[résolu]spotresults.com

[queruak]

Rebonsoir,

 

-Parmi tous ces programmes listés,est ce qu'il y'en a un que tu ne reconnais pas ?

 

A quoi te sert ce programme,et est ce toi qui l'a installé ?

 

WinPLOSION (Version 2.17)

 

-Fais ceci :

Télécharge cet outil.

http://www.atribune.org/downloads/l2mfix.exe

ou d'ici

http://www.downloads.subratam.org/l2mfix.exe

 

-Pose-le sur ton bureau

-Dézippe-le

-Double-clique l2mfix.bat et choisis l'option 1 (tape 1 et entrée)

-Lorsqu'il a terminé sa recherche, il ouvre un rapport dans le bloc-notes.

 

-Copie/colle ce rapport ici.

 

Important : ne clique aucun autre fichier ni options !!!

[nebuchad34]

win plosion c'est bien moi qui l'est installé. Il simmule l'exposé de Mac OS X

[nebuchad34]

L2MFIX find log 1.03

These are the registry keys present

**********************************************************************************

Winlogon/notify:

Windows Registry Editor Version 5.00

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]

"Asynchronous"=dword:00000000

"Impersonate"=dword:00000000

"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\

6c,00,00,00

"Logoff"="ChainWlxLogoffEvent"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]

"Asynchronous"=dword:00000000

"Impersonate"=dword:00000000

"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\

6c,00,6c,00,00,00

"Logoff"="CryptnetWlxLogoffEvent"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]

"DLLName"="cscdll.dll"

"Logon"="WinlogonLogonEvent"

"Logoff"="WinlogonLogoffEvent"

"ScreenSaver"="WinlogonScreenSaverEvent"

"Startup"="WinlogonStartupEvent"

"Shutdown"="WinlogonShutdownEvent"

"StartShell"="WinlogonStartShellEvent"

"Impersonate"=dword:00000000

"Asynchronous"=dword:00000001

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Explorer]

"Asynchronous"=dword:00000000

"DllName"="C:\\WINDOWS\\system32\\i6nm0g51e6.dll"

"Impersonate"=dword:00000000

"Logon"="WinLogon"

"Logoff"="WinLogoff"

"Shutdown"="WinShutdown"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]

"DLLName"="wlnotify.dll"

"Logon"="SCardStartCertProp"

"Logoff"="SCardStopCertProp"

"Lock"="SCardSuspendCertProp"

"Unlock"="SCardResumeCertProp"

"Enabled"=dword:00000001

"Impersonate"=dword:00000001

"Asynchronous"=dword:00000001

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]

"Asynchronous"=dword:00000000

"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\

6c,00,6c,00,00,00

"Impersonate"=dword:00000000

"StartShell"="SchedStartShell"

"Logoff"="SchedEventLogOff"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]

"Logoff"="WLEventLogoff"

"Impersonate"=dword:00000000

"Asynchronous"=dword:00000001

"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\

6c,00,6c,00,00,00

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]

"DLLName"="WlNotify.dll"

"Lock"="SensLockEvent"

"Logon"="SensLogonEvent"

"Logoff"="SensLogoffEvent"

"Safe"=dword:00000001

"MaxWait"=dword:00000258

"StartScreenSaver"="SensStartScreenSaverEvent"

"StopScreenSaver"="SensStopScreenSaverEvent"

"Startup"="SensStartupEvent"

"Shutdown"="SensShutdownEvent"

"StartShell"="SensStartShellEvent"

"PostShell"="SensPostShellEvent"

"Disconnect"="SensDisconnectEvent"

"Reconnect"="SensReconnectEvent"

"Unlock"="SensUnlockEvent"

"Impersonate"=dword:00000001

"Asynchronous"=dword:00000001

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]

"Asynchronous"=dword:00000000

"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\

6c,00,6c,00,00,00

"Impersonate"=dword:00000000

"Logoff"="TSEventLogoff"

"Logon"="TSEventLogon"

"PostShell"="TSEventPostShell"

"Shutdown"="TSEventShutdown"

"StartShell"="TSEventStartShell"

"Startup"="TSEventStartup"

"MaxWait"=dword:00000258

"Reconnect"="TSEventReconnect"

"Disconnect"="TSEventDisconnect"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]

"DLLName"="wlnotify.dll"

"Logon"="RegisterTicketExpiredNotificationEvent"

"Logoff"="UnregisterTicketExpiredNotificationEvent"

"Impersonate"=dword:00000001

"Asynchronous"=dword:00000001

 

**********************************************************************************

useragent:

Windows Registry Editor Version 5.00

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

"{C4473154-4F93-8C1C-720A-CCA99F814DF3}"=""

 

**********************************************************************************

Shell Extension key:

Windows Registry Editor Version 5.00

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Dossiers Web"

"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"

"{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class"

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper"

"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"

"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu"

"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"="Eudora's Shell Extension"

"{9AA0BBD8-AF7B-4C3B-B348-32EA2AB0A34B}"=""

"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes"

"{F928946F-D517-4947-BBF6-A8EE761A8204}"=""

 

**********************************************************************************

HKEY ROOT CLASSIDS:

Windows Registry Editor Version 5.00

 

[HKEY_CLASSES_ROOT\CLSID\{9AA0BBD8-AF7B-4C3B-B348-32EA2AB0A34B}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{9AA0BBD8-AF7B-4C3B-B348-32EA2AB0A34B}\Implemented Categories]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{9AA0BBD8-AF7B-4C3B-B348-32EA2AB0A34B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{9AA0BBD8-AF7B-4C3B-B348-32EA2AB0A34B}\InprocServer32]

@="C:\\WINDOWS\\system32\\kmdycl.dll"

"ThreadingModel"="Apartment"

 

Windows Registry Editor Version 5.00

 

[HKEY_CLASSES_ROOT\CLSID\{F928946F-D517-4947-BBF6-A8EE761A8204}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{F928946F-D517-4947-BBF6-A8EE761A8204}\Implemented Categories]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{F928946F-D517-4947-BBF6-A8EE761A8204}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{F928946F-D517-4947-BBF6-A8EE761A8204}\InprocServer32]

@="C:\\WINDOWS\\system32\\guard.tmp"

"ThreadingModel"="Apartment"

 

**********************************************************************************

Files Found are not all bad files:

 

C:\WINDOWS\SYSTEM32\

atl71.dll Fri 25 Mar 2005 23:55:20 A.... 89 088 87,00 K

authz.dll Wed 2 Mar 2005 20:10:36 A.... 56 832 55,50 K

bdowser.dll Sun 17 Apr 2005 11:04:04 ..S.R 234 540 229,04 K

browseui.dll Thu 10 Mar 2005 10:04:12 A.... 1 017 344 993,50 K

cdfview.dll Thu 10 Mar 2005 10:04:12 A.... 152 064 148,50 K

coolco~1.dll Fri 25 Mar 2005 23:56:34 A.... 593 920 580,00 K

g6400g~1.dll Mon 11 Apr 2005 16:21:36 ..S.R 235 903 230,37 K

gccoll~1.dll Thu 10 Feb 2005 22:32:20 A.... 119 520 116,72 K

gcmd5q~1.dll Mon 11 Apr 2005 16:54:50 A.... 10 752 10,50 K

gcunco~1.dll Thu 10 Feb 2005 22:32:20 A.... 130 272 127,22 K

hashlib.dll Thu 10 Feb 2005 22:32:18 A.... 81 120 79,22 K

hr6205~1.dll Thu 14 Apr 2005 18:24:04 ..S.R 234 956 229,45 K

i260lc~1.dll Tue 12 Apr 2005 8:30:00 ..S.R 232 755 227,30 K

i6nm0g~1.dll Sun 17 Apr 2005 17:47:40 ..S.R 235 008 229,50 K

idmmbc.dll Wed 19 Jan 2005 18:34:48 A.... 131 072 128,00 K

iepeers.dll Thu 10 Mar 2005 10:04:12 A.... 250 880 245,00 K

inseng.dll Thu 10 Mar 2005 10:04:12 A.... 96 768 94,50 K

ir84l5~1.dll Sun 17 Apr 2005 18:14:00 ..S.R 232 966 227,50 K

k626lg~1.dll Mon 11 Apr 2005 15:21:10 ..S.R 233 037 227,57 K

kmdycl.dll Sun 17 Apr 2005 18:14:00 ..S.R 235 008 229,50 K

mhvcp70.dll Sun 17 Apr 2005 10:52:48 ..S.R 232 927 227,46 K

mshtml.dll Thu 10 Mar 2005 10:04:12 A.... 3 010 560 2,87 M

msi.dll Mon 21 Mar 2005 15:00:20 A.... 2 890 240 2,75 M

msihnd.dll Mon 21 Mar 2005 15:00:22 A.... 271 360 265,00 K

msimsg.dll Mon 21 Mar 2005 15:00:22 A.... 884 736 864,00 K

msisip.dll Mon 21 Mar 2005 15:00:22 A.... 15 360 15,00 K

msrating.dll Thu 10 Mar 2005 10:04:12 A.... 146 432 143,00 K

msxml4.dll Fri 21 Jan 2005 5:02:04 A.... 1 233 920 1,18 M

msxml4a.dll Fri 21 Jan 2005 5:02:04 A.... 44 544 43,50 K

msxml4r.dll Fri 21 Jan 2005 5:02:04 A.... 82 432 80,50 K

n4r2le~1.dll Thu 14 Apr 2005 18:17:00 ..S.R 235 985 230,45 K

nv4_disp.dll Thu 24 Feb 2005 8:32:00 A.... 3 973 888 3,79 M

nvcod.dll Thu 24 Feb 2005 8:32:00 A.... 32 256 31,50 K

nvcodins.dll Thu 24 Feb 2005 8:32:00 A.... 32 256 31,50 K

nvcpl.dll Thu 24 Feb 2005 8:32:00 A.... 5 537 792 5,28 M

nvhwvid.dll Thu 24 Feb 2005 8:32:00 A.... 540 672 528,00 K

nview.dll Thu 24 Feb 2005 8:32:00 A.... 1 458 176 1,39 M

nvmctray.dll Thu 24 Feb 2005 8:32:00 A.... 86 016 84,00 K

nvnt4cpl.dll Thu 24 Feb 2005 8:32:00 A.... 245 760 240,00 K

nvoglnt.dll Thu 24 Feb 2005 8:32:00 A.... 5 332 992 5,09 M

nvrsar.dll Thu 24 Feb 2005 8:32:00 A.... 307 200 300,00 K

nvrscs.dll Thu 24 Feb 2005 8:32:00 A.... 229 376 224,00 K

nvrsda.dll Thu 24 Feb 2005 8:32:00 A.... 237 568 232,00 K

nvrsde.dll Thu 24 Feb 2005 8:32:00 A.... 258 048 252,00 K

nvrsel.dll Thu 24 Feb 2005 8:32:00 A.... 262 144 256,00 K

nvrseng.dll Thu 24 Feb 2005 8:32:00 A.... 229 376 224,00 K

nvrses.dll Thu 24 Feb 2005 8:32:00 A.... 262 144 256,00 K

nvrsesm.dll Thu 24 Feb 2005 8:32:00 A.... 253 952 248,00 K

nvrsfi.dll Thu 24 Feb 2005 8:32:00 A.... 229 376 224,00 K

nvrsfr.dll Thu 24 Feb 2005 8:32:00 A.... 266 240 260,00 K

nvrshe.dll Thu 24 Feb 2005 8:32:00 A.... 303 104 296,00 K

nvrshu.dll Thu 24 Feb 2005 8:32:00 A.... 241 664 236,00 K

nvrsit.dll Thu 24 Feb 2005 8:32:00 A.... 262 144 256,00 K

nvrsja.dll Thu 24 Feb 2005 8:32:00 A.... 249 856 244,00 K

nvrsko.dll Thu 24 Feb 2005 8:32:00 A.... 245 760 240,00 K

nvrsnl.dll Thu 24 Feb 2005 8:32:00 A.... 253 952 248,00 K

nvrsno.dll Thu 24 Feb 2005 8:32:00 A.... 237 568 232,00 K

nvrspl.dll Thu 24 Feb 2005 8:32:00 A.... 237 568 232,00 K

nvrspt.dll Thu 24 Feb 2005 8:32:00 A.... 253 952 248,00 K

nvrsptb.dll Thu 24 Feb 2005 8:32:00 A.... 249 856 244,00 K

nvrsru.dll Thu 24 Feb 2005 8:32:00 A.... 249 856 244,00 K

nvrssk.dll Thu 24 Feb 2005 8:32:00 A.... 237 568 232,00 K

nvrssl.dll Thu 24 Feb 2005 8:32:00 A.... 237 568 232,00 K

nvrssv.dll Thu 24 Feb 2005 8:32:00 A.... 237 568 232,00 K

nvrstr.dll Thu 24 Feb 2005 8:32:00 A.... 237 568 232,00 K

nvrszhc.dll Thu 24 Feb 2005 8:32:00 A.... 208 896 204,00 K

nvrszht.dll Thu 24 Feb 2005 8:32:00 A.... 114 688 112,00 K

nvshell.dll Thu 24 Feb 2005 8:32:00 A.... 466 944 456,00 K

nvwddi.dll Thu 24 Feb 2005 8:32:00 A.... 81 920 80,00 K

nvwdmcpl.dll Thu 24 Feb 2005 8:32:00 A.... 1 662 976 1,59 M

nvwimg.dll Thu 24 Feb 2005 8:32:00 A.... 1 019 904 996,00 K

nvwrsar.dll Thu 24 Feb 2005 8:32:00 A.... 274 432 268,00 K

nvwrscs.dll Thu 24 Feb 2005 8:32:00 A.... 278 528 272,00 K

nvwrsda.dll Thu 24 Feb 2005 8:32:00 A.... 290 816 284,00 K

nvwrsde.dll Thu 24 Feb 2005 8:32:00 A.... 303 104 296,00 K

nvwrsel.dll Thu 24 Feb 2005 8:32:00 A.... 331 776 324,00 K

nvwrseng.dll Thu 24 Feb 2005 8:32:00 A.... 278 528 272,00 K

nvwrses.dll Thu 24 Feb 2005 8:32:00 A.... 327 680 320,00 K

nvwrsesm.dll Thu 24 Feb 2005 8:32:00 A.... 319 488 312,00 K

nvwrsfi.dll Thu 24 Feb 2005 8:32:00 A.... 294 912 288,00 K

nvwrsfr.dll Thu 24 Feb 2005 8:32:00 A.... 319 488 312,00 K

nvwrshe.dll Thu 24 Feb 2005 8:32:00 A.... 274 432 268,00 K

nvwrshu.dll Thu 24 Feb 2005 8:32:00 A.... 307 200 300,00 K

nvwrsit.dll Thu 24 Feb 2005 8:32:00 A.... 319 488 312,00 K

nvwrsja.dll Thu 24 Feb 2005 8:32:00 A.... 208 896 204,00 K

nvwrsko.dll Thu 24 Feb 2005 8:32:00 A.... 192 512 188,00 K

nvwrsnl.dll Thu 24 Feb 2005 8:32:00 A.... 311 296 304,00 K

nvwrsno.dll Thu 24 Feb 2005 8:32:00 A.... 294 912 288,00 K

nvwrspl.dll Thu 24 Feb 2005 8:32:00 A.... 290 816 284,00 K

nvwrspt.dll Thu 24 Feb 2005 8:32:00 A.... 319 488 312,00 K

nvwrsptb.dll Thu 24 Feb 2005 8:32:00 A.... 311 296 304,00 K

nvwrsru.dll Thu 24 Feb 2005 8:32:00 A.... 307 200 300,00 K

nvwrssk.dll Thu 24 Feb 2005 8:32:00 A.... 290 816 284,00 K

nvwrssl.dll Thu 24 Feb 2005 8:32:00 A.... 294 912 288,00 K

nvwrssv.dll Thu 24 Feb 2005 8:32:00 A.... 290 816 284,00 K

nvwrstr.dll Thu 24 Feb 2005 8:32:00 A.... 299 008 292,00 K

nvwrszhc.dll Thu 24 Feb 2005 8:32:00 A.... 159 744 156,00 K

nvwrszht.dll Thu 24 Feb 2005 8:32:00 A.... 163 840 160,00 K

o8pqli~1.dll Fri 15 Apr 2005 8:48:32 ..S.R 233 013 227,55 K

px.dll Tue 15 Mar 2005 21:49:38 ..... 495 616 484,00 K

pxdrv.dll Tue 15 Mar 2005 21:49:38 ..... 376 832 368,00 K

pxmas.dll Tue 15 Mar 2005 21:49:38 ..... 155 648 152,00 K

pxwave.dll Tue 15 Mar 2005 21:49:38 ..... 319 488 312,00 K

pxwma.dll Tue 15 Mar 2005 21:49:38 ..... 86 016 84,00 K

screamci.dll Sun 17 Apr 2005 10:54:58 ..S.R 233 926 228,44 K

shdocvw.dll Thu 10 Mar 2005 10:04:12 A.... 1 483 776 1,41 M

shell32.dll Tue 1 Mar 2005 1:12:24 A.... 8 506 368 8,11 M

shlwapi.dll Thu 10 Mar 2005 10:04:12 A.... 474 112 463,00 K

spmsg.dll Thu 24 Feb 2005 19:35:26 ..... 15 072 14,72 K

unicows.dll Fri 25 Mar 2005 23:58:12 A.... 245 408 239,66 K

urlmon.dll Thu 10 Mar 2005 10:04:14 A.... 605 696 591,50 K

user32.dll Wed 2 Mar 2005 20:10:36 A.... 578 048 564,50 K

utnp.dll Sun 17 Apr 2005 11:02:38 ..... 234 197 228,71 K

vxblock.dll Tue 15 Mar 2005 21:49:38 ..... 28 672 28,00 K

wansrv.dll Mon 11 Apr 2005 15:47:56 ..S.R 235 295 229,78 K

wep.dll Sun 17 Apr 2005 18:14:16 A.... 75 264 73,50 K

wininet.dll Thu 10 Mar 2005 10:04:14 A.... 660 992 645,50 K

winphk.dll Sun 17 Apr 2005 18:14:16 A.... 11 776 11,50 K

winsrv.dll Wed 2 Mar 2005 20:10:36 A.... 291 840 285,00 K

xprt3.dll Fri 25 Mar 2005 23:58:50 A.... 172 032 168,00 K

xprt4.dll Fri 25 Mar 2005 23:59:04 A.... 81 920 80,00 K

 

121 items found: 121 files (13 H/S), 0 directories.

Total of file sizes: 63 974 844 bytes 61,01 M

Locate .tmp files:

 

No matches found.

**********************************************************************************

Directory Listing of system files:

Le volume dans le lecteur C n'a pas de nom.

Le num‚ro de s‚rie du volume est E072-D6FD

 

R‚pertoire de C:\WINDOWS\System32

 

17/04/2005 18:13 235ÿ008 kmdycl.dll

17/04/2005 18:13 232ÿ966 ir84l5lq1.dll

17/04/2005 17:47 235ÿ008 i6nm0g51e6.dll

17/04/2005 11:04 234ÿ540 bdowser.dll

17/04/2005 10:54 233ÿ926 screamci.dll

17/04/2005 10:52 232ÿ927 mhvcp70.dll

15/04/2005 08:48 233ÿ013 o8pqli7518.dll

14/04/2005 18:24 234ÿ956 hr6205joe.dll

14/04/2005 18:16 235ÿ985 n4r2le9o1h.dll

14/04/2005 09:08 <REP> dllcache

12/04/2005 08:29 232ÿ755 i260lcjm1foa.dll

11/04/2005 16:21 235ÿ903 g6400ghme64a0.dll

11/04/2005 15:47 235ÿ295 wansrv.dll

11/04/2005 15:21 233ÿ037 k626lgfs1626.dll

09/03/2005 15:57 7ÿ308 KGyGaAvL.sys

09/03/2005 15:39 56 0857413B79.sys

10/11/2004 13:35 <REP> Microsoft

06/09/2004 13:56 204ÿ800 archlib.dll

16 fichier(s) 3ÿ257ÿ483 octets

2 R‚p(s) 6ÿ976ÿ778ÿ240 octets libres

[queruak]

Rebonsoir,

 

Ferme tes travaux en cours car il va y avoir un reboot.

 

Maintenant,, tu reprends l2mfix.bat, tu choisis l'option 2 (+entrée)

et n'importe quelle touche pour le reboot.

 

Il va travailler. Et pareil, ensuite, délivrer un log

Copie/colle ce log ici, ainsi qu'un nouveau rapport HijackThis.

[nebuchad34]

Le log délivrépar L2Mfix :

 

L2Mfix 1.03

 

Running From:

C:\DOCUME~1\NEBUCH~1\Bureau\l2mfix

 

 

 

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above

Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de'>http://www.heysoft.de'>http://www.heysoft.de'>http://www.heysoft.de'>http://www.heysoft.de)

This program is Freeware, use it on your own risk!

 

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:

(NI) ALLOW Full access AUTORITE NT\SYSTEM

(IO) ALLOW Full access AUTORITE NT\SYSTEM

(NI) ALLOW Full access AUTORITE NT\SYSTEM

(IO) ALLOW Full access AUTORITE NT\SYSTEM

(ID-NI) ALLOW Read BUILTIN\Utilisateurs

(ID-IO) ALLOW Read BUILTIN\Utilisateurs

(ID-NI) ALLOW Read BUILTIN\Utilisateurs avec pouvoir

(ID-IO) ALLOW Read BUILTIN\Utilisateurs avec pouvoir

(ID-NI) ALLOW Full access BUILTIN\Administrateurs

(ID-IO) ALLOW Full access BUILTIN\Administrateurs

(ID-NI) ALLOW Full access AUTORITE NT\SYSTEM

(ID-IO) ALLOW Full access AUTORITE NT\SYSTEM

(ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE

 

 

 

Setting registry permissions:

 

 

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above

Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)

This program is Freeware, use it on your own risk!

 

 

Denying C(CI) access for predefined group "Administrators"

- adding new ACCESS DENY entry

 

 

Registry Permissions set too:

 

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above

Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)

This program is Freeware, use it on your own risk!

 

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:

(CI) DENY --C------- BUILTIN\Administrateurs

(NI) ALLOW Full access AUTORITE NT\SYSTEM

(IO) ALLOW Full access AUTORITE NT\SYSTEM

(NI) ALLOW Full access AUTORITE NT\SYSTEM

(IO) ALLOW Full access AUTORITE NT\SYSTEM

(ID-NI) ALLOW Read BUILTIN\Utilisateurs

(ID-IO) ALLOW Read BUILTIN\Utilisateurs

(ID-NI) ALLOW Read BUILTIN\Utilisateurs avec pouvoir

(ID-IO) ALLOW Read BUILTIN\Utilisateurs avec pouvoir

(ID-NI) ALLOW Full access BUILTIN\Administrateurs

(ID-IO) ALLOW Full access BUILTIN\Administrateurs

(ID-NI) ALLOW Full access AUTORITE NT\SYSTEM

(ID-IO) ALLOW Full access AUTORITE NT\SYSTEM

(ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE

 

 

 

Setting up for Reboot

 

 

Starting Reboot!

 

C:\Documents and Settings\Nebuchad34\Bureau\l2mfix

System Rebooted!

 

Running From:

C:\Documents and Settings\Nebuchad34\Bureau\l2mfix

 

killing explorer and rundll32.exe

 

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03

Copyright© 2002-2003 [email protected]

Killing PID 1832 'explorer.exe'

 

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03

Copyright© 2002-2003 [email protected]

Killing PID 1924 'rundll32.exe'

 

Scanning First Pass. Please Wait!

 

First Pass Completed

 

Second Pass Scanning

 

Second pass Completed!

Backing Up: C:\WINDOWS\system32\bdowser.dll

1 fichier(s) copi‚(s).

Backing Up: C:\WINDOWS\system32\g6400ghme64a0.dll

1 fichier(s) copi‚(s).

Backing Up: C:\WINDOWS\system32\hr6205joe.dll

1 fichier(s) copi‚(s).

Backing Up: C:\WINDOWS\system32\i260lcjm1foa.dll

1 fichier(s) copi‚(s).

Backing Up: C:\WINDOWS\system32\ir84l5lq1.dll

1 fichier(s) copi‚(s).

Backing Up: C:\WINDOWS\system32\k626lgfs1626.dll

1 fichier(s) copi‚(s).

Backing Up: C:\WINDOWS\system32\kmdycl.dll

1 fichier(s) copi‚(s).

Backing Up: C:\WINDOWS\system32\mhvcp70.dll

1 fichier(s) copi‚(s).

Backing Up: C:\WINDOWS\system32\n4r2le9o1h.dll

1 fichier(s) copi‚(s).

Backing Up: C:\WINDOWS\system32\o8pqli7518.dll

1 fichier(s) copi‚(s).

Backing Up: C:\WINDOWS\system32\screamci.dll

1 fichier(s) copi‚(s).

Backing Up: C:\WINDOWS\system32\utnp.dll

1 fichier(s) copi‚(s).

Backing Up: C:\WINDOWS\system32\wansrv.dll

1 fichier(s) copi‚(s).

deleting: C:\WINDOWS\system32\bdowser.dll

Successfully Deleted: C:\WINDOWS\system32\bdowser.dll

deleting: C:\WINDOWS\system32\g6400ghme64a0.dll

Successfully Deleted: C:\WINDOWS\system32\g6400ghme64a0.dll

deleting: C:\WINDOWS\system32\hr6205joe.dll

Successfully Deleted: C:\WINDOWS\system32\hr6205joe.dll

deleting: C:\WINDOWS\system32\i260lcjm1foa.dll

Successfully Deleted: C:\WINDOWS\system32\i260lcjm1foa.dll

deleting: C:\WINDOWS\system32\ir84l5lq1.dll

Successfully Deleted: C:\WINDOWS\system32\ir84l5lq1.dll

deleting: C:\WINDOWS\system32\k626lgfs1626.dll

Successfully Deleted: C:\WINDOWS\system32\k626lgfs1626.dll

deleting: C:\WINDOWS\system32\kmdycl.dll

Successfully Deleted: C:\WINDOWS\system32\kmdycl.dll

deleting: C:\WINDOWS\system32\mhvcp70.dll

Successfully Deleted: C:\WINDOWS\system32\mhvcp70.dll

deleting: C:\WINDOWS\system32\n4r2le9o1h.dll

Successfully Deleted: C:\WINDOWS\system32\n4r2le9o1h.dll

deleting: C:\WINDOWS\system32\o8pqli7518.dll

Successfully Deleted: C:\WINDOWS\system32\o8pqli7518.dll

deleting: C:\WINDOWS\system32\screamci.dll

Successfully Deleted: C:\WINDOWS\system32\screamci.dll

deleting: C:\WINDOWS\system32\utnp.dll

Successfully Deleted: C:\WINDOWS\system32\utnp.dll

deleting: C:\WINDOWS\system32\wansrv.dll

Successfully Deleted: C:\WINDOWS\system32\wansrv.dll

 

 

Zipping up files for submission:

adding: bdowser.dll (164 bytes security) (deflated 5%)

adding: g6400ghme64a0.dll (164 bytes security) (deflated 5%)

adding: hr6205joe.dll (164 bytes security) (deflated 5%)

adding: i260lcjm1foa.dll (164 bytes security) (deflated 4%)

adding: ir84l5lq1.dll (164 bytes security) (deflated 4%)

adding: k626lgfs1626.dll (164 bytes security) (deflated 4%)

adding: kmdycl.dll (164 bytes security) (deflated 5%)

adding: mhvcp70.dll (164 bytes security) (deflated 4%)

adding: n4r2le9o1h.dll (164 bytes security) (deflated 6%)

adding: o8pqli7518.dll (164 bytes security) (deflated 4%)

adding: screamci.dll (164 bytes security) (deflated 5%)

adding: utnp.dll (164 bytes security) (deflated 5%)

adding: wansrv.dll (164 bytes security) (deflated 5%)

adding: clear.reg (164 bytes security) (deflated 36%)

adding: echo.reg (164 bytes security) (deflated 9%)

adding: direct.txt (164 bytes security) (stored 0%)

adding: lo2.txt (164 bytes security) (deflated 81%)

adding: readme.txt (164 bytes security) (deflated 49%)

adding: report.txt (164 bytes security) (deflated 77%)

adding: test.txt (164 bytes security) (deflated 73%)

adding: test2.txt (164 bytes security) (deflated 16%)

adding: test3.txt (164 bytes security) (deflated 16%)

adding: test5.txt (164 bytes security) (deflated 16%)

adding: xfind.txt (164 bytes security) (deflated 66%)

adding: backregs/9AA0BBD8-AF7B-4C3B-B348-32EA2AB0A34B.reg (164 bytes security) (deflated 70%)

adding: backregs/F928946F-D517-4947-BBF6-A8EE761A8204.reg (164 bytes security) (deflated 70%)

adding: backregs/shell.reg (164 bytes security) (deflated 58%)

 

Restoring Registry Permissions:

 

 

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above

Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)

This program is Freeware, use it on your own risk!

 

 

Revoking access for predefined group "Administrators"

Inherited ACE can not be revoked here!

Inherited ACE can not be revoked here!

 

 

Registry permissions set too:

 

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above

Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)

This program is Freeware, use it on your own risk!

 

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:

(NI) ALLOW Full access AUTORITE NT\SYSTEM

(IO) ALLOW Full access AUTORITE NT\SYSTEM

(NI) ALLOW Full access AUTORITE NT\SYSTEM

(IO) ALLOW Full access AUTORITE NT\SYSTEM

(ID-NI) ALLOW Read BUILTIN\Utilisateurs

(ID-IO) ALLOW Read BUILTIN\Utilisateurs

(ID-NI) ALLOW Read BUILTIN\Utilisateurs avec pouvoir

(ID-IO) ALLOW Read BUILTIN\Utilisateurs avec pouvoir

(ID-NI) ALLOW Full access BUILTIN\Administrateurs

(ID-IO) ALLOW Full access BUILTIN\Administrateurs

(ID-NI) ALLOW Full access AUTORITE NT\SYSTEM

(ID-IO) ALLOW Full access AUTORITE NT\SYSTEM

(ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE

 

 

Restoring Sedebugprivilege:

 

Granting SeDebugPrivilege to Administrators ... failed (GetAccountSid(Administrators)=1332

 

deleting local copy: bdowser.dll

deleting local copy: g6400ghme64a0.dll

deleting local copy: hr6205joe.dll

deleting local copy: i260lcjm1foa.dll

deleting local copy: ir84l5lq1.dll

deleting local copy: k626lgfs1626.dll

deleting local copy: kmdycl.dll

deleting local copy: mhvcp70.dll

deleting local copy: n4r2le9o1h.dll

deleting local copy: o8pqli7518.dll

deleting local copy: screamci.dll

deleting local copy: utnp.dll

deleting local copy: wansrv.dll

 

The following Is the Current Export of the Winlogon notify key:

****************************************************************************

Windows Registry Editor Version 5.00

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]

"Asynchronous"=dword:00000000

"Impersonate"=dword:00000000

"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\

6c,00,00,00

"Logoff"="ChainWlxLogoffEvent"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]

"Asynchronous"=dword:00000000

"Impersonate"=dword:00000000

"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\

6c,00,6c,00,00,00

"Logoff"="CryptnetWlxLogoffEvent"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]

"DLLName"="cscdll.dll"

"Logon"="WinlogonLogonEvent"

"Logoff"="WinlogonLogoffEvent"

"ScreenSaver"="WinlogonScreenSaverEvent"

"Startup"="WinlogonStartupEvent"

"Shutdown"="WinlogonShutdownEvent"

"StartShell"="WinlogonStartShellEvent"

"Impersonate"=dword:00000000

"Asynchronous"=dword:00000001

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]

"DLLName"="wlnotify.dll"

"Logon"="SCardStartCertProp"

"Logoff"="SCardStopCertProp"

"Lock"="SCardSuspendCertProp"

"Unlock"="SCardResumeCertProp"

"Enabled"=dword:00000001

"Impersonate"=dword:00000001

"Asynchronous"=dword:00000001

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]

"Asynchronous"=dword:00000000

"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\

6c,00,6c,00,00,00

"Impersonate"=dword:00000000

"StartShell"="SchedStartShell"

"Logoff"="SchedEventLogOff"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]

"Logoff"="WLEventLogoff"

"Impersonate"=dword:00000000

"Asynchronous"=dword:00000001

"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\

6c,00,6c,00,00,00

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]

"DLLName"="WlNotify.dll"

"Lock"="SensLockEvent"

"Logon"="SensLogonEvent"

"Logoff"="SensLogoffEvent"

"Safe"=dword:00000001

"MaxWait"=dword:00000258

"StartScreenSaver"="SensStartScreenSaverEvent"

"StopScreenSaver"="SensStopScreenSaverEvent"

"Startup"="SensStartupEvent"

"Shutdown"="SensShutdownEvent"

"StartShell"="SensStartShellEvent"

"PostShell"="SensPostShellEvent"

"Disconnect"="SensDisconnectEvent"

"Reconnect"="SensReconnectEvent"

"Unlock"="SensUnlockEvent"

"Impersonate"=dword:00000001

"Asynchronous"=dword:00000001

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]

"Asynchronous"=dword:00000000

"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\

6c,00,6c,00,00,00

"Impersonate"=dword:00000000

"Logoff"="TSEventLogoff"

"Logon"="TSEventLogon"

"PostShell"="TSEventPostShell"

"Shutdown"="TSEventShutdown"

"StartShell"="TSEventStartShell"

"Startup"="TSEventStartup"

"MaxWait"=dword:00000258

"Reconnect"="TSEventReconnect"

"Disconnect"="TSEventDisconnect"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]

"DLLName"="wlnotify.dll"

"Logon"="RegisterTicketExpiredNotificationEvent"

"Logoff"="UnregisterTicketExpiredNotificationEvent"

"Impersonate"=dword:00000001

"Asynchronous"=dword:00000001

 

 

The following are the files found:

****************************************************************************

C:\WINDOWS\system32\bdowser.dll

C:\WINDOWS\system32\g6400ghme64a0.dll

C:\WINDOWS\system32\hr6205joe.dll

C:\WINDOWS\system32\i260lcjm1foa.dll

C:\WINDOWS\system32\ir84l5lq1.dll

C:\WINDOWS\system32\k626lgfs1626.dll

C:\WINDOWS\system32\kmdycl.dll

C:\WINDOWS\system32\mhvcp70.dll

C:\WINDOWS\system32\n4r2le9o1h.dll

C:\WINDOWS\system32\o8pqli7518.dll

C:\WINDOWS\system32\screamci.dll

C:\WINDOWS\system32\utnp.dll

C:\WINDOWS\system32\wansrv.dll

 

Registry Entries that were Deleted:

Please verify that the listing looks ok.

If there was something deleted wrongly there are backups in the backreg folder.

****************************************************************************

REGEDIT4

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

"{9AA0BBD8-AF7B-4C3B-B348-32EA2AB0A34B}"=-

"{F928946F-D517-4947-BBF6-A8EE761A8204}"=-

[-HKEY_CLASSES_ROOT\CLSID\{9AA0BBD8-AF7B-4C3B-B348-32EA2AB0A34B}]

[-HKEY_CLASSES_ROOT\CLSID\{F928946F-D517-4947-BBF6-A8EE761A8204}]

REGEDIT4

 

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

"SV1"=""

****************************************************************************

Desktop.ini Contents:

****************************************************************************

****************************************************************************

[nebuchad34]

et voilà le log de Hijackthis :

 

Logfile of HijackThis v1.99.1

Scan saved at 18:41:20, on 17/04/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\progra~1\softwin\bitdef~1\bdmcon.exe

C:\Program Files\Softwin\BitDefender8\bdoesrv.exe

C:\Program Files\Softwin\BitDefender8\bdswitch.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\WinPLOSION\WinPlosion.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\PROGRA~1\Stardock\OBJECT~1\WindowFX\wfxload.exe

C:\Program Files\Internet Download Manager\idman.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\slserv.exe

C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

C:\Program Files\Trillian\trillian.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe

C:\Program Files\Softwin\BitDefender8\vsserv.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

G:\Programmes (boot)\AveDesk\AveDesk.exe

C:\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

F2 - REG:system.ini: Shell=C:\WINDOWS\EXPLORER.EXE

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [bDMCon] C:\progra~1\softwin\bitdef~1\bdmcon.exe

O4 - HKLM\..\Run: [bDOESRV] C:\Program Files\Softwin\BitDefender8\\bdoesrv.exe

O4 - HKLM\..\Run: [bDNewsAgent] C:\progra~1\softwin\bitdef~1\bdnagent.exe

O4 - HKLM\..\Run: [bDSwitchAgent] C:\Program Files\Softwin\BitDefender8\\bdswitch.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\Deamon Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [WinPLOSION] "C:\Program Files\WinPLOSION\WinPlosion.exe"

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [WindowFX] C:\PROGRA~1\Stardock\OBJECT~1\WindowFX\\wfxload.exe

O4 - HKCU\..\Run: [iDMan] C:\Program Files\Internet Download Manager\idman.exe /onboot

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - Startup: AveDesk.lnk = G:\Programmes (boot)\AveDesk\AveDesk.exe

O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm

O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender8\vsserv.exe" /service (file missing)

O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

[queruak]

Rebonsoir,

 

nebuchad,

 

Le rapport est propre plus de lignes020 !!!

 

Ou en es tu avec tes problemes ?

 

Sinon je continue.lol

Modifié le 17 avril 2005 par queruak

[nebuchad34]

bon je ne m'exite pa strop vite mais pour l'instant (depuis el dernier reboot après la manip) je n'ai pas eu de pages bizaroïd qui se chargeent. mais je reste sur mes gardes, hier j'ai eu cette expérience, rien pendant presque une demi-heure et puis : spotresults (comme pour me narguer )

[queruak]

Re,

 

-Télécharge Ad-aware(on aura peut etre à l'utiliser plus tard)

http://www.lavasoft.de/support/download/#free ;

mets bien à jour ;

 

-Fais ceci:

Démarrer / Exécuter / tape CleanMgr et clique sur OK / OK pour accepter l'examen du disque C: / coche toutes les cases et clique sur OK / OK pour confirmer la suppression des fichiers inutiles

[nebuchad34]

bon apparemment c'est bon. Mais là il faut que j'y aille. je vous tiens au courant dès demain.