Pb de fenêtre intempestive [résolu]

coche ses lignes en mode sans echec

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about :blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about :blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about :blank
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [3xC0WAC3K] C:\WINDOWS\igjiu.exe
O4 - HKLM\..\Run: [Windows Update 63] shupd64.exe
O4 - HKCU\..\RunOnce: [Windows Update 63] shupd64.exe
O4 - HKCU\..\Run: [Windows Update 63] shupd64.exe
O4 - HKCU\..\RunOnce: [Windows Update 63] shupd64.exe
O20 - Winlogon Notify: style32 - C:\WINDOWS\
O20 - Winlogon Notify: tcpG4T - C:\WINDOWS\SYSTEM32\tcpG4T.dll

assure toi d avoir acces au fichier cacher pour ce faire

demarrer/poste de travail/outils./option des dossier/affichage/cocher les fichier cacher

supprime ses fichiers

C:\WINDOWS\igjiu.exe
shupd64.exe
shupd64.exe
shupd64.exe
shupd64.exe

C:\WINDOWS\SYSTEM32\tcpG4T.dll

redemare et reposte un log

c'est fait mais encore des fenêtres intempestives

Logfile of HijackThis v1.99.1
Scan saved at 13:26:08, on 26/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvraidservice.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\System32\hphmon03.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\progra~1\softwin\bitdef~1\bdmcon.exe
C:\Program Files\Softwin\BitDefender8\bdoesrv.exe
C:\progra~1\softwin\bitdef~1\bdnagent.exe
C:\Program Files\Softwin\BitDefender8\bdswitch.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ATnotes\ATnotes.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender8\vsserv.exe
C:\WINDOWS\System32\HPHipm09.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\WIN\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\System32\nvraidservice.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\System32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\System32\sw24.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [BDMCon] C:\progra~1\softwin\bitdef~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] C:\Program Files\Softwin\BitDefender8\\bdoesrv.exe
O4 - HKLM\..\Run: [BDNewsAgent] "C:\progra~1\softwin\bitdef~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] C:\Program Files\Softwin\BitDefender8\\bdswitch.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ATnotes.exe] C:\Program Files\ATnotes\ATnotes.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unico...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O20 - Winlogon Notify: mcfG7A - mcfG7A.dll (file missing)
O20 - Winlogon Notify: SharedDLLs - C:\WINDOWS\system32\o666lgjs16o6.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe (file missing)
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Windows Update 63 (ntupd64) - Unknown owner - C:\WINDOWS\System32\C:\WINDOWS\System32\shupd64.exe" -netsvcs (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
O23 - Service: System optimizer (SystemOptimizer) - Unknown owner - C:\WINDOWS\System\svchost.exe (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender8\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

fixe ses lignes

O4 - HKLM\..\Run: [SW20] C:\WINDOWS\System32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\System32\sw24.exe
O20 - Winlogon Notify: mcfG7A - mcfG7A.dll (file missing)
O23 - Service: Windows Update 63 (ntupd64) - Unknown owner - C:\WINDOWS\System32\C:\WINDOWS\System32\shupd64.exe" -netsvcs (file missing)

supprime ses fichier

C:\WINDOWS\System32\shupd64.exe"
C:\WINDOWS\System32\sw24.exe
C:\WINDOWS\System32\sw20.exe

redemare et reposte un log

OK c'est fait voici nouveau rapport

Logfile of HijackThis v1.99.1
Scan saved at 15:26:22, on 26/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvraidservice.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\System32\hphmon03.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\progra~1\softwin\bitdef~1\bdmcon.exe
C:\Program Files\Softwin\BitDefender8\bdoesrv.exe
C:\progra~1\softwin\bitdef~1\bdnagent.exe
C:\Program Files\Softwin\BitDefender8\bdswitch.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ATnotes\ATnotes.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
C:\Documents and Settings\WIN\Bureau\HijackThis.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Softwin\BitDefender8\vsserv.exe
C:\WINDOWS\System32\HPHipm09.exe
C:\WINDOWS\System32\imapi.exe
C:\WINDOWS\System32\wbem\unsecapp.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\System32\nvraidservice.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [BDMCon] C:\progra~1\softwin\bitdef~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] C:\Program Files\Softwin\BitDefender8\\bdoesrv.exe
O4 - HKLM\..\Run: [BDNewsAgent] "C:\progra~1\softwin\bitdef~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] C:\Program Files\Softwin\BitDefender8\\bdswitch.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ATnotes.exe] C:\Program Files\ATnotes\ATnotes.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unico...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O20 - Winlogon Notify: ShellScrap - C:\WINDOWS\system32\dnp0017me.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe (file missing)
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Windows Update 63 (ntupd64) - Unknown owner - C:\WINDOWS\System32\C:\WINDOWS\System32\shupd64.exe" -netsvcs (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
O23 - Service: System optimizer (SystemOptimizer) - Unknown owner - C:\WINDOWS\System\svchost.exe (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender8\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

coche sa

O20 - Winlogon Notify: ShellScrap - C:\WINDOWS\system32\dnp0017me.dll
O23 - Service: Windows Update 63 (ntupd64) - Unknown owner - C:\WINDOWS\System32\C:\WINDOWS\System32\shupd64.exe" -netsvcs (file missing)

supprime ses fichier
C:\WINDOWS\system32\dnp0017me.dll
C:\WINDOWS\System32\C:\WINDOWS\System32\shupd64.exe"

redemarre et reposte un log

coche sa

O20 - Winlogon Notify: ShellScrap - C:\WINDOWS\system32\dnp0017me.dll
O23 - Service: Windows Update 63 (ntupd64) - Unknown owner - C:\WINDOWS\System32\C:\WINDOWS\System32\shupd64.exe" -netsvcs (file missing)

supprime ses fichier
C:\WINDOWS\system32\dnp0017me.dll
C:\WINDOWS\System32\C:\WINDOWS\System32\shupd64.exe"

redemarre et reposte un log

Logfile of HijackThis v1.99.1
Scan saved at 15:56:21, on 26/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvraidservice.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\System32\hphmon03.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\progra~1\softwin\bitdef~1\bdmcon.exe
C:\Program Files\Softwin\BitDefender8\bdoesrv.exe
C:\progra~1\softwin\bitdef~1\bdnagent.exe
C:\Program Files\Softwin\BitDefender8\bdswitch.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ATnotes\ATnotes.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender8\vsserv.exe
C:\WINDOWS\System32\HPHipm09.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\WIN\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\System32\nvraidservice.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [BDMCon] C:\progra~1\softwin\bitdef~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] C:\Program Files\Softwin\BitDefender8\\bdoesrv.exe
O4 - HKLM\..\Run: [BDNewsAgent] "C:\progra~1\softwin\bitdef~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] C:\Program Files\Softwin\BitDefender8\\bdswitch.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ATnotes.exe] C:\Program Files\ATnotes\ATnotes.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unico...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O20 - Winlogon Notify: Applets - C:\WINDOWS\system32\dn2o01f3e.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe (file missing)
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Windows Update 63 (ntupd64) - Unknown owner - C:\WINDOWS\System32\C:\WINDOWS\System32\shupd64.exe" -netsvcs (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
O23 - Service: System optimizer (SystemOptimizer) - Unknown owner - C:\WINDOWS\System\svchost.exe (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender8\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

un resiste celui la
O23 - Service: Windows Update 63 (ntupd64) - Unknown owner - C:\WINDOWS\System32\C:\WINDOWS\System32\shupd64.exe" -netsvcs (file missing)

va dans le service et arrete Windows Update 63

supprime aussi

C:\WINDOWS\System32\shupd64.exe"

sinom a tu encore des probleme?

Comment faire pour aller dans le service et l'arréter ?
Sinon je ne peux jamais supprimer shupd64 car je ne le trouve pas !

Comment faire pour aller dans le service et l'arréter ?
Sinon je ne peux jamais supprimer shupd64 car je ne le trouve pas !

Bonjour,

Pour supprimer ces services, essaie ceci :
Démarrer/Exécuter/ tape sc delete ntupd64 puis Entrée
puis
Démarrer/Exécuter/ tape sc delete SystemOptimizer puis Entrée

EDIT: fais ce q a dis esteban que je salue au passage

;-)

Bonjour alessio ;-)

Merci à tous les 2 j'ai fais ce que m'a dit esteban
mais j'ai toujours des fenêtres intempestives :-(

Tu as une infection de type VX2.Look2Me très coriace (ligne O20)

Le prog L2Mfix permet généralement de l'éradiquer.

1/ Télécharge l2mfix.exe
Mets-le sur ton bureau.
Double-clic sur l2mfix.exe
A la 1ère question clic sur Accept, ensuite clic sur Install

2/ Ouvre le dossier l2mfix créé sur le bureau puis double-clic sur L2Mfix.bat
Ensuite choisis l'option 1 puis Entrée
Poste ce 1er rapport.

3/ Ensuite ferme tous les programmes parce qu'il va y avoir reboot automatique
Ouvre le dossier l2mfix créé sur le bureau puis double-clic sur L2Mfix.bat
Ensuite choisis l'option 2 puis Entrée
Puis appuie sur n'importe quelle touche pour redémarrer l'ordinateur
Après redémarrage, le bureau et les icônes vont apparaître puis disparaître, c'est normal ! Et un nouveau rapport va apparaître à l'écran.
>> Si après redémarrage les icônes n'apparaissent/disparaissent pas ou si le rapport n'apparaît pas, alors ouvre le dossier l2mfix et lance second.bat
Enfin poste ce 2ème rapport avec un nouveau rapport HJT.

L2MFIX find log 1.04a
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Applets]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\dn2o01f3e.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access AUTORITE NT\SYSTEM
(IO) ALLOW Full access AUTORITE NT\SYSTEM
(NI) ALLOW Full access AUTORITE NT\SYSTEM
(IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Utilisateurs
(ID-IO) ALLOW Read BUILTIN\Utilisateurs
(ID-NI) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-IO) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-NI) ALLOW Full access BUILTIN\Administrateurs
(ID-IO) ALLOW Full access BUILTIN\Administrateurs
(ID-NI) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE


**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{E481F176-7C1B-BCC1-8661-D8EEA2FD4B0B}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class"
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper"
"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu"
"{A4DF5659-0801-4A60-9607-1C48695EFDA9}"="Dossier de t‚l‚chargement Share-to-Web "
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Dossiers Web"
"{00020D75-0000-0000-C000-000000000046}"="Microsoft Office Outlook Desktop Icon Handler"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Office Outlook Custom Icon Handler"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{E0D79304-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79305-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79306-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79307-84BE-11CE-9641-444553540000}"="WinZip"
"{0DA785BF-7FB9-4327-B850-AD14904649AD}"=""
"{D653647D-D607-4DF6-A5B8-48D2BA195F7B}"="BitDefender Antivirus v8"
"{2EFB3943-212E-4FDD-B29B-758835915F6C}"=""
"{0574B8ED-AA01-42D9-B7F6-96BB3A1DD374}"=""
"{F9234F31-F674-4683-A26F-58EB5504E812}"=""
"{1D175BFC-D7B0-4800-AD19-98AC60A28499}"=""
"{9C7FFBAD-B99B-4EA3-8BE1-4EB9262183F9}"=""
"{A9DE8663-3A28-4ADB-BD54-98B04E8AD5A8}"=""
"{06349003-1274-47C6-8FA1-B86AFB2DF3AA}"=""
"{C0E1136A-2A30-4E4B-8FB4-8012EDBD26C2}"=""
"{6B33F4A2-8E00-4018-B9D2-BA7E6E5DFE85}"=""

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{2EFB3943-212E-4FDD-B29B-758835915F6C}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2EFB3943-212E-4FDD-B29B-758835915F6C}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2EFB3943-212E-4FDD-B29B-758835915F6C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2EFB3943-212E-4FDD-B29B-758835915F6C}\InprocServer32]
@="C:\\WINDOWS\\system32\\aiptif.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{0574B8ED-AA01-42D9-B7F6-96BB3A1DD374}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0574B8ED-AA01-42D9-B7F6-96BB3A1DD374}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0574B8ED-AA01-42D9-B7F6-96BB3A1DD374}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0574B8ED-AA01-42D9-B7F6-96BB3A1DD374}\InprocServer32]
@="C:\\WINDOWS\\system32\\irhlpapi.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{F9234F31-F674-4683-A26F-58EB5504E812}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F9234F31-F674-4683-A26F-58EB5504E812}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F9234F31-F674-4683-A26F-58EB5504E812}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F9234F31-F674-4683-A26F-58EB5504E812}\InprocServer32]
@="C:\\WINDOWS\\system32\\nxwrsfi.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{1D175BFC-D7B0-4800-AD19-98AC60A28499}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1D175BFC-D7B0-4800-AD19-98AC60A28499}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1D175BFC-D7B0-4800-AD19-98AC60A28499}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1D175BFC-D7B0-4800-AD19-98AC60A28499}\InprocServer32]
@="C:\\WINDOWS\\system32\\sincui.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{9C7FFBAD-B99B-4EA3-8BE1-4EB9262183F9}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9C7FFBAD-B99B-4EA3-8BE1-4EB9262183F9}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9C7FFBAD-B99B-4EA3-8BE1-4EB9262183F9}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9C7FFBAD-B99B-4EA3-8BE1-4EB9262183F9}\InprocServer32]
@="C:\\WINDOWS\\system32\\dccpsapi.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{A9DE8663-3A28-4ADB-BD54-98B04E8AD5A8}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A9DE8663-3A28-4ADB-BD54-98B04E8AD5A8}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A9DE8663-3A28-4ADB-BD54-98B04E8AD5A8}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A9DE8663-3A28-4ADB-BD54-98B04E8AD5A8}\InprocServer32]
@="C:\\WINDOWS\\system32\\sznceng.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{06349003-1274-47C6-8FA1-B86AFB2DF3AA}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{06349003-1274-47C6-8FA1-B86AFB2DF3AA}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{06349003-1274-47C6-8FA1-B86AFB2DF3AA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{06349003-1274-47C6-8FA1-B86AFB2DF3AA}\InprocServer32]
@="C:\\WINDOWS\\system32\\wisapi32.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{C0E1136A-2A30-4E4B-8FB4-8012EDBD26C2}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C0E1136A-2A30-4E4B-8FB4-8012EDBD26C2}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C0E1136A-2A30-4E4B-8FB4-8012EDBD26C2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C0E1136A-2A30-4E4B-8FB4-8012EDBD26C2}\InprocServer32]
@="C:\\WINDOWS\\system32\\nhwrsel.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{6B33F4A2-8E00-4018-B9D2-BA7E6E5DFE85}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6B33F4A2-8E00-4018-B9D2-BA7E6E5DFE85}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6B33F4A2-8E00-4018-B9D2-BA7E6E5DFE85}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6B33F4A2-8E00-4018-B9D2-BA7E6E5DFE85}\InprocServer32]
@="C:\\WINDOWS\\system32\\txpelib.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
aiptif.dll Fri 21 Oct 2005 19:07:16 ..S.R 234 663 229,16 K
dccpsapi.dll Fri 21 Oct 2005 21:43:30 ..S.R 234 165 228,68 K
dn2o01~1.dll Wed 26 Oct 2005 15:49:04 ..S.R 235 664 230,14 K
imxrip.dll Wed 26 Oct 2005 10:53:02 ..S.R 233 854 228,37 K
ir4ml5~1.dll Wed 26 Oct 2005 15:53:00 ..S.R 236 809 231,26 K
irhlpapi.dll Fri 21 Oct 2005 19:21:40 ..S.R 236 225 230,69 K
irn0l5~1.dll Sat 22 Oct 2005 9:52:20 ..S.R 234 165 228,68 K
j0l4la~1.dll Tue 25 Oct 2005 20:18:12 ..S.R 235 284 229,77 K
jt6o07~1.dll Fri 21 Oct 2005 19:07:20 ..S.R 235 677 230,15 K
mkcbase.dll Wed 26 Oct 2005 10:34:38 ..S.R 233 854 228,37 K
n6p40g~1.dll Sat 22 Oct 2005 15:39:30 ..... 234 241 228,75 K
nhwrsel.dll Sat 22 Oct 2005 16:01:08 ..S.R 234 241 228,75 K
nxwrsfi.dll Fri 21 Oct 2005 20:08:24 ..S.R 236 225 230,69 K
oueacc.dll Wed 26 Oct 2005 15:26:04 ..S.R 233 854 228,37 K
q4ps0e~1.dll Tue 25 Oct 2005 19:51:12 ..S.R 234 628 229,13 K
sbnsapi.dll Fri 21 Oct 2005 19:50:22 ..S.R 236 225 230,69 K
sdrialui.dll Wed 26 Oct 2005 13:05:12 ..S.R 233 854 228,37 K
sincui.dll Fri 21 Oct 2005 20:57:14 ..S.R 236 225 230,69 K
sockspy.dll Fri 21 Oct 2005 19:17:08 A.... 73 728 72,00 K
sznceng.dll Sat 22 Oct 2005 14:44:30 ..S.R 234 241 228,75 K
txpelib.dll Wed 26 Oct 2005 15:53:00 ..S.R 235 664 230,14 K
wbpui.dll Tue 25 Oct 2005 17:35:28 ..S.R 236 551 231,00 K
wisapi32.dll Sat 22 Oct 2005 15:49:20 ..S.R 234 241 228,75 K

23 items found: 23 files (21 H/S), 0 directories.
Total of file sizes: 5 244 278 bytes 5,00 M
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 2CFD-1B9C

R‚pertoire de C:\WINDOWS\System32

26/10/2005 15:52 235ÿ664 txpelib.dll
26/10/2005 15:52 236ÿ809 ir4ml5h11.dll
26/10/2005 15:49 235ÿ664 dn2o01f3e.dll
26/10/2005 15:26 233ÿ854 oueacc.dll
26/10/2005 13:05 233ÿ854 sdrialui.dll
26/10/2005 10:53 233ÿ854 imxrip.dll
26/10/2005 10:34 233ÿ854 mkcbase.dll
25/10/2005 20:18 235ÿ284 j0l4la3q1d.dll
25/10/2005 19:51 234ÿ628 q4ps0e77eh.dll
25/10/2005 17:35 236ÿ551 wbpui.dll
22/10/2005 16:01 234ÿ241 nhwrsel.dll
22/10/2005 15:49 234ÿ241 wisapi32.dll
22/10/2005 14:44 234ÿ241 sznceng.dll
22/10/2005 09:52 234ÿ165 irn0l55m1.dll
21/10/2005 21:43 234ÿ165 dccpsapi.dll
21/10/2005 20:57 236ÿ225 sincui.dll
21/10/2005 20:33 <REP> dllcache
21/10/2005 20:08 236ÿ225 nxwrsfi.dll
21/10/2005 19:50 236ÿ225 sbnsapi.dll
21/10/2005 19:21 236ÿ225 irhlpapi.dll
21/10/2005 19:07 235ÿ677 jt6o07j3e.dll
21/10/2005 19:07 234ÿ663 aiptif.dll
06/10/2005 19:02 <REP> Microsoft
24/04/2003 14:00 569ÿ344 oleaut32.dll
24/04/2003 14:00 401ÿ462 msvcp60.dll
24/04/2003 14:00 50ÿ688 msvcirt.dll
24/04/2003 14:00 106ÿ496 olepro32.dll
24/04/2003 14:00 995ÿ383 mfc42.dll
24/04/2003 14:00 323ÿ072 msvcrt.dll
24/04/2003 14:00 10ÿ240 regsvr32.exe
28 fichier(s) 7ÿ392ÿ994 octets
2 R‚p(s) 106ÿ462ÿ240ÿ768 octets libres

2ème rapport avec second.bat
L2Mfix 1.04a

Running From:
C:\Documents and Settings\WIN\Bureau\l2mfix



RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access AUTORITE NT\SYSTEM
(IO) ALLOW Full access AUTORITE NT\SYSTEM
(NI) ALLOW Full access AUTORITE NT\SYSTEM
(IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Utilisateurs
(ID-IO) ALLOW Read BUILTIN\Utilisateurs
(ID-NI) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-IO) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-NI) ALLOW Full access BUILTIN\Administrateurs
(ID-IO) ALLOW Full access BUILTIN\Administrateurs
(ID-NI) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE



Setting registry permissions:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Denying C(CI) access for predefined group "Administrators"
- adding new ACCESS DENY entry


Registry Permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(CI) DENY --C------- BUILTIN\Administrateurs
(NI) ALLOW Full access AUTORITE NT\SYSTEM
(IO) ALLOW Full access AUTORITE NT\SYSTEM
(NI) ALLOW Full access AUTORITE NT\SYSTEM
(IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Utilisateurs
(ID-IO) ALLOW Read BUILTIN\Utilisateurs
(ID-NI) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-IO) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-NI) ALLOW Full access BUILTIN\Administrateurs
(ID-IO) ALLOW Full access BUILTIN\Administrateurs
(ID-NI) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE



Setting up for Reboot


Starting Reboot!

Setting Directory
C:\Documents and Settings\WIN\Bureau\l2mfix
System Rebooted!

Running From:
C:\Documents and Settings\WIN\Bureau\l2mfix

killing explorer and rundll32.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1632 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1872 'rundll32.exe'
Killing PID 1980 'rundll32.exe'

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!
Backing Up: C:\WINDOWS\system32\aiptif.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\dccpsapi.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\imxrip.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\irhlpapi.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\irn0l55m1.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\j0l4la3q1d.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\jt6o07j3e.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\l6j8lg1u16.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\mkcbase.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\n6p40g7qe6.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\nhwrsel.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\nktcfgx.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\nxwrsfi.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\oueacc.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\q4ps0e77eh.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\sbnsapi.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\sdrialui.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\sincui.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\sznceng.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\wbpui.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\wisapi32.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\guard.tmp
1 fichier(s) copi‚(s).
deleting: C:\WINDOWS\system32\aiptif.dll
Successfully Deleted: C:\WINDOWS\system32\aiptif.dll
deleting: C:\WINDOWS\system32\dccpsapi.dll
Successfully Deleted: C:\WINDOWS\system32\dccpsapi.dll
deleting: C:\WINDOWS\system32\imxrip.dll
Successfully Deleted: C:\WINDOWS\system32\imxrip.dll
deleting: C:\WINDOWS\system32\irhlpapi.dll
Successfully Deleted: C:\WINDOWS\system32\irhlpapi.dll
deleting: C:\WINDOWS\system32\irn0l55m1.dll
Successfully Deleted: C:\WINDOWS\system32\irn0l55m1.dll
deleting: C:\WINDOWS\system32\j0l4la3q1d.dll
Successfully Deleted: C:\WINDOWS\system32\j0l4la3q1d.dll
deleting: C:\WINDOWS\system32\jt6o07j3e.dll
Successfully Deleted: C:\WINDOWS\system32\jt6o07j3e.dll
deleting: C:\WINDOWS\system32\l6j8lg1u16.dll
Successfully Deleted: C:\WINDOWS\system32\l6j8lg1u16.dll
deleting: C:\WINDOWS\system32\mkcbase.dll
Successfully Deleted: C:\WINDOWS\system32\mkcbase.dll
deleting: C:\WINDOWS\system32\n6p40g7qe6.dll
Successfully Deleted: C:\WINDOWS\system32\n6p40g7qe6.dll
deleting: C:\WINDOWS\system32\nhwrsel.dll
Successfully Deleted: C:\WINDOWS\system32\nhwrsel.dll
deleting: C:\WINDOWS\system32\nktcfgx.dll
Successfully Deleted: C:\WINDOWS\system32\nktcfgx.dll
deleting: C:\WINDOWS\system32\nxwrsfi.dll
Successfully Deleted: C:\WINDOWS\system32\nxwrsfi.dll
deleting: C:\WINDOWS\system32\oueacc.dll
Successfully Deleted: C:\WINDOWS\system32\oueacc.dll
deleting: C:\WINDOWS\system32\q4ps0e77eh.dll
Successfully Deleted: C:\WINDOWS\system32\q4ps0e77eh.dll
deleting: C:\WINDOWS\system32\sbnsapi.dll
Successfully Deleted: C:\WINDOWS\system32\sbnsapi.dll
deleting: C:\WINDOWS\system32\sdrialui.dll
Successfully Deleted: C:\WINDOWS\system32\sdrialui.dll
deleting: C:\WINDOWS\system32\sincui.dll
Successfully Deleted: C:\WINDOWS\system32\sincui.dll
deleting: C:\WINDOWS\system32\sznceng.dll
Successfully Deleted: C:\WINDOWS\system32\sznceng.dll
deleting: C:\WINDOWS\system32\wbpui.dll
Successfully Deleted: C:\WINDOWS\system32\wbpui.dll
deleting: C:\WINDOWS\system32\wisapi32.dll
Successfully Deleted: C:\WINDOWS\system32\wisapi32.dll
deleting: C:\WINDOWS\system32\guard.tmp
Successfully Deleted: C:\WINDOWS\system32\guard.tmp


Zipping up files for submission:
adding: aiptif.dll (164 bytes security) (deflated 4%)
adding: dccpsapi.dll (164 bytes security) (deflated 4%)
adding: imxrip.dll (164 bytes security) (deflated 4%)
adding: irhlpapi.dll (164 bytes security) (deflated 5%)
adding: irn0l55m1.dll (164 bytes security) (deflated 4%)
adding: j0l4la3q1d.dll (164 bytes security) (deflated 5%)
adding: jt6o07j3e.dll (164 bytes security) (deflated 5%)
adding: l6j8lg1u16.dll (164 bytes security) (deflated 5%)
adding: mkcbase.dll (164 bytes security) (deflated 4%)
adding: n6p40g7qe6.dll (164 bytes security) (deflated 4%)
adding: nhwrsel.dll (164 bytes security) (deflated 4%)
adding: nktcfgx.dll (164 bytes security) (deflated 6%)
adding: nxwrsfi.dll (164 bytes security) (deflated 5%)
adding: oueacc.dll (164 bytes security) (deflated 4%)
adding: q4ps0e77eh.dll (164 bytes security) (deflated 5%)
adding: sbnsapi.dll (164 bytes security) (deflated 5%)
adding: sdrialui.dll (164 bytes security) (deflated 4%)
adding: sincui.dll (164 bytes security) (deflated 5%)
adding: sznceng.dll (164 bytes security) (deflated 4%)
adding: wbpui.dll (164 bytes security) (deflated 5%)
adding: wisapi32.dll (164 bytes security) (deflated 4%)
adding: guard.tmp (164 bytes security) (deflated 6%)
adding: clear.reg (164 bytes security) (deflated 64%)
adding: echo.reg (164 bytes security) (deflated 11%)
adding: direct.txt (164 bytes security) (stored 0%)
adding: lo2.txt (164 bytes security) (deflated 84%)
adding: readme.txt (164 bytes security) (deflated 52%)
adding: report.txt (164 bytes security) (deflated 69%)
adding: test.txt (164 bytes security) (deflated 79%)
adding: test2.txt (164 bytes security) (deflated 45%)
adding: test3.txt (164 bytes security) (deflated 45%)
adding: test5.txt (164 bytes security) (deflated 45%)
adding: xfind.txt (164 bytes security) (deflated 74%)
adding: backregs/0574B8ED-AA01-42D9-B7F6-96BB3A1DD374.reg (164 bytes security) (deflated 70%)
adding: backregs/06349003-1274-47C6-8FA1-B86AFB2DF3AA.reg (164 bytes security) (deflated 70%)
adding: backregs/1D175BFC-D7B0-4800-AD19-98AC60A28499.reg (164 bytes security) (deflated 70%)
adding: backregs/2EFB3943-212E-4FDD-B29B-758835915F6C.reg (164 bytes security) (deflated 70%)
adding: backregs/6B33F4A2-8E00-4018-B9D2-BA7E6E5DFE85.reg (164 bytes security) (deflated 70%)
adding: backregs/9C7FFBAD-B99B-4EA3-8BE1-4EB9262183F9.reg (164 bytes security) (deflated 70%)
adding: backregs/A9DE8663-3A28-4ADB-BD54-98B04E8AD5A8.reg (164 bytes security) (deflated 70%)
adding: backregs/C0E1136A-2A30-4E4B-8FB4-8012EDBD26C2.reg (164 bytes security) (deflated 70%)
adding: backregs/F9234F31-F674-4683-A26F-58EB5504E812.reg (164 bytes security) (deflated 69%)
adding: backregs/notibac.reg (164 bytes security) (deflated 87%)
adding: backregs/shell.reg (164 bytes security) (deflated 74%)

Restoring Registry Permissions:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Revoking access for predefined group "Administrators"
Inherited ACE can not be revoked here!
Inherited ACE can not be revoked here!


Registry permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access AUTORITE NT\SYSTEM
(IO) ALLOW Full access AUTORITE NT\SYSTEM
(NI) ALLOW Full access AUTORITE NT\SYSTEM
(IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Utilisateurs
(ID-IO) ALLOW Read BUILTIN\Utilisateurs
(ID-NI) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-IO) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-NI) ALLOW Full access BUILTIN\Administrateurs
(ID-IO) ALLOW Full access BUILTIN\Administrateurs
(ID-NI) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE


Restoring Sedebugprivilege:

Granting SeDebugPrivilege to Administrators ... failed (GetAccountSid(Administrators)=1332

Restoring Windows Update Certificates.:

deleting local copy: aiptif.dll
deleting local copy: dccpsapi.dll
deleting local copy: imxrip.dll
deleting local copy: irhlpapi.dll
deleting local copy: irn0l55m1.dll
deleting local copy: j0l4la3q1d.dll
deleting local copy: jt6o07j3e.dll
deleting local copy: l6j8lg1u16.dll
deleting local copy: mkcbase.dll
deleting local copy: n6p40g7qe6.dll
deleting local copy: nhwrsel.dll
deleting local copy: nktcfgx.dll
deleting local copy: nxwrsfi.dll
deleting local copy: oueacc.dll
deleting local copy: q4ps0e77eh.dll
deleting local copy: sbnsapi.dll
deleting local copy: sdrialui.dll
deleting local copy: sincui.dll
deleting local copy: sznceng.dll
deleting local copy: wbpui.dll
deleting local copy: wisapi32.dll
deleting local copy: guard.tmp

The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
"DLLName"="wzcdlg.dll"
"Logon"="WZCEventLogon"
"Logoff"="WZCEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000000


The following are the files found:
****************************************************************************
C:\WINDOWS\system32\aiptif.dll
C:\WINDOWS\system32\dccpsapi.dll
C:\WINDOWS\system32\imxrip.dll
C:\WINDOWS\system32\irhlpapi.dll
C:\WINDOWS\system32\irn0l55m1.dll
C:\WINDOWS\system32\j0l4la3q1d.dll
C:\WINDOWS\system32\jt6o07j3e.dll
C:\WINDOWS\system32\l6j8lg1u16.dll
C:\WINDOWS\system32\mkcbase.dll
C:\WINDOWS\system32\n6p40g7qe6.dll
C:\WINDOWS\system32\nhwrsel.dll
C:\WINDOWS\system32\nktcfgx.dll
C:\WINDOWS\system32\nxwrsfi.dll
C:\WINDOWS\system32\oueacc.dll
C:\WINDOWS\system32\q4ps0e77eh.dll
C:\WINDOWS\system32\sbnsapi.dll
C:\WINDOWS\system32\sdrialui.dll
C:\WINDOWS\system32\sincui.dll
C:\WINDOWS\system32\sznceng.dll
C:\WINDOWS\system32\wbpui.dll
C:\WINDOWS\system32\wisapi32.dll
C:\WINDOWS\system32\guard.tmp

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{0DA785BF-7FB9-4327-B850-AD14904649AD}"=-
"{2EFB3943-212E-4FDD-B29B-758835915F6C}"=-
"{0574B8ED-AA01-42D9-B7F6-96BB3A1DD374}"=-
"{F9234F31-F674-4683-A26F-58EB5504E812}"=-
"{1D175BFC-D7B0-4800-AD19-98AC60A28499}"=-
"{9C7FFBAD-B99B-4EA3-8BE1-4EB9262183F9}"=-
"{A9DE8663-3A28-4ADB-BD54-98B04E8AD5A8}"=-
"{06349003-1274-47C6-8FA1-B86AFB2DF3AA}"=-
"{C0E1136A-2A30-4E4B-8FB4-8012EDBD26C2}"=-
"{6B33F4A2-8E00-4018-B9D2-BA7E6E5DFE85}"=-
[-HKEY_CLASSES_ROOT\CLSID\{0DA785BF-7FB9-4327-B850-AD14904649AD}]
[-HKEY_CLASSES_ROOT\CLSID\{2EFB3943-212E-4FDD-B29B-758835915F6C}]
[-HKEY_CLASSES_ROOT\CLSID\{0574B8ED-AA01-42D9-B7F6-96BB3A1DD374}]
[-HKEY_CLASSES_ROOT\CLSID\{F9234F31-F674-4683-A26F-58EB5504E812}]
[-HKEY_CLASSES_ROOT\CLSID\{1D175BFC-D7B0-4800-AD19-98AC60A28499}]
[-HKEY_CLASSES_ROOT\CLSID\{9C7FFBAD-B99B-4EA3-8BE1-4EB9262183F9}]
[-HKEY_CLASSES_ROOT\CLSID\{A9DE8663-3A28-4ADB-BD54-98B04E8AD5A8}]
[-HKEY_CLASSES_ROOT\CLSID\{06349003-1274-47C6-8FA1-B86AFB2DF3AA}]
[-HKEY_CLASSES_ROOT\CLSID\{C0E1136A-2A30-4E4B-8FB4-8012EDBD26C2}]
[-HKEY_CLASSES_ROOT\CLSID\{6B33F4A2-8E00-4018-B9D2-BA7E6E5DFE85}]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
****************************************************************************
Desktop.ini Contents:
****************************************************************************
****************************************************************************

nouveau rapport
Logfile of HijackThis v1.99.1
Scan saved at 16:37:10, on 26/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvraidservice.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\System32\hphmon03.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\progra~1\softwin\bitdef~1\bdmcon.exe
C:\Program Files\Softwin\BitDefender8\bdoesrv.exe
C:\progra~1\softwin\bitdef~1\bdnagent.exe
C:\Program Files\Softwin\BitDefender8\bdswitch.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ATnotes\ATnotes.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender8\vsserv.exe
C:\WINDOWS\System32\HPHipm09.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\WIN\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\System32\nvraidservice.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [BDMCon] C:\progra~1\softwin\bitdef~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] C:\Program Files\Softwin\BitDefender8\\bdoesrv.exe
O4 - HKLM\..\Run: [BDNewsAgent] "C:\progra~1\softwin\bitdef~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] C:\Program Files\Softwin\BitDefender8\\bdswitch.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ATnotes.exe] C:\Program Files\ATnotes\ATnotes.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unico...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe (file missing)
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender8\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

ça m'a l'air bon.

as-tu encore des popups intempestifs ?

pour l'instant non, j'attends encore un peu avant de mettre résolu pour être sure
Merci pour tout
sinon que me conseilles-tu j'ai installé Bitdefender (que j'ai acheté) et j'avais installé Kasperskyi
Que garder
et je ne comprends rien au fonctionnement des firewall

je te conseille de garder kaspersky

perso je préfère Kaspersky aussi mais bon vu que t'as acheté BitDefender...

si tu gardes BitDefender, vérifie si ta version fait aussi pare-feu, sinon il faut en installer en, par exemple un de ceux-là (gratuits) :
ZoneAlarm (en français et facile)
Kerio Personal Firewall (en français et très bien)
Agnitum Outpost Firewall Free
Sygate Personal Firewall

mais surtout il ne faut JAMAIS installer 2 antivirus sur un PC, risque de conflit et ralentissement...

Merci encore cette fois je pense que mon ordi est bien débarassé ce des foutus popup !!!