,37,2a,72,4e,42,61,a6,b5,ab,e4,4c,dd,5d,ab,7a,5e,57,65,45,d8,61,\
24,8b,82,4e,32,fc,3c,41,f4,e2,ad,97,b4,0b,b1,9c,5f,90,e8,f6,a7,40,e0,8d,8a,\
58,7a,65,21,40,84,c7,53,57,10,8a,b6,56,9b,80,3b,81,58,c9,03,cd,ff,a1,20,9d,\
01,e4,98,d8,25,04,9d,57,b7,74,e4,b1,30,6e,20,42,8a,ba,70,9a,c4,09,8e,07,52,\
f8,3c,df,e9,11,3c,61,55,6c,25,0c,b7,45,21,8c,f7,4e,7d,d6,d5,97,2c,48,ae,1a,\
0d,46,2e,a5,b8,f5,a1,5f,8c,24,24,2f,e5,0e,e2,97,21,3c,55,bc,e4,a2,ea,88,10,\
b6,00,54,ec,88,53,b3,1b,72,b1,05,1c,3f,ff,14,99,3a,2d,8c,60,8a,ea,12,f5,73,\
63,47,07,2c,ea,aa,84,67,58,46,82,90,f6,18,3a,49,23,fd,0c,34,2f,82,0c,ac,27,\
62,7c,ea,68,be,bc,cd,a7,5e,d7,5a,a4,bd,06,6d,dd,eb,0f,93,0a,38,7b,5f,72,ff,\
8a,a5,15,6c,d9,da,26,d7,ea,df,73,63,21,aa,4e,1b,05,b6,29,6e,fc,ec,20,fd,c0,\
93,f8,e0,64,a7,30,56,0a,60,0e,eb,f0,ef,72,98,a1,c5,e4,9c,cd,73,66,e3,92,8d,\
b8,59,49,c1,db,72,da,62,72,53,a3,2f,4f,ca,94,e0,09,14,da,47,b3,a8,e6,8f,70,\
c6,0a,89,cc,3f,34,1b,6c,39,17,89,34,51,60,3f,ed,31,3c,b5,35,4d,18,b6,88,00,\
c3,bc,a8,fe,34,86,f4,27,dd,d1,87,34,88,1a,92,95,e0,59,61,a2,b2,09,67,27,8a,\
bb,1c,f4,3d,d7,14,00,00,00,fa,7f,ab,dd,af,b2,c7,dd,a5,d6,4b,43,18,11,44,94,\
80,27,48,2b
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
The following are the files found:
****************************************************************************
C:\WINDOWS\system32\cdbjmon.dll
C:\WINDOWS\system32\cfbcatq.dll
C:\WINDOWS\system32\jt6u07j9e.dll
C:\WINDOWS\system32\l8l6li3s18.dll
C:\WINDOWS\system32\wanmm.dll
C:\WINDOWS\system32\wgn32spl.dll
C:\WINDOWS\system32\wnnipsec.dll
C:\WINDOWS\system32\wY2time.dll
Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{1FD86AAB-E279-4F55-90BB-7BA659D63AAA}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{1FD86AAB-E279-4F55-90BB-7BA659D63AAA}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{1FD86AAB-E279-4F55-90BB-7BA659D63AAA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{1FD86AAB-E279-4F55-90BB-7BA659D63AAA}\InprocServer32]
@="C:\\WINDOWS\\system32\\maexch40.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{1EF0A758-F959-4573-AF39-DD8D7A4101D7}]
@=""
"IDEx"="ADDR"
[HKEY_CLASSES_ROOT\CLSID\{1EF0A758-F959-4573-AF39-DD8D7A4101D7}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{1EF0A758-F959-4573-AF39-DD8D7A4101D7}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{1EF0A758-F959-4573-AF39-DD8D7A4101D7}\InprocServer32]
@="C:\\WINDOWS\\system32\\wY2time.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{00114F2D-F941-4850-BFDE-A871AC43F82C}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{00114F2D-F941-4850-BFDE-A871AC43F82C}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{00114F2D-F941-4850-BFDE-A871AC43F82C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{00114F2D-F941-4850-BFDE-A871AC43F82C}\InprocServer32]
@="C:\\WINDOWS\\system32\\cdbjmon.dll"
"ThreadingModel"="Apartment"
REGEDIT4
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{0A0CBF10-E14C-4F6C-A059-A8B992A1227F}"=-
"{D757A54D-604D-4FB3-851C-2C7F7AF265FB}"=-
"{1FD86AAB-E279-4F55-90BB-7BA659D63AAA}"=-
"{1EF0A758-F959-4573-AF39-DD8D7A4101D7}"=-
"{00114F2D-F941-4850-BFDE-A871AC43F82C}"=-
[-HKEY_CLASSES_ROOT\CLSID\{0A0CBF10-E14C-4F6C-A059-A8B992A1227F}]
[-HKEY_CLASSES_ROOT\CLSID\{D757A54D-604D-4FB3-851C-2C7F7AF265FB}]
[-HKEY_CLASSES_ROOT\CLSID\{1FD86AAB-E279-4F55-90BB-7BA659D63AAA}]
[-HKEY_CLASSES_ROOT\CLSID\{1EF0A758-F959-4573-AF39-DD8D7A4101D7}]
[-HKEY_CLASSES_ROOT\CLSID\{00114F2D-F941-4850-BFDE-A871AC43F82C}]
REGEDIT4
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************
****************************************************************************
Checking for L2MFix account(0=no 1=yes):
0
Zipping up files for submission:
adding: dlls/cdbjmon.dll (164 bytes security) (deflated 4%)
adding: dlls/cfbcatq.dll (164 bytes security) (deflated 4%)
adding: dlls/jt6u07j9e.dll (164 bytes security) (deflated 5%)
adding: dlls/l8l6li3s18.dll (164 bytes security) (deflated 5%)
adding: dlls/wanmm.dll (164 bytes security) (deflated 4%)
adding: dlls/wgn32spl.dll (164 bytes security) (deflated 4%)
adding: dlls/wnnipsec.dll (164 bytes security) (deflated 4%)
adding: dlls/wY2time.dll (164 bytes security) (deflated 4%)
adding: backregs/00114F2D-F941-4850-BFDE-A871AC43F82C.reg (212 bytes security) (deflated 70%)
adding: backregs/1EF0A758-F959-4573-AF39-DD8D7A4101D7.reg (212 bytes security) (deflated 69%)
adding: backregs/1FD86AAB-E279-4F55-90BB-7BA659D63AAA.reg (212 bytes security) (deflated 70%)
adding: backregs/notibac.reg (164 bytes security) (deflated 76%)
adding: backregs/shell.reg (164 bytes security) (deflated 73%)