Fenetre intempestive pop up et redirection qui devienne agacente!

Salut,

Tu as une infection Look 2 Me.

Fais ceci :

apres avoir choisi loption 1 le bloc note souvre et mindique ceci:


L2MFIX find log 1.04a
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Applets]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\guard.tmp"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\DateTime]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\kt8ol7l31.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WB]
"Asynchronous"=dword:00000000
"DllName"="C:\\Program Files\\AlienGUIse\\fastload.dll"
"Startup"="StartSys"
"Logon"="StartWB"


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access AUTORITE NT\SYSTEM
(IO) ALLOW Full access AUTORITE NT\SYSTEM
(NI) ALLOW Full access AUTORITE NT\SYSTEM
(IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Utilisateurs
(ID-IO) ALLOW Read BUILTIN\Utilisateurs
(ID-NI) ALLOW Full access BUILTIN\Administrateurs
(ID-IO) ALLOW Full access BUILTIN\Administrateurs
(ID-NI) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE


**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{68CAF908-B428-4D3C-33C6-6AF59F840145}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class"
"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Dossiers Web"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{472083B0-C522-11CF-8763-00608CC02F24}"="avast"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{AC1DB655-4F9A-4c39-8AD2-A65324A4C446}"="Autodesk Drawing Preview"
"{36A21736-36C2-4C11-8ACB-D4136F2B57BD}"="Identificateur de superposition : ic“ne Signatures num‚riques de AutoCAD"
"{6DEA92E9-8682-4b6a-97DE-354772FE5727}"="Autodesk DWF Preview"
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper"
"{AE8375C2-B4A8-46FB-9DAC-1283E9E01BAB}"=""
"{C725BA11-467A-477F-9C1E-3438249C99D1}"=""

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{C725BA11-467A-477F-9C1E-3438249C99D1}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C725BA11-467A-477F-9C1E-3438249C99D1}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C725BA11-467A-477F-9C1E-3438249C99D1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C725BA11-467A-477F-9C1E-3438249C99D1}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
arsldpc.dll Sun 23 Oct 2005 16:42:28 ..S.R 234 552 229,05 K
azmparse.dll Sun 23 Oct 2005 17:29:08 ..S.R 235 938 230,41 K
cmdlin~1.dll Sat 27 Aug 2005 18:05:08 A.... 98 304 96,00 K
cuyptdlg.dll Sun 23 Oct 2005 17:36:28 ..S.R 235 315 229,80 K
dbmssocn.dll Fri 9 Sep 2005 20:11:12 A.... 11 536 11,27 K
fp2603~1.dll Sun 23 Oct 2005 17:20:10 ..S.R 235 938 230,41 K
fp2m03~1.dll Wed 26 Oct 2005 11:07:28 ..S.R 233 474 228,00 K
fp8u03~1.dll Sat 22 Oct 2005 19:00:30 ..S.R 235 255 229,74 K
fpp203~1.dll Wed 26 Oct 2005 19:13:56 ..S.R 235 609 230,09 K
hytplug.dll Thu 27 Oct 2005 10:49:10 ..S.R 235 336 229,82 K
k8no0i~1.dll Sun 23 Oct 2005 17:13:28 ..S.R 234 552 229,05 K
kt8ol7~1.dll Wed 26 Oct 2005 19:40:56 ..S.R 235 336 229,82 K
l60ulg~1.dll Sat 22 Oct 2005 21:32:28 ..S.R 235 255 229,74 K
msjet35.dll Fri 9 Sep 2005 20:11:12 A.... 1 046 288 1021,77 K
msjint35.dll Fri 9 Sep 2005 20:11:14 A.... 123 664 120,77 K
msjter35.dll Fri 9 Sep 2005 20:11:14 A.... 24 848 24,27 K
msrd2x35.dll Fri 9 Sep 2005 20:11:14 A.... 252 176 246,27 K
msrepl35.dll Fri 9 Sep 2005 20:11:14 A.... 415 504 405,77 K
nv4_disp.dll Tue 2 Aug 2005 16:35:00 A.... 3 908 864 3,73 M
nvcod.dll Tue 2 Aug 2005 16:35:00 A.... 32 768 32,00 K
nvcodins.dll Tue 2 Aug 2005 16:35:00 A.... 32 768 32,00 K
nvcpl.dll Tue 2 Aug 2005 16:35:00 A.... 7 110 656 6,78 M
nvhwvid.dll Tue 2 Aug 2005 16:35:00 A.... 540 672 528,00 K
nview.dll Tue 2 Aug 2005 16:35:00 A.... 1 466 368 1,40 M
nvmctray.dll Tue 2 Aug 2005 16:35:00 A.... 86 016 84,00 K
nvnt4cpl.dll Tue 2 Aug 2005 16:35:00 A.... 286 720 280,00 K
nvoglnt.dll Tue 2 Aug 2005 16:35:00 A.... 5 140 480 4,90 M
nvrsar.dll Tue 2 Aug 2005 16:35:00 A.... 315 392 308,00 K
nvrscs.dll Tue 2 Aug 2005 16:35:00 A.... 233 472 228,00 K
nvrsda.dll Tue 2 Aug 2005 16:35:00 A.... 241 664 236,00 K
nvrsde.dll Tue 2 Aug 2005 16:35:00 A.... 266 240 260,00 K
nvrsel.dll Tue 2 Aug 2005 16:35:00 A.... 270 336 264,00 K
nvrseng.dll Tue 2 Aug 2005 16:35:00 A.... 237 568 232,00 K
nvrses.dll Tue 2 Aug 2005 16:35:00 A.... 270 336 264,00 K
nvrsesm.dll Tue 2 Aug 2005 16:35:00 A.... 262 144 256,00 K
nvrsfi.dll Tue 2 Aug 2005 16:35:00 A.... 237 568 232,00 K
nvrsfr.dll Tue 2 Aug 2005 16:35:00 A.... 270 336 264,00 K
nvrshe.dll Tue 2 Aug 2005 16:35:00 A.... 311 296 304,00 K
nvrshu.dll Tue 2 Aug 2005 16:35:00 A.... 245 760 240,00 K
nvrsit.dll Tue 2 Aug 2005 16:35:00 A.... 270 336 264,00 K
nvrsja.dll Tue 2 Aug 2005 16:35:00 A.... 253 952 248,00 K
nvrsko.dll Tue 2 Aug 2005 16:35:00 A.... 249 856 244,00 K
nvrsnl.dll Tue 2 Aug 2005 16:35:00 A.... 262 144 256,00 K
nvrsno.dll Tue 2 Aug 2005 16:35:00 A.... 241 664 236,00 K
nvrspl.dll Tue 2 Aug 2005 16:35:00 A.... 241 664 236,00 K
nvrspt.dll Tue 2 Aug 2005 16:35:00 A.... 262 144 256,00 K
nvrsptb.dll Tue 2 Aug 2005 16:35:00 A.... 253 952 248,00 K
nvrsru.dll Tue 2 Aug 2005 16:35:00 A.... 258 048 252,00 K
nvrssk.dll Tue 2 Aug 2005 16:35:00 A.... 245 760 240,00 K
nvrssl.dll Tue 2 Aug 2005 16:35:00 A.... 241 664 236,00 K
nvrssv.dll Tue 2 Aug 2005 16:35:00 A.... 241 664 236,00 K
nvrstr.dll Tue 2 Aug 2005 16:35:00 A.... 245 760 240,00 K
nvrszhc.dll Tue 2 Aug 2005 16:35:00 A.... 212 992 208,00 K
nvrszht.dll Tue 2 Aug 2005 16:35:00 A.... 114 688 112,00 K
nvshell.dll Tue 2 Aug 2005 16:35:00 A.... 466 944 456,00 K
nvwddi.dll Tue 2 Aug 2005 16:35:00 A.... 81 920 80,00 K
nvwdmcpl.dll Tue 2 Aug 2005 16:35:00 A.... 1 662 976 1,59 M
nvwimg.dll Tue 2 Aug 2005 16:35:00 A.... 1 019 904 996,00 K
nvwrsar.dll Tue 2 Aug 2005 16:35:00 A.... 282 624 276,00 K
nvwrscs.dll Tue 2 Aug 2005 16:35:00 A.... 286 720 280,00 K
nvwrsda.dll Tue 2 Aug 2005 16:35:00 A.... 294 912 288,00 K
nvwrsde.dll Tue 2 Aug 2005 16:35:00 A.... 311 296 304,00 K
nvwrsel.dll Tue 2 Aug 2005 16:35:00 A.... 335 872 328,00 K
nvwrseng.dll Tue 2 Aug 2005 16:35:00 A.... 286 720 280,00 K
nvwrses.dll Tue 2 Aug 2005 16:35:00 A.... 335 872 328,00 K
nvwrsesm.dll Tue 2 Aug 2005 16:35:00 A.... 327 680 320,00 K
nvwrsfi.dll Tue 2 Aug 2005 16:35:00 A.... 303 104 296,00 K
nvwrsfr.dll Tue 2 Aug 2005 16:35:00 A.... 327 680 320,00 K
nvwrshe.dll Tue 2 Aug 2005 16:35:00 A.... 278 528 272,00 K
nvwrshu.dll Tue 2 Aug 2005 16:35:00 A.... 315 392 308,00 K
nvwrsit.dll Tue 2 Aug 2005 16:35:00 A.... 323 584 316,00 K
nvwrsja.dll Tue 2 Aug 2005 16:35:00 A.... 212 992 208,00 K
nvwrsko.dll Tue 2 Aug 2005 16:35:00 A.... 196 608 192,00 K
nvwrsnl.dll Tue 2 Aug 2005 16:35:00 A.... 319 488 312,00 K
nvwrsno.dll Tue 2 Aug 2005 16:35:00 A.... 299 008 292,00 K
nvwrspl.dll Tue 2 Aug 2005 16:35:00 A.... 294 912 288,00 K
nvwrspt.dll Tue 2 Aug 2005 16:35:00 A.... 323 584 316,00 K
nvwrsptb.dll Tue 2 Aug 2005 16:35:00 A.... 319 488 312,00 K
nvwrsru.dll Tue 2 Aug 2005 16:35:00 A.... 315 392 308,00 K
nvwrssk.dll Tue 2 Aug 2005 16:35:00 A.... 299 008 292,00 K
nvwrssl.dll Tue 2 Aug 2005 16:35:00 A.... 303 104 296,00 K
nvwrssv.dll Tue 2 Aug 2005 16:35:00 A.... 294 912 288,00 K
nvwrstr.dll Tue 2 Aug 2005 16:35:00 A.... 303 104 296,00 K
nvwrszhc.dll Tue 2 Aug 2005 16:35:00 A.... 163 840 160,00 K
nvwrszht.dll Tue 2 Aug 2005 16:35:00 A.... 167 936 164,00 K
nwlanui.dll Sun 23 Oct 2005 10:51:56 ..S.R 234 552 229,05 K
odbctl32.dll Fri 9 Sep 2005 20:11:14 A.... 72 704 71,00 K
ostext32.dll Sun 23 Oct 2005 17:20:10 ..S.R 235 315 229,80 K
sirenacm.dll Mon 19 Sep 2005 7:00:34 A.... 119 856 117,05 K
uzbmon.dll Sun 23 Oct 2005 17:14:46 ..S.R 235 315 229,80 K
vbar332.dll Fri 9 Sep 2005 20:11:52 A.... 368 912 360,27 K
vfp6r.dll Fri 9 Sep 2005 20:11:52 A.... 3 373 328 3,21 M
vfp6renu.dll Fri 9 Sep 2005 20:11:52 A.... 876 032 855,50 K
vfpodbc.dll Fri 9 Sep 2005 20:11:52 A.... 934 672 912,77 K

94 items found: 94 files (14 H/S), 0 directories.
Total of file sizes: 47 428 382 bytes 45,23 M
Locate .tmp files:

C:\WINDOWS\SYSTEM32\
guard.tmp Wed 26 Oct 2005 22:41:56 ..S.R 235 336 229,82 K

1 item found: 1 file (1 H/S), 0 directories.
Total of file sizes: 235 336 bytes 229,82 K
**********************************************************************************
Directory Listing of system files:
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 783A-2894

R‚pertoire de C:\WINDOWS\System32

27/10/2005 10:49 235ÿ336 hytplug.dll
26/10/2005 22:41 235ÿ336 guard.tmp
26/10/2005 19:40 235ÿ336 kt8ol7l31.dll
26/10/2005 19:13 235ÿ609 fpp2037oe.dll
26/10/2005 11:07 233ÿ474 fp2m03f1e.dll
23/10/2005 17:36 235ÿ315 cuyptdlg.dll
23/10/2005 17:29 235ÿ938 azmparse.dll
23/10/2005 17:20 235ÿ315 ostext32.dll
23/10/2005 17:20 235ÿ938 fp2603fse.dll
23/10/2005 17:14 235ÿ315 uzbmon.dll
23/10/2005 17:13 234ÿ552 k8no0i53e8.dll
23/10/2005 16:42 234ÿ552 arsldpc.dll
23/10/2005 10:51 234ÿ552 nwlanui.dll
23/10/2005 10:50 <REP> dllcache
22/10/2005 21:32 235ÿ255 l60ulgd9160.dll
22/10/2005 19:00 235ÿ255 fp8u03l9e.dll
09/03/2005 23:55 <REP> Microsoft
15 fichier(s) 3ÿ527ÿ078 octets
2 R‚p(s) 46ÿ042ÿ578ÿ944 octets libres

ben vas y fais la suite ;-)

Bon voici la suite obtenue en lancant second.bat car apres reboot rien ne saffichait sinon :


L2Mfix 1.04a

Running From:
C:\Documents and Settings\Florent\Bureau\l2mfix



RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(CI) DENY --C------- BUILTIN\Administrateurs
(NI) ALLOW Full access AUTORITE NT\SYSTEM
(IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Utilisateurs
(ID-IO) ALLOW Read BUILTIN\Utilisateurs
(ID-NI) ALLOW Full access BUILTIN\Administrateurs
(ID-IO) ALLOW Full access BUILTIN\Administrateurs
(ID-NI) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE



Setting registry permissions:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Denying C(CI) access for predefined group "Administrators"
- adding new ACCESS DENY entry
- removing existing ACCESS DENY entry


Registry Permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(CI) DENY --C------- BUILTIN\Administrateurs
(NI) ALLOW Full access AUTORITE NT\SYSTEM
(IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Utilisateurs
(ID-IO) ALLOW Read BUILTIN\Utilisateurs
(ID-NI) ALLOW Full access BUILTIN\Administrateurs
(ID-IO) ALLOW Full access BUILTIN\Administrateurs
(ID-NI) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE



Setting up for Reboot


Starting Reboot!

Setting Directory
C:\Documents and Settings\Florent\Bureau\l2mfix
System Rebooted!

Running From:
C:\Documents and Settings\Florent\Bureau\l2mfix

killing explorer and rundll32.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1876 'explorer.exe'
Killing PID 1876 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 408 'rundll32.exe'
Killing PID 592 'rundll32.exe'
Killing PID 676 'rundll32.exe'

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!
Backing Up: C:\WINDOWS\system32\arsldpc.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\azmparse.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\cuyptdlg.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\fp2603fse.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\fp2m03f1e.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\fp8u03l9e.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\fpp2037oe.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\k8no0i53e8.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\l60ulgd9160.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\nwlanui.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\ostext32.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\rTsser.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\uzbmon.dll
1 fichier(s) copi‚(s).
Backing Up: C:\WINDOWS\system32\guard.tmp
1 fichier(s) copi‚(s).
deleting: C:\WINDOWS\system32\arsldpc.dll
Successfully Deleted: C:\WINDOWS\system32\arsldpc.dll
deleting: C:\WINDOWS\system32\azmparse.dll
Successfully Deleted: C:\WINDOWS\system32\azmparse.dll
deleting: C:\WINDOWS\system32\cuyptdlg.dll
Successfully Deleted: C:\WINDOWS\system32\cuyptdlg.dll
deleting: C:\WINDOWS\system32\fp2603fse.dll
Successfully Deleted: C:\WINDOWS\system32\fp2603fse.dll
deleting: C:\WINDOWS\system32\fp2m03f1e.dll
Successfully Deleted: C:\WINDOWS\system32\fp2m03f1e.dll
deleting: C:\WINDOWS\system32\fp8u03l9e.dll
Successfully Deleted: C:\WINDOWS\system32\fp8u03l9e.dll
deleting: C:\WINDOWS\system32\fpp2037oe.dll
Successfully Deleted: C:\WINDOWS\system32\fpp2037oe.dll
deleting: C:\WINDOWS\system32\k8no0i53e8.dll
Successfully Deleted: C:\WINDOWS\system32\k8no0i53e8.dll
deleting: C:\WINDOWS\system32\l60ulgd9160.dll
Successfully Deleted: C:\WINDOWS\system32\l60ulgd9160.dll
deleting: C:\WINDOWS\system32\nwlanui.dll
Successfully Deleted: C:\WINDOWS\system32\nwlanui.dll
deleting: C:\WINDOWS\system32\ostext32.dll
Successfully Deleted: C:\WINDOWS\system32\ostext32.dll
deleting: C:\WINDOWS\system32\rTsser.dll
Successfully Deleted: C:\WINDOWS\system32\rTsser.dll
deleting: C:\WINDOWS\system32\uzbmon.dll
Successfully Deleted: C:\WINDOWS\system32\uzbmon.dll
deleting: C:\WINDOWS\system32\guard.tmp
Successfully Deleted: C:\WINDOWS\system32\guard.tmp


Zipping up files for submission:
adding: arsldpc.dll (164 bytes security) (deflated 4%)
adding: azmparse.dll (164 bytes security) (deflated 5%)
adding: cuyptdlg.dll (164 bytes security) (deflated 5%)
adding: fp2603fse.dll (164 bytes security) (deflated 5%)
adding: fp2m03f1e.dll (164 bytes security) (deflated 4%)
adding: fp8u03l9e.dll (164 bytes security) (deflated 5%)
adding: fpp2037oe.dll (164 bytes security) (deflated 5%)
adding: k8no0i53e8.dll (164 bytes security) (deflated 4%)
adding: l60ulgd9160.dll (164 bytes security) (deflated 5%)
adding: nwlanui.dll (164 bytes security) (deflated 4%)
adding: ostext32.dll (164 bytes security) (deflated 5%)
adding: rTsser.dll (164 bytes security) (deflated 5%)
adding: uzbmon.dll (164 bytes security) (deflated 5%)
adding: guard.tmp (164 bytes security) (deflated 5%)
adding: clear.reg (164 bytes security) (deflated 37%)
adding: echo.reg (164 bytes security) (deflated 11%)
adding: direct.txt (164 bytes security) (stored 0%)
adding: lo2.txt (164 bytes security) (deflated 81%)
adding: readme.txt (164 bytes security) (deflated 52%)
adding: report.txt (164 bytes security) (deflated 67%)
adding: test.txt (164 bytes security) (deflated 75%)
adding: test2.txt (164 bytes security) (deflated 17%)
adding: test3.txt (164 bytes security) (deflated 17%)
adding: test5.txt (164 bytes security) (deflated 17%)
adding: xfind.txt (164 bytes security) (deflated 69%)
adding: backregs/C725BA11-467A-477F-9C1E-3438249C99D1.reg (164 bytes security) (deflated 70%)
adding: backregs/notibac.reg (164 bytes security) (deflated 87%)
adding: backregs/shell.reg (164 bytes security) (deflated 73%)

Restoring Registry Permissions:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Revoking access for predefined group "Administrators"
Inherited ACE can not be revoked here!
Inherited ACE can not be revoked here!


Registry permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access AUTORITE NT\SYSTEM
(IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Utilisateurs
(ID-IO) ALLOW Read BUILTIN\Utilisateurs
(ID-NI) ALLOW Full access BUILTIN\Administrateurs
(ID-IO) ALLOW Full access BUILTIN\Administrateurs
(ID-NI) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE


Restoring Sedebugprivilege:

Granting SeDebugPrivilege to Administrators ... failed (GetAccountSid(Administrators)=1332

Restoring Windows Update Certificates.:

deleting local copy: arsldpc.dll
deleting local copy: azmparse.dll
deleting local copy: cuyptdlg.dll
deleting local copy: fp2603fse.dll
deleting local copy: fp2m03f1e.dll
deleting local copy: fp8u03l9e.dll
deleting local copy: fpp2037oe.dll
deleting local copy: k8no0i53e8.dll
deleting local copy: l60ulgd9160.dll
deleting local copy: nwlanui.dll
deleting local copy: ostext32.dll
deleting local copy: rTsser.dll
deleting local copy: uzbmon.dll
deleting local copy: guard.tmp

The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WB]
"Asynchronous"=dword:00000000
"DllName"="C:\\Program Files\\AlienGUIse\\fastload.dll"
"Startup"="StartSys"
"Logon"="StartWB"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
"DLLName"="wzcdlg.dll"
"Logon"="WZCEventLogon"
"Logoff"="WZCEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000000


The following are the files found:
****************************************************************************
C:\WINDOWS\system32\arsldpc.dll
C:\WINDOWS\system32\azmparse.dll
C:\WINDOWS\system32\cuyptdlg.dll
C:\WINDOWS\system32\fp2603fse.dll
C:\WINDOWS\system32\fp2m03f1e.dll
C:\WINDOWS\system32\fp8u03l9e.dll
C:\WINDOWS\system32\fpp2037oe.dll
C:\WINDOWS\system32\k8no0i53e8.dll
C:\WINDOWS\system32\l60ulgd9160.dll
C:\WINDOWS\system32\nwlanui.dll
C:\WINDOWS\system32\ostext32.dll
C:\WINDOWS\system32\rTsser.dll
C:\WINDOWS\system32\uzbmon.dll
C:\WINDOWS\system32\guard.tmp

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{AE8375C2-B4A8-46FB-9DAC-1283E9E01BAB}"=-
"{C725BA11-467A-477F-9C1E-3438249C99D1}"=-
[-HKEY_CLASSES_ROOT\CLSID\{AE8375C2-B4A8-46FB-9DAC-1283E9E01BAB}]
[-HKEY_CLASSES_ROOT\CLSID\{C725BA11-467A-477F-9C1E-3438249C99D1}]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
****************************************************************************
Desktop.ini Contents:
****************************************************************************
****************************************************************************

Bon voila je crois que jai tout fait mais je ne cache pas pour moi que c'est du charabia ;-)

(je ne te cache pas que pour moi aussi c'est du charabiat :-D)

Poste un log HijackThis maintenant pour voir si les lignes O20 sont virées.

et revoila le post hijackthis (le retour) :-):


Logfile of HijackThis v1.99.1
Scan saved at 15:28:29, on 27/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\HijackThis\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS\System32\NVRTCLK\NVRTClk.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O17 - HKLM\System\CCS\Services\Tcpip\..\{3EB2D4B1-DD7A-4098-B79D-F6B9AA42A1AB}: NameServer = 192.168.1.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Ben c'est clean maintenant tout ça.

As tu encore des problèmes ? :-)

Il me semble pas !!

en tout cas je ne c'est pas ce que tu a fait lol ne serai tu pas magicien??

Bah merci bcp puis si jamais sa se reproduit je saurai quoi faire (enfin je pense)!!

Merci, Florent alias Virux.