Probleme de about blank sur mozilla firefox

riviere -
riviere - 21 juin 2007 à 01:28

bonjours,pourriez s'il vous plais avoir la gentillesse de bien vouloir m'aider j'ai eu recement 7 cheval de troi et beaucoup de fichier infecter depuis je ne peut plus utiliser mozilla firefox car quand j'ouvre la page celle ci reste blanche d'apres ce que j'ai lu sur votre site cet un probleme de about blank dailleur dans les information de ma page firefox le url est about blank jai donc fait un scan hijackthis il y apparait des lignes BHO je ne sais pas si il y a des lignes qui envoie sur des sites payants et je ne sais pas suprimer les lignes.
merci de bien vouloir m'aider.ci-joint mon scan hijackthis

ogfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 18:07:52, on 14/06/2007
Platform: Windows XP (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\MICROA~1\SÉCURI~1\ANTI-V~1\ANTI-S~1\OESpamTest.ExE
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus Perso & Pro\Anti-Hacker\KAVPF.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Sanchez\Local Settings\Temporary Internet Files\Content.IE5\4T2B85Q7\HiJackThis_v2[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://start.mozilla.org/fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://portail.free.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus Perso & Pro\Anti-Virus\kav.exe" /minimize
O4 - HKLM\..\Run: [OESpamTest] C:\PROGRA~1\MICROA~1\SÉCURI~1\ANTI-V~1\ANTI-S~1\OESpamTest.ExE
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Policies\Explorer\Run: [333] C:\Syswm1f\svchost.exe
O4 - HKCU\..\Policies\Explorer\Run: [50] C:\SysAd5C\svchost.exe
O4 - HKCU\..\Policies\Explorer\Run: [4] C:\SysWsj4\svchost.exe
O4 - HKCU\..\Policies\Explorer\Run: [66] C:\SysDayN5\svchost.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Docteur Club Internet.lnk = C:\Program Files\Club-Internet\Dr Club Internet\bin\matcli.exe
O4 - Global Startup: Anti-Hacker.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: 4C74676 - Unknown owner - C:\WINDOWS\System32\4C74676.EXE (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Administration IIS (IISADMIN) - Unknown owner - C:\WINDOWS\System32\inetsrv\inetinfo.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: Anti-Virus Service (kavsvc) - Kaspersky Labs Ltd. - C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus Perso & Pro\Anti-Virus\kavsvc.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: DDE réseau (NetDDE) - Unknown owner - C:\WINDOWS\system32\netdde.exe
O23 - Service: DSDM DDE réseau (NetDDEdsdm) - Unknown owner - C:\WINDOWS\system32\netdde.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - Unknown owner - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Prise en charge des cartes à puces (SCardDrv) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Simple Mail Transfer Protocol (SMTP) (SMTPSVC) - Unknown owner - C:\WINDOWS\System32\inetsrv\inetinfo.exe
O23 - Service: Service SNMP (SNMP) - Unknown owner - C:\WINDOWS\System32\snmp.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINDOWS\System32\tlntsvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Publication World Wide Web (W3SVC) - Unknown owner - C:\WINDOWS\System32\inetsrv\inetinfo.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe

Afficher la suite

A voir également:

Probleme de about blank sur mozilla firefox
Mozilla firefox - Télécharger - Navigateurs
Downloadhelper mozilla - Télécharger - Outils pour navigateurs
Exporter favoris firefox - Guide
Mozilla thunderbird - Télécharger - Mail
Site about you contrefaçon - Forum Réseaux sociaux

17 réponses

Réponse 1 / 17

Utilisateur anonyme

Bonjour

Pas très propre ;-)

Télécharge ComboScan sur ton Bureau.
---> http://www.techsupportforum.com/sectools/Deckard/dss.exe
Ferme toutes les applications en cours ; antivirus, pare-feu, etc ..
Double-clic sur comboscan.exe A la fenêtre qui s'affiche, clic sur OK.
Soit patient ..
Le rapport Comboscan.txt s'affichera, copie et colle le contenu de ce fichier ici.
Attention, il peut avoir deux, trois rapports mets les tous ici stp

riviere

merci pour votre reponse voici les resultats du scan.

eckard's System Scanner v20070611.50
Run by Sanchez on 2007-06-14 at 20:20:01
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
109: 2007-06-14 18:20:14 UTC - RP121 - Deckard's System Scanner Restore Point
108: 2007-06-14 05:11:14 UTC - RP120 - Software Distribution Service 2.0
107: 2007-06-14 05:05:54 UTC - RP119 - Opération de restauration
106: 2007-06-14 04:56:56 UTC - RP118 - Opération de restauration
105: 2007-06-14 04:32:47 UTC - RP117 - Software Distribution Service 2.0

-- First Restore Point --
1: 2007-03-17 12:25:47 UTC - RP13 - Point de vérification système

Backed up registry hives.

Performed disk cleanup.

-- HijackThis (run as Sanchez.exe) ---------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 20:21:59, on 14/06/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\MICROA~1\SÉCURI~1\ANTI-V~1\ANTI-S~1\OESpamTest.ExE
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus Perso & Pro\Anti-Hacker\KAVPF.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Sanchez\Local Settings\Temporary Internet Files\Content.IE5\KLMW61TR\dss[1].exe
C:\PROGRA~1\HIJACK~1\Sanchez.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://start.mozilla.org/fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://portail.free.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus Perso & Pro\Anti-Virus\kav.exe" /minimize
O4 - HKLM\..\Run: [OESpamTest] C:\PROGRA~1\MICROA~1\SÉCURI~1\ANTI-V~1\ANTI-S~1\OESpamTest.ExE
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [drmpbdu] c:\windows\system32\drmpbdu.exe drmpbdu
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Docteur Club Internet.lnk = C:\Program Files\Club-Internet\Dr Club Internet\bin\matcli.exe
O4 - Global Startup: Anti-Hacker.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: 4C74676 - Unknown owner - C:\WINDOWS\System32\4C74676.EXE (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Anti-Virus Service (kavsvc) - Kaspersky Labs Ltd. - C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus Perso & Pro\Anti-Virus\kavsvc.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe

-- File Associations -----------------------------------------------------------

[COLOR=red].bat - batfile - DefaultIcon - C:\WINDOWS\SYSTEM32\SHELL32.DLL,-153[/COLOR]
[COLOR=red].com - comfile - DefaultIcon - C:\WINDOWS\SYSTEM32\SHELL32.DLL,2[/COLOR]
[COLOR=red].hlp - hlpfile - DefaultIcon - C:\WINDOWS\SYSTEM32\SHELL32.DLL,23[/COLOR]
[COLOR=red].ini - inifile - DefaultIcon - shell32.dll,-151[/COLOR]
[COLOR=red].reg - regfile - DefaultIcon - C:\WINDOWS\regedit.exe,1[/COLOR]
[COLOR=red].txt - txtfile - DefaultIcon - shell32.dll,-152[/COLOR]

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 Klpf - c:\windows\system32\drivers\klpf.sys <Not Verified; KL; KL klpf>
R0 Klpid - c:\windows\system32\drivers\klpid.sys <Not Verified; KL; KL klpid>
R1 Klmc - c:\windows\system32\drivers\klmc.sys <Not Verified; Kaspersky Lab; Kaspersky Anti-Virus Personal>
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S3 USB-100 (Realtek RTL8150 USB 10/100 Fast Ethernet Adapter) - c:\windows\system32\drivers\rtl8150.sys <Not Verified; Realtek; Realtek 8150-series USB NIC>
S4 poof - c:\windows\system32\poof (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 4C74676 - c:\windows\system32\4c74676.exe -service (file missing)
S2 kavsvc (Anti-Virus Service) - "c:\program files\micro application\sécurité internet\anti-virus perso & pro\anti-virus\kavsvc.exe" <Not Verified; Kaspersky Labs Ltd.; Anti-Virus Personal>

-- Scheduled Tasks -------------------------------------------------------------

2007-06-14 20:00:02 258 --a------ C:\WINDOWS\Tasks\Rappel d'expiration de la désinstallation.job
2007-06-08 20:25:16 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-06-06 19:00:02 502 --a------ C:\WINDOWS\Tasks\Démarrage du programme de réglages.job

-- Files created between 2007-05-14 and 2007-06-14 -----------------------------

2007-06-14 16:26:41 0 d-------- C:\Documents and Settings\Sanchez\Application Data\Talkback
2007-06-14 07:16:57 0 dr-h----- C:\Documents and Settings\Sanchez\Recent
2007-06-14 07:06:47 0 d--hs---- C:\undo
2007-06-14 07:06:47 0 d--hs---- C:\FOUND.009
2007-06-14 07:06:47 0 d--hs---- C:\FOUND.008
2007-06-14 07:06:47 0 d--hs---- C:\FOUND.007
2007-06-14 07:06:47 0 d--hs---- C:\FOUND.006
2007-06-14 07:06:47 0 d--hs---- C:\FOUND.005
2007-06-14 07:06:47 0 d--hs---- C:\FOUND.004
2007-06-14 07:06:47 0 d--hs---- C:\FOUND.003
2007-06-14 07:06:47 0 d--hs---- C:\FOUND.002
2007-06-14 07:06:47 0 d--hs---- C:\FOUND.001
2007-06-14 07:06:47 0 d--hs---- C:\FOUND.000
2007-06-14 06:31:31 335 --a------ C:\WINDOWS\mozregistry.dat
2007-06-13 15:57:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2007-06-13 15:55:12 3145728 --a------ C:\Documents and Settings\Sanchez\ntuser.dat
2007-06-13 00:58:20 1755 --a------ C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
2007-06-12 21:51:57 0 d-------- C:\Program Files\Fichiers communs\DriveCleaner Free
2007-06-12 21:50:35 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2007-06-12 21:48:29 153088 --a------ C:\WINDOWS\System32\UNRAR3.dll
2007-06-12 21:48:28 0 d-------- C:\Program Files\Trojan Remover
2007-06-12 21:48:28 0 d-------- C:\Documents and Settings\Sanchez\Application Data\Simply Super Software
2007-06-12 21:45:02 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-06-12 21:43:36 0 d-------- C:\Program Files\Alice
2007-06-11 20:11:20 30720 --a------ C:\WINDOWS\System32\poof.ren
2007-06-11 20:08:12 0 d--hs---- C:\FOUND.020
2007-06-03 16:49:16 74752 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic pour Windows>
2007-06-01 20:03:18 0 d--hs---- C:\FOUND.019
2007-05-28 11:28:30 0 d--hs---- C:\FOUND.018
2007-05-16 17:50:54 0 d-------- C:\Documents and Settings\Sanchez\Application Data\Apple Computer
2007-05-16 17:46:10 0 d-------- C:\Program Files\QuickTime
2007-05-16 17:43:09 0 d-------- C:\Program Files\Apple Software Update
2007-05-16 17:40:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer

-- Find3M Report ---------------------------------------------------------------

2007-05-06 16:14:32 0 d-------- C:\Documents and Settings\Sanchez\Application Data\Sun
2007-04-14 17:37:08 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-04-14 17:37:08 0 d-------- C:\Documents and Settings\Sanchez\Application Data\SUPERAntiSpyware.com
2007-04-14 17:36:24 0 d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-04-03 22:45:12 1289 --a------ C:\WINDOWS\mozver.dat
2007-04-01 16:01:20 4212 ---h----- C:\WINDOWS\System32\zllictbl.dat
2007-03-25 16:32:00 0 --a------ C:\WINDOWS\nsreg.dat
2007-03-21 16:53:20 1 --a------ C:\WINDOWS\System32\index.dat
2007-03-20 19:31:40 32768 ---h----- C:\WINDOWS\$NtUninstallKB824151$

-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F} C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{9394EDE7-C8B5-483E-8773-474BF36AF6E4} C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"BJCFD"="C:\\Program Files\\BroadJump\\Client Foundation\\CFD.exe"
"KAVPersonal50"="\"C:\\Program Files\\Micro Application\\Sécurité Internet\\Anti-Virus Perso & Pro\\Anti-Virus\\kav.exe\" /minimize"
"OESpamTest"="C:\\PROGRA~1\\MICROA~1\\SÉCURI~1\\ANTI-V~1\\ANTI-S~1\\OESpamTest.ExE"
"Picasa Media Detector"="C:\\Program Files\\Picasa2\\PicasaMediaDetector.exe"
"ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"drmpbdu"="c:\\windows\\system32\\drmpbdu.exe drmpbdu"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"333"="C:\\Syswm1f\\svchost.exe"
"50"="C:\\SysAd5C\\svchost.exe"
"4"="C:\\SysWsj4\\svchost.exe"
"66"="C:\\SysDayN5\\svchost.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0

riviere

salut il me semble avoir fait se que tu me demander dans ton message 16 et pourtant je n'ai plus de reponse de ta part ai e fait une erreur ?
en plus n pc s'agrave j'ai sistematiquement des pages de pub qui s'ouvre et internet e ferme tout seul.
pourrais tu avir la gentillesse de me repondre stp merci de ton aide.

Réponse 2 / 17

riviere

Re merci pour votre reponse mais j'ai un petit souci avec l'adresse que vous m'avez donnez pour telecharger car as me dit impossible d'afficher la page.

Réponse 3 / 17

Utilisateur anonyme

Ok, fais ceci et seulement après essaye de le télécharger à nouveau :

¤ Clic sur démarrer, poste de travail, C:, cherche et supprime ces dossiers :

C:\Syswm1f
C:\SysAd5C
C:\SysWsj4
C:\SysDayN5

¤ Clic sur démarrer, poste de travail, C:, Windows, system32, cherche et supprime si présent :

C:\WINDOWS\System32\4C74676.EXE

**Si un fichier/dossier persiste lors de la suppression fait ceci:
- Redémarre ton PC. Dès l'allumage de celui-ci tapote la touche F8 (ou F5 si F8 ne fonctionne pas), à l'écran qui va apparaître choisis "mode sans echec" attends un peu..
Puis va supprimer les fichiers/dossiers, vide ta corbeille et redémarre ton PC normalement.

¤ Clic sur "démarrer", "exécuter", tape: services.msc
Cherche dans la liste les lignes ci-dessous, tu fais un clic droit dessus choisis "propriétés" et régle les sur "désactivé"

- Google Updater Service
- 4C74676

Redémarre ton PC puis essaye à nouveau de télécharger le fichier que je t'ai demandé

riviere

encore merci de votre aide
anchez [I](admin)[/I]

-- Add/Remove Programs ---------------------------------------------------------

--> "C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:WIN9X /UNINSTALL /PROMPT
--> C:\PROGRA~1\CLUB-I~1\DRCLUB~1\Uninstall.exe TONLFR
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal --> C:\PROGRA~1\LAVASOFT\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\LAVASOFT\AD-AWA~1\INSTALL.LOG
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\System32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Anti-Hacker --> "C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus Perso & Pro\Anti-Hacker\uninstall.exe"
Anti-Spam --> "C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus Perso & Pro\Anti-Spam\uninstall.exe"
Anti-Virus --> "C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus Perso & Pro\Anti-Virus\uninstall.exe"
Apple Software Update --> MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Barre d'outils MSN --> C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\mtbs.exe c
BroadJump Client Foundation --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\BroadJump\Client Foundation\Uninst.isu" -c"C:\Program Files\BroadJump\Client Foundation\RmvBJCFD.dll" -b"CFD" -h"CFD" -a
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Configurateur Modem --> "C:\Program Files\Club-Internet\Assistance\ConfModem\uninstall.exe"
Correctif Windows XP - KB842773 --> C:\WINDOWS\$NtUninstallKB842773$\spuninst\spuninst.exe
Docteur Club Internet --> C:\WINDOWS\Motive\TONLFR\MCCUninst.exe
Désinstallation de Windows XP --> %SYSTEMROOT%\system32\osuninst.exe
Gnumeric Spreadsheet (With Gtk+ 2.10.6) 1.7.6-win32-1 --> C:\Gnumeric\uninst.exe
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Kit de Connexion Alice ADSL --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A0221AD-D30B-4320-8F9B-1D0F0E6C6843}\setup.exe" -l0x40c ControlPanel
Language pack for Ad-Aware SE --> C:\PROGRA~1\LAVASOFT\AD-AWA~1\PLUGINS\LANGS\UNWISE.EXE C:\PROGRA~1\LAVASOFT\AD-AWA~1\PLUGINS\LANGS\INSTALL.LOG
Mozilla Firefox (2.0.0.4) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
QuickTime --> MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Windows Live Messenger --> MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
ZoneAlarm --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

-- End of Deckard's System Scanner: finished at 2007-06-14 at 20:23:02 ---------

Réponse 4 / 17

Utilisateur anonyme

Es-tu sûr d'avoir fais ce que je t'ai demandé dans mon dernier message ?

- La suppression des dossiers
- L'arrêt des services que je t'ai indiqué
- De plus Cmboscan est mal placé et les logiciels de sécurité pas arrêté.

Fas ce que je te demande à la lettre, le cas échant demande à quelqu'un d'autre de t'aider de plus si je te demande de placer ce fichier sur ton bureau ou arrêté un service, c'est pas pour t'ennuyer ..

riviere

non desole j'avais pas enlever les fichier car avant que je reçois ton messages le telechargement a marcher donc j'ai fait le scan et je tes envoyer le message encore desole j'ai pourtant quiter l'anti virus et zone alarm faut t'il que je les desinstalle et que je recommence le scan ?
encore desole et merci de ton aide.

riviere

ok merci j'ai compris qu'il faut que je passe par demarrer paneau de configuration puis lecteur c mais je vois pas les fichier a suprimer pourrais tu stp me dire le chemin et il y a pas de soucis je fait se que tu me dit encore merci de ton aide.

riviere

j'ai reussi a ouvrir le service local pour desactiver ce que tu ma demander mais je tai envoyer scan avant veut tu toujour que je desactive ? merci de ton aide

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 5 / 17

Utilisateur anonyme

Non ne les désinstalle pas, les arrêter suffit.

Supprime les dossiers et arrêtes les services que je t'ai indiqué et ensuite remet un rapport comboscan stp

Réponse 6 / 17

Utilisateur anonyme

Non pourquoi passer par panneau de configuration ? !

Fais ceci :

¤ Pour afficher tous les dossiers et fichiers cachés :

Clic sur "démarrer", "panneau de configuration", "outils" ,"option des dossiers", "affichage"

Coche :
- afficher les fichiers et dossiers cachés
- Clic sur "appliquer" puis "ok"
----------------------------------------------------------

Ensuite :

¤ Clic sur démarrer, poste de travail, C:, cherche et supprime ces dossiers :

C:\Syswm1f
C:\SysAd5C
C:\SysWsj4
C:\SysDayN5

riviere

desole j'ai fait tout ce que tu ma dit mais je trouve pas les dossier que tu me demande de suprimer il aparaise pas jai pourtant fait l'option afficher les fichiers et dossiers cacher mais je les trouve pas desole je suis nule mais debutante. que puis je faire.

Réponse 7 / 17

Utilisateur anonyme

Pas grave !

Maintenant, fais ceci, si tu l'as déjà fais alors remet un rapport comboscan

¤ Clic sur "démarrer", "exécuter", tape: services.msc
Cherche dans la liste les lignes ci-dessous, tu fais un clic droit dessus choisis "propriétés" et régle les sur "désactivé"

- Google Updater Service
- 4C74676

riviere

Utile ? Votez !
voici le scan demander mais jai pas reussi a faire le reste car sa me fait un flach jai quelque chose qui aparait dans la barre des taches et sa repart aussitot je vais tout de meme reessayer merci de ton aide

eckard's System Scanner v20070611.50
Run by Sanchez on 2007-06-14 at 22:06:17
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Sanchez.exe) ---------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 22:06:19, on 14/06/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\MICROA~1\SÉCURI~1\ANTI-V~1\ANTI-S~1\OESpamTest.ExE
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus Perso & Pro\Anti-Hacker\KAVPF.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Sanchez\Local Settings\Temporary Internet Files\Content.IE5\KLMW61TR\dss[1].exe
C:\PROGRA~1\HIJACK~1\Sanchez.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://start.mozilla.org/fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://portail.free.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus Perso & Pro\Anti-Virus\kav.exe" /minimize
O4 - HKLM\..\Run: [OESpamTest] C:\PROGRA~1\MICROA~1\SÉCURI~1\ANTI-V~1\ANTI-S~1\OESpamTest.ExE
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Docteur Club Internet.lnk = C:\Program Files\Club-Internet\Dr Club Internet\bin\matcli.exe
O4 - Global Startup: Anti-Hacker.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: 4C74676 - Unknown owner - C:\WINDOWS\System32\4C74676.EXE (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Anti-Virus Service (kavsvc) - Kaspersky Labs Ltd. - C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus Perso & Pro\Anti-Virus\kavsvc.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe

-- Files created between 2007-05-14 and 2007-06-14 -----------------------------

2007-06-14 16:26:41 0 d-------- C:\Documents and Settings\Sanchez\Application Data\Talkback
2007-06-14 07:16:57 0 dr-h----- C:\Documents and Settings\Sanchez\Recent
2007-06-14 07:06:47 0 d--hs---- C:\undo
2007-06-14 07:06:47 0 d--hs---- C:\FOUND.009
2007-06-14 07:06:47 0 d--hs---- C:\FOUND.008
2007-06-14 07:06:47 0 d--hs---- C:\FOUND.007
2007-06-14 07:06:47 0 d--hs---- C:\FOUND.006
2007-06-14 07:06:47 0 d--hs---- C:\FOUND.005
2007-06-14 07:06:47 0 d--hs---- C:\FOUND.004
2007-06-14 07:06:47 0 d--hs---- C:\FOUND.003
2007-06-14 07:06:47 0 d--hs---- C:\FOUND.002
2007-06-14 07:06:47 0 d--hs---- C:\FOUND.001
2007-06-14 07:06:47 0 d--hs---- C:\FOUND.000
2007-06-14 06:31:31 335 --a------ C:\WINDOWS\mozregistry.dat
2007-06-13 15:57:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2007-06-13 15:55:12 3145728 --a------ C:\Documents and Settings\Sanchez\ntuser.dat
2007-06-13 00:58:20 1755 --a------ C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
2007-06-12 21:51:57 0 d-------- C:\Program Files\Fichiers communs\DriveCleaner Free
2007-06-12 21:50:35 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2007-06-12 21:48:29 153088 --a------ C:\WINDOWS\System32\UNRAR3.dll
2007-06-12 21:48:28 0 d-------- C:\Program Files\Trojan Remover
2007-06-12 21:48:28 0 d-------- C:\Documents and Settings\Sanchez\Application Data\Simply Super Software
2007-06-12 21:45:02 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-06-12 21:43:36 0 d-------- C:\Program Files\Alice
2007-06-11 20:11:20 30720 --a------ C:\WINDOWS\System32\poof.ren
2007-06-11 20:08:12 0 d--hs---- C:\FOUND.020
2007-06-03 16:49:16 74752 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic pour Windows>
2007-06-01 20:03:18 0 d--hs---- C:\FOUND.019
2007-05-28 11:28:30 0 d--hs---- C:\FOUND.018
2007-05-16 17:50:54 0 d-------- C:\Documents and Settings\Sanchez\Application Data\Apple Computer
2007-05-16 17:46:10 0 d-------- C:\Program Files\QuickTime
2007-05-16 17:43:09 0 d-------- C:\Program Files\Apple Software Update
2007-05-16 17:40:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer

-- Find3M Report ---------------------------------------------------------------

2007-05-06 16:14:32 0 d-------- C:\Documents and Settings\Sanchez\Application Data\Sun
2007-04-14 17:37:08 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-04-14 17:37:08 0 d-------- C:\Documents and Settings\Sanchez\Application Data\SUPERAntiSpyware.com
2007-04-14 17:36:24 0 d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-04-03 22:45:12 1289 --a------ C:\WINDOWS\mozver.dat
2007-04-01 16:01:20 4212 ---h----- C:\WINDOWS\System32\zllictbl.dat
2007-03-25 16:32:00 0 --a------ C:\WINDOWS\nsreg.dat
2007-03-21 16:53:20 1 --a------ C:\WINDOWS\System32\index.dat
2007-03-20 19:31:40 32768 ---h----- C:\WINDOWS\$NtUninstallKB824151$

-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F} C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{9394EDE7-C8B5-483E-8773-474BF36AF6E4} C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"BJCFD"="C:\\Program Files\\BroadJump\\Client Foundation\\CFD.exe"
"KAVPersonal50"="\"C:\\Program Files\\Micro Application\\Sécurité Internet\\Anti-Virus Perso & Pro\\Anti-Virus\\kav.exe\" /minimize"
"OESpamTest"="C:\\PROGRA~1\\MICROA~1\\SÉCURI~1\\ANTI-V~1\\ANTI-S~1\\OESpamTest.ExE"
"Picasa Media Detector"="C:\\Program Files\\Picasa2\\PicasaMediaDetector.exe"
"ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"drmpbdu"="c:\\windows\\system32\\drmpbdu.exe drmpbdu"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"333"="C:\\Syswm1f\\svchost.exe"
"50"="C:\\SysAd5C\\svchost.exe"
"4"="C:\\SysWsj4\\svchost.exe"
"66"="C:\\SysDayN5\\svchost.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0

Réponse 8 / 17

riviere

voici le scan demander mais jai pas reussi a faire le reste car sa me fait un flach jai quelque chose qui aparait dans la barre des taches et sa repart aussitot je vais tout de meme reessayer merci de ton aide

eckard's System Scanner v20070611.50
Run by Sanchez on 2007-06-14 at 22:06:17
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Sanchez.exe) ---------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 22:06:19, on 14/06/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\MICROA~1\SÉCURI~1\ANTI-V~1\ANTI-S~1\OESpamTest.ExE
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus Perso & Pro\Anti-Hacker\KAVPF.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Sanchez\Local Settings\Temporary Internet Files\Content.IE5\KLMW61TR\dss[1].exe
C:\PROGRA~1\HIJACK~1\Sanchez.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://start.mozilla.org/fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://portail.free.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus Perso & Pro\Anti-Virus\kav.exe" /minimize
O4 - HKLM\..\Run: [OESpamTest] C:\PROGRA~1\MICROA~1\SÉCURI~1\ANTI-V~1\ANTI-S~1\OESpamTest.ExE
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Docteur Club Internet.lnk = C:\Program Files\Club-Internet\Dr Club Internet\bin\matcli.exe
O4 - Global Startup: Anti-Hacker.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: 4C74676 - Unknown owner - C:\WINDOWS\System32\4C74676.EXE (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Anti-Virus Service (kavsvc) - Kaspersky Labs Ltd. - C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus Perso & Pro\Anti-Virus\kavsvc.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe

-- Files created between 2007-05-14 and 2007-06-14 -----------------------------

2007-06-14 16:26:41 0 d-------- C:\Documents and Settings\Sanchez\Application Data\Talkback
2007-06-14 07:16:57 0 dr-h----- C:\Documents and Settings\Sanchez\Recent
2007-06-14 07:06:47 0 d--hs---- C:\undo
2007-06-14 07:06:47 0 d--hs---- C:\FOUND.009
2007-06-14 07:06:47 0 d--hs---- C:\FOUND.008
2007-06-14 07:06:47 0 d--hs---- C:\FOUND.007
2007-06-14 07:06:47 0 d--hs---- C:\FOUND.006
2007-06-14 07:06:47 0 d--hs---- C:\FOUND.005
2007-06-14 07:06:47 0 d--hs---- C:\FOUND.004
2007-06-14 07:06:47 0 d--hs---- C:\FOUND.003
2007-06-14 07:06:47 0 d--hs---- C:\FOUND.002
2007-06-14 07:06:47 0 d--hs---- C:\FOUND.001
2007-06-14 07:06:47 0 d--hs---- C:\FOUND.000
2007-06-14 06:31:31 335 --a------ C:\WINDOWS\mozregistry.dat
2007-06-13 15:57:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2007-06-13 15:55:12 3145728 --a------ C:\Documents and Settings\Sanchez\ntuser.dat
2007-06-13 00:58:20 1755 --a------ C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
2007-06-12 21:51:57 0 d-------- C:\Program Files\Fichiers communs\DriveCleaner Free
2007-06-12 21:50:35 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2007-06-12 21:48:29 153088 --a------ C:\WINDOWS\System32\UNRAR3.dll
2007-06-12 21:48:28 0 d-------- C:\Program Files\Trojan Remover
2007-06-12 21:48:28 0 d-------- C:\Documents and Settings\Sanchez\Application Data\Simply Super Software
2007-06-12 21:45:02 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-06-12 21:43:36 0 d-------- C:\Program Files\Alice
2007-06-11 20:11:20 30720 --a------ C:\WINDOWS\System32\poof.ren
2007-06-11 20:08:12 0 d--hs---- C:\FOUND.020
2007-06-03 16:49:16 74752 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic pour Windows>
2007-06-01 20:03:18 0 d--hs---- C:\FOUND.019
2007-05-28 11:28:30 0 d--hs---- C:\FOUND.018
2007-05-16 17:50:54 0 d-------- C:\Documents and Settings\Sanchez\Application Data\Apple Computer
2007-05-16 17:46:10 0 d-------- C:\Program Files\QuickTime
2007-05-16 17:43:09 0 d-------- C:\Program Files\Apple Software Update
2007-05-16 17:40:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer

-- Find3M Report ---------------------------------------------------------------

2007-05-06 16:14:32 0 d-------- C:\Documents and Settings\Sanchez\Application Data\Sun
2007-04-14 17:37:08 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-04-14 17:37:08 0 d-------- C:\Documents and Settings\Sanchez\Application Data\SUPERAntiSpyware.com
2007-04-14 17:36:24 0 d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-04-03 22:45:12 1289 --a------ C:\WINDOWS\mozver.dat
2007-04-01 16:01:20 4212 ---h----- C:\WINDOWS\System32\zllictbl.dat
2007-03-25 16:32:00 0 --a------ C:\WINDOWS\nsreg.dat
2007-03-21 16:53:20 1 --a------ C:\WINDOWS\System32\index.dat
2007-03-20 19:31:40 32768 ---h----- C:\WINDOWS\$NtUninstallKB824151$

-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F} C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{9394EDE7-C8B5-483E-8773-474BF36AF6E4} C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"BJCFD"="C:\\Program Files\\BroadJump\\Client Foundation\\CFD.exe"
"KAVPersonal50"="\"C:\\Program Files\\Micro Application\\Sécurité Internet\\Anti-Virus Perso & Pro\\Anti-Virus\\kav.exe\" /minimize"
"OESpamTest"="C:\\PROGRA~1\\MICROA~1\\SÉCURI~1\\ANTI-V~1\\ANTI-S~1\\OESpamTest.ExE"
"Picasa Media Detector"="C:\\Program Files\\Picasa2\\PicasaMediaDetector.exe"
"ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"drmpbdu"="c:\\windows\\system32\\drmpbdu.exe drmpbdu"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"333"="C:\\Syswm1f\\svchost.exe"
"50"="C:\\SysAd5C\\svchost.exe"
"4"="C:\\SysWsj4\\svchost.exe"
"66"="C:\\SysDayN5\\svchost.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0

-- End of Deckard's System Scanner: finished at 2007-06-14 at 22:06:54 ---------

Réponse 9 / 17

Utilisateur anonyme

Ok, très bien :

- Cic sur démarrer, poste de travail, C:,Program Files, Fichiers communs, cherche et supprime ce dossier :

- DriveCleaner Free

Télécharge et double-clic sur ce fichier et accepte la fusion au registre c'est pour corriger des saloperies qui sont dans le registre
----> https://www.cjoint.com/?goxpOxx3d2

¤ Télécharge ce programme puis double clic dessus (ferme ton antivirus s'il te détecte quoi que ce soit)
--> http://www.suspectfile.com/systemscan/

* Coche uniquement ces cases, décoche tout le reste :

- Recent Files, 30 days
- Registry Run Key
- Loaded modules
- Hidden objects
- suspucious files

Puis clic sur scan now, soit patient.
Une fois qu'il aura terminé, un rapport va s'ouvrir, copie et colle son contenu ici et vérifie qu'il soit bien en entier, si besoin crée deux messages.

riviere

ok merci j'ai reussi a trouver et a suprimer drivecleaner free j'ai fait le 1er telechargement que tu ma indiquer sa ma juste dit que cet enregistret dans le registre es ce normal ? ensuite j'ai fait le 2 ieme telechargement indiquer le scan est en court des qu'il est terminer j'envoie. merci de ton aide

riviere

escuse de t'ennuier mais je voulais savoir si il fallait que je desactive ou non se que tu m'avais demander avant de faire le scan du 2ieme telechargement que tu ma dit de faire merci de ton aide

riviere

bonjour je trouve bizzare car le scan que tu ma demander cet effectuer mais il y a pas grand chose sur les resultats es ce normal ? regarde

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-15 07:23:34
Windows 5.1.2600 FAT NTAPI

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

riviere

je repond a ton message <16> auquel je pense qu'il y a un ptit soucis avec le resultat du scan voila se que sa me donne es ce normal

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-15 17:09:17
Windows 5.1.2600 FAT NTAPI

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

Réponse 10 / 17

Utilisateur anonyme

Oui c'est normal que ce soit enregistré dans le registre ça signifie que c'est prit en compte.

Oui, désactive le service que je t'ai indiqué, quant à ton anti-virus, pare-feu, tu peux les réactiver pas de problème !

riviere

bonjour, j'ai bien essayer de les desactiver mais je peut pas quand je fait un clic droit de la souris deçu tous est griser sauf redemarrer alor que faire ?

Réponse 11 / 17

Utilisateur anonyme

Fais ce que je t'ai demandé au message <16> et continue ta réponse à la fin du message on comprend plus rien là

Réponse 12 / 17

Utilisateur anonyme

Non ! je te demande d'exécuter un logiciel à mon message 16 ça n'a rien a voir avec gmer :-/

riviere

[Run]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe"
"KAVPersonal50"="\"C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus Perso & Pro\Anti-Virus\kav.exe\" /minimize"
"OESpamTest"="C:\PROGRA~1\MICROA~1\SÉCURI~1\ANTI-V~1\ANTI-S~1\OESpamTest.ExE"
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe"
"ZoneAlarm Client"="\"C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe\""
"SunJavaUpdateSched"="\"C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe\""
"QuickTime Task"="\"C:\Program Files\QuickTime\qttask.exe\" -atboottime"
"drmpbdu"="c:\windows\system32\drmpbdu.exe drmpbdu"

-----HKCU\Software\Microsoft\Windows\CurrentVersion\Run-----

[Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe"
"MsnMsgr"="\"C:\Program Files\MSN Messenger\MsnMsgr.Exe\" /background"
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"

-----HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run-----

[Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE"

-----HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----

-----HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----

[run]

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows-----

[Windows]
"AppInit_DLLs"=""

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad-----

[ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
#### HKCR\CLSID\{7849596a-48ea-486e-8937-a2a3009f31a9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
#### HKCR\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
#### HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32 @=expand:"%SystemRoot%\System32\webcheck.dll"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
#### HKCR\CLSID\{35CEC8A3-2BE6-11D2-8773-92E220524153}\InprocServer32 @="C:\WINDOWS\System32\stobject.dll"
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
#### HKCR\CLSID\{e57ce738-33e8-4c51-8354-bb4de9d215d1}\InprocServer32 @="C:\WINDOWS\System32\upnpui.dll"

-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks-----

[ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
#### HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InprocServer32 @="shell32.dll"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
#### HKCR\CLSID\{57B86673-276A-48B2-BAE7-C6DBB3020EB8}\InprocServer32 @="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll"
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""
#### HKCR\CLSID\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}\InprocServer32 @="C:\Program Files\SUPERAntiSpyware\SASSEH.DLL"

-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----

[Winlogon]
"Shell"="Explorer.exe"
"System"=""
"Userinit"="C:\WINDOWS\system32\userinit.exe,"
"VmApplet"="rundll32 shell32,Control_RunDLL \"sysdm.cpl\""
"UIHost"=expand:"logonui.exe"
"LogonType"=dword:00000001
"WinStationsDisabled"="0"

[Winlogon\GPExtensions]

[Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
"@="Folder Redirection"
"DllName"=expand:"fdeploy.dll"

[Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
"@="Quota du disque Microsoft"
"DllName"=expand:"dskquota.dll"

[Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
"@="Planificateur de paquets QoS"
"DllName"=expand:"gptext.dll"

[Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}]
"@="Scripts"
"DllName"=expand:"gptext.dll"

[Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
"@="Security"

[Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
"DllName"=expand:"iedkcs32.dll"
"@="Personnalisation de Internet Explorer"

[Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
"@="EFS recovery"

[Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
"@="Installation de logiciel"
"DllName"=expand:"appmgmts.dll"

[Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]
"@="Sécurité IP"
"DllName"=expand:"gptext.dll"

[Winlogon\Notify]

[Winlogon\Notify\!SASWinLogon]
"DllName"="C:\Program Files\SUPERAntiSpyware\SASWINLO.dll"
"Logon"="SABWINLOLogon"
"Logoff"="SABWINLOLogoff"
"Startup"="SABWINLOStartup"

[Winlogon\Notify\crypt32chain]
"DllName"=expand:"crypt32.dll"
"Logoff"="ChainWlxLogoffEvent"

[Winlogon\Notify\cryptnet]
"DllName"=expand:"cryptnet.dll"
"Logoff"="CryptnetWlxLogoffEvent"

[Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"StartShell"="WinlogonStartShellEvent"

[Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001

[Winlogon\Notify\Schedule]
"DllName"=expand:"wlnotify.dll"
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"DllName"=expand:"sclgntfy.dll"

[Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"

[Winlogon\Notify\termsrv]
"DllName"=expand:"wlnotify.dll"
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"

[Winlogon\PrevOsVersion]

[Winlogon\SpecialAccounts]

[Winlogon\SpecialAccounts\UserList]
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000

-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----

[Winlogon]
"ParseAutoexec"="0"
"ExcludeProfileDirs"="Local Settings;Temporary Internet Files;Historique;Temp"
"BuildNumber"=dword:00000a28

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options-----

[Image File Execution Options\Your Image File Name Here without a path]
"Debugger"="ntsd -d"

-----HKLM\System\CurrentControlSet\Control\Session Manager\-----

[Session Manager]
"BootExecute"=multi:"autocheck autochk *\00\00"

[Session Manager\SubSystems]
"Windows"=expand:"%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16"

-----HKLM\SYSTEM\CurrentControlSet\Control\WOW-----

[WOW]
"cmdline"=expand:"%SystemRoot%\system32\ntvdm.exe"
"wowcmdline"=expand:"%SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386"

-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run-----

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce-----

[RunOnce]

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----

[RunOnceEx]

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices-----

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce-----

[RunOnce]

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices-----

-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run-----

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----

-----HKLM\Software\Microsoft\Command Processor\Autorun-----

-----HKCU\Software\Microsoft\Command Processor\Autorun-----

-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load-----

-----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup-----

-----HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----

-----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Run-----

-----HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler-----

[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
#### HKCR\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InprocServer32 @=expand:"%SystemRoot%\System32\browseui.dll"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
#### HKCR\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InprocServer32 @=expand:"%SystemRoot%\System32\browseui.dll"

-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects-----

[Browser Helper Objects]

[Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
#### HKCR\CLSID\{53707962-6F74-2D53-2644-206D7942484F}\InprocServer32 @="C:\Program Files\Spybot - Search & Destroy\SDHelper.dll"

[Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
#### HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\InprocServer32 @="C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll"
"NoExplorer"=dword:00000001

[Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
@=""

[Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
#### HKCR\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\InprocServer32 @="C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll"

[Browser Helper Objects\{9394EDE7-C8B5-483E-8773-474BF36AF6E4}]
#### HKCR\CLSID\{9394EDE7-C8B5-483E-8773-474BF36AF6E4}\InprocServer32 @="C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll"

[Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
#### HKCR\CLSID\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\InprocServer32 @="C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll"

-----HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks-----

[URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""
#### HKCR\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\InprocServer32 @=expand:"%SystemRoot%\System32\shdocvw.dll"

-----HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder-----

-----HKCU\Control Panel\Desktop\-----

[desktop]
"SCRNSAVE.EXE"="C:\WINDOWS\System32\ssstars.scr"

[desktop\ResourceLocale]

[desktop\WindowMetrics]

-----HKEY_CLASSES_ROOT\exefile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\comfile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\batfile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\piffile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\scrFile\shell\open\command-----

[command]
@="\"%1\" /S"

-----HKEY_CLASSES_ROOT\htafile\shell\open\command-----

[Command]
@="C:\WINDOWS\System32\mshta.exe \"%1\" %*"

-----HKEY_CLASSES_ROOT\logfile\shell\open\command-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL-----

[URL]

[URL\DefaultPrefix]
@="http://"

[URL\Prefixes]
"ftp"="ftp://"
"gopher"="gopher://"
"home"="http://"
"mosaic"="http://"
"www"="http://"

-----HKLM\SYSTEM\CurrentControlSet\Control\Lsa-----

[Lsa]
"Authentication Packages"=multi:"msv1_0\00\00"
"Bounds"=hex:00,30,00,00,00,20,00,00
"Security Packages"=multi:"kerberos\00msv1_0\00schannel\00wdigest\00\00"
"LsaPid"=dword:0000022c
"SecureBoot"=dword:00000001
"auditbaseobjects"=dword:00000000

riviere

"crashonauditfail"=dword:00000000
"disabledomaincreds"=dword:00000000
"everyoneincludesanonymous"=dword:00000000
"fipsalgorithmpolicy"=dword:00000000
"forceguest"=dword:00000001
"fullprivilegeauditing"=hex:00
"limitblankpassworduse"=dword:00000001
"lmcompatibilitylevel"=dword:00000000
"nodefaultadminowner"=dword:00000001
"nolmhash"=dword:00000000
"restrictanonymous"=dword:00000000
"restrictanonymoussam"=dword:00000001
"Notification Packages"=multi:"scecli\00\00"

[Lsa\AccessProviders]
"ProviderOrder"=multi:"Windows NT Access Provider\00\00"

[Lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath"=expand:"%SystemRoot%\system32\ntmarta.dll"

[Lsa\Data]
@Class="1c59d534"
"Pattern"=hex:32,13,40,d2,4b,41,bb,95,1e,b6,cf,30,91,d8,82,98,31,63,35,39,64,\
35,33,34,00,67,07,00,01,00,00,00,dc,00,00,00,e0,00,00,00,48,fa,06,00,97,55,\
51,74,04,00,00,00,a0,fd,06,00,b8,fd,06,00,5a,45,3c,8c

[Lsa\GBG]
@Class="5af1e892"
"GrafBlumGroup"=hex:57,66,a0,06,58,23,cb,cb,6c

[Lsa\JD]
@Class="fa7b8cea"
"Lookup"=hex:c9,b4,47,89,3e,a4

[Lsa\Kerberos]

[Lsa\Kerberos\Domains]

[Lsa\Kerberos\SidCache]

[Lsa\MSV1_0]
"Auth132"="iissuba"
"ntlmminclientsec"=dword:00000000
"ntlmminserversec"=dword:00000000

[Lsa\Skew1]
@Class="3c45c6c1"
"SkewMatrix"=hex:a6,f7,ee,8b,a9,42,5b,d4,19,ca,cf,a6,00,95,32,40

[Lsa\SSO]

[Lsa\SSO\Passport1.4]
"SSOURL"="http://www.passport.com"

[Lsa\SspiCache]
"Time"=hex:e0,d2,af,70,ac,61,c7,01

[Lsa\SspiCache\digest.dll]
"Name"="Digest"
"Comment"="Digest SSPI Authentication Package"
"Capabilities"=dword:00004050
"RpcId"=dword:0000ffff
"Version"=dword:00000001
"TokenSize"=dword:0000ffff
"Time"=hex:00,e0,8c,f6,b8,2f,c1,01
"Type"=dword:00000031

[Lsa\SspiCache\msapsspc.dll]
"Name"="DPA"
"Comment"="DPA Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000011
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:00,e0,8c,f6,b8,2f,c1,01
"Type"=dword:00000031

[Lsa\SspiCache\msnsspc.dll]
"Name"="MSN"
"Comment"="MSN Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000012
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:00,e0,8c,f6,b8,2f,c1,01
"Type"=dword:00000031

-----HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess-----

[SharedAccess]
"Type"=dword:00000020
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"ImagePath"=expand:"%SystemRoot%\System32\svchost.exe -k netsvcs"
"DisplayName"="Pare-feu de connexion Internet (ICF) / Partage de connexion Internet (ICS)"
"DependOnService"=multi:"Netman\00NLA\00RasMan\00ALG\00\00"
"DependOnGroup"=multi:"\00"
"ObjectName"="LocalSystem"
"Description"="Assure la traduction d'adresses de réseau, l'adressage, les services de résolution de noms et/ou les services de prévention d'intrusion pour un réseau de petite entreprise ou un réseau domestique."

[SharedAccess\Parameters]
"ServiceDll"=expand:"%SystemRoot%\System32\ipnathlp.dll"

-----HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Firewall\-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Winsock2-----

-----HKLM\Software\Microsoft\Ole-----

[Ole]
"DefaultLaunchPermission"=hex:01,00,04,80,b4,00,00,00,d0,00,00,00,00,00,00,00,\
14,00,00,00,02,00,a0,00,05,00,00,00,00,00,18,00,01,00,00,00,01,01,00,00,00,\
00,00,05,12,00,00,00,00,00,00,00,00,00,18,00,01,00,00,00,01,01,00,00,00,00,\
00,05,04,00,00,00,00,00,00,00,00,00,18,00,01,00,00,00,01,02,00,00,00,00,00,\
05,20,00,00,00,20,02,00,00,00,00,24,00,01,00,00,00,01,05,00,00,00,00,00,05,\
15,00,00,00,09,3a,2a,24,eb,25,79,2c,16,c0,ea,32,ec,03,00,00,00,00,24,00,01,\
00,00,00,01,05,00,00,00,00,00,05,15,00,00,00,09,3a,2a,24,eb,25,79,2c,16,c0,\
ea,32,ed,03,00,00,15,00,00,00,a0,5f,84,1f,01,05,00,00,00,00,00,05,15,00,00,\
00,a0,5f,84,1f,5e,2e,6b,49,ce,12,03,03,f4,01,00,00,01,05,00,00,00,00,00,05,\
15,00,00,00,a0,5f,84,1f,5e,2e,6b,49,ce,12,03,03,f4,01,00,00
"EnableDCOM"="Y"
"EnableRemoteConnect"="N"

-----HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\-----

[SystemRestore]
"DisableSR"=dword:00000000
"CreateFirstRunRp"=dword:00000001
"DSMin"=dword:000000c8
"DSMax"=dword:00000190
"RPSessionInterval"=dword:00000000
"RPGlobalInterval"=dword:00015180
"RPLifeInterval"=dword:0076a700
"CompressionBurst"=dword:0000003c
"TimerInterval"=dword:00000078
"DiskPercent"=dword:0000000c
"ThawInterval"=dword:00000384
"RestoreDiskSpaceError"=dword:00000000
"RestoreStatus"=dword:00000001
"RestoreSafeModeStatus"=dword:00000000

[SystemRestore\Cfg]
"DiskPercent"=dword:0000000c
"MachineGuid"="{2E85A16F-9FC7-4B38-9445-06D25E25B2F7}"

[SystemRestore\SnapshotCallbacks]
@=""

-----HKEY_CURRENT_USER\Software\VB and VBA Program Settings-----

[VB and VBA Program Settings]

[VB and VBA Program Settings\CCleaner]

[VB and VBA Program Settings\CCleaner\Options]

-----HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\-----

[MountPoints2]

[MountPoints2\A]
"BaseClass"="Drive"

[MountPoints2\C]
"BaseClass"="Drive"

[MountPoints2\D]
"BaseClass"="Drive"

[MountPoints2\E]
"BaseClass"="Drive"

[MountPoints2\F]
"BaseClass"="Drive"

[MountPoints2\{1b7d06c1-ca4e-11db-86b2-806d6172696f}]
"BaseClass"="Drive"

[MountPoints2\{1b7d06c3-ca4e-11db-86b2-806d6172696f}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,cf,5f,5f,5f,5f,cf,cf,5f,5f,\
cf,cf,cf,5f,5f,cf,cf,cf,5f,5f,cf,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,cf,5f,5f,5f,\
cf,cf,5f,5f,5f,5f,df,5f,5f,5f,5f,5f,5f,5f,5f,5f,5f,00,00,00,20,00,00,00,00,\
00,00,00

[MountPoints2\{1b7d06c4-ca4e-11db-86b2-806d6172696f}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,cf,5f,5f,5f,5f,cf,cf,5f,5f,\
cf,cf,cf,5f,5f,cf,cf,cf,5f,5f,cf,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,cf,5f,5f,5f,\
cf,cf,5f,5f,5f,5f,df,5f,5f,5f,5f,5f,5f,5f,5f,5f,5f,00,00,00,e0,00,00,00,00,\
00,00,00

[MountPoints2\{1b7d06c5-ca4e-11db-86b2-806d6172696f}]
"BaseClass"="Drive"

[MountPoints2\{303be920-d949-11db-86e4-00e04c030aa9}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
df,df,df,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,cf,5f,5f,5f,\
01,01,00,5f,cf,cf,00,5f,5f,5f,5f,5f,5f,5f,5f,5f,5f,00,00,00,00,10,00,00,08,\
00,00,00

riviere

[MountPoints2\{e688af20-e54e-11db-8710-00163856adb5}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
df,df,df,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,01,00,ee,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,00,10,00,00,08,\
02,00,00

[MountPoints2\{e688af20-e54e-11db-8710-00163856adb5}\shell]
@="None"

[MountPoints2\{e688af20-e54e-11db-8710-00163856adb5}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[MountPoints2\{e688af20-e54e-11db-8710-00163856adb5}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"

[MountPoints2\{e688af21-e54e-11db-8710-00163856adb5}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
df,df,df,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,01,00,ee,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,00,10,00,00,08,\
02,00,00

[MountPoints2\{e688af21-e54e-11db-8710-00163856adb5}\shell]
@="None"

[MountPoints2\{e688af21-e54e-11db-8710-00163856adb5}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[MountPoints2\{e688af21-e54e-11db-8710-00163856adb5}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----

[AdvancedOptions]

-----HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----

-----HKLM\Software\Microsoft\Active Setup\Installed Components-----

[Installed Components]

[Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
"@="Personnalisation du navigateur"
"ComponentID"="BRANDING.CAB"
"StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"

[Installed Components\MmoptPreferredAudioDevices]
"@="Installation de Windows - Multimédia"

[Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
"@="Microsoft VM"
"ComponentID"="JAVAVM"
"KeyFileName"="C:\WINDOWS\System32\msjava.dll"

[Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608555}]
"@="IEJAVA"
"ComponentID"="IEJAVA"

[Installed Components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
"@="Rendu VML (Vector Graphics Rendering)"
"ComponentID"="MSVML"

[Installed Components\{166B1BCA-3F9C-11CF-8075-444553540000}]
#### HKCR\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\InprocServer32 @="C:\WINDOWS\SYSTEM32\MACROMED\DIRECTOR\SWDIR.DLL"
"@="Macromedia Shockwave Director 7.0.0"
"ComponentID"="Director"

[Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
#### HKCR\CLSID\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}\InprocServer32 @="C:\WINDOWS\System32\msdxm.ocx"
"ComponentID"="NetShow"
"StubPath"=""

[Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\System32\msdxm.ocx"
"ComponentID"="Microsoft Windows Media Player"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplayer2.inf,PerUserStub.NT"
"@="Lecteur Windows Media Microsoft 6.4"

[Installed Components\{280ad020-daec-11d2-83c7-0000f8051539}]
"@="Mise à jour pour les processeurs d'ordinateurs portables"

[Installed Components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
#### HKCR\CLSID\{283807B5-2C60-11D0-A31D-00AA00B92C03}\InprocServer32 @="C:\WINDOWS\System32\danim.dll"
"@="DirectAnimation"
"ComponentID"="DirectAnimation"

[Installed Components\{2A202491-F00D-11cf-87CC-0020AFEECF20}]
"@="Macromedia Shockwave Director 7.0.0"
"ComponentID"="Director"

[Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
"@="Themes Setup"
"ComponentID"="Theme Component"
"StubPath"=expand:"%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll"

[Installed Components\{34718640-ecfa-11d2-b5da-00a0c90833e8}]
"@="Windows 98 Deuxième Édition"

[Installed Components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
"@="Liaison de données Dynamic HTML pour Java"
"ComponentID"="TridataJava"

[Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}]
"@="Logiciel de navigation hors connexion"
"ComponentID"="MobilePk"

[Installed Components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
"@="Uniscribe"
"ComponentID"="USP10"

[Installed Components\{4278c270-a269-11d1-b5bf-0000f8051515}]
"@="Création avancée"
"ComponentID"="AdvAuth"

[Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"@="Microsoft Outlook Express 6"
"ComponentID"="MailNews"
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:OE /CALLER:WINNT /user /install"

[Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
"@="NetMeeting 3.01"
"ComponentID"="NetMeeting"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT"

[Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
"@="DirectShow"
"ComponentID"="activemovie"

[Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015D}]
"@="DirectX"
"ComponentID"="DirectXMini"

[Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
"@="DirectDrawEx"
"ComponentID"="DirectDrawEx"

[Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
"@="Aide sur Internet Explorer"
"ComponentID"="HelpCont"

[Installed Components\{47f67d00-9e55-11d1-baef-00c04fc2d130}]
"@="Fichiers de prise en charge de AOL"
"ComponentID"="AOLSUPP"

[Installed Components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
"@="Classes Java DirectAnimation"
"ComponentID"="DAJava"

[Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
"@="Microsoft Windows Script 5.6"
"ComponentID"="MSVBScript"

[Installed Components\{50daafc0-e217-11d2-83c7-0000f8051539}]
"@="Correction continue des opérations Windows"

[Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
"KeyFileName"="C:\Program Files\Messenger\msmsgs.exe"
"@="Windows Messenger 4.0"
"ComponentID"="Messenger"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.Install.PerUser"

[Installed Components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
"(Default)"="Internet Connection Wizard"
"ComponentID"="ICW"
"@="Internet Connection Wizard"

[Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
"@="Outils d'installation Internet Explorer"
"ComponentID"="GenSetup"

[Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
"@="Améliorations pour la navigation"
"ComponentID"="ExtraPack"
"KeyFileName"="C:\WINDOWS\System32\msieftp.dll"

[Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
#### HKCR\CLSID\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\InprocServer32 @="C:\WINDOWS\System32\wmp.ocx"
"@="Microsoft Windows Media Player 8"
"ComponentID"="Microsoft Windows Media Player 8"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub"

[Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
"@="Accès au site MSN"
"ComponentID"="MSN_Auth"

[Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"@="Carnet d'adresses 6"
"ComponentID"="WAB"
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:WAB /CALLER:WINNT /user /install"

[Installed Components\{893c7200-9dd-11d2-b0d6-00c04f777f0c}]
"@="Mise à jour des bibliothèques Microsoft"

[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
"@="Mise à jour du Bureau Windows"
"ComponentID"="IE4Shell_NT"
"StubPath"=expand:"regsvr32.exe /s /n /i:U shell32.dll"

[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
"@="Internet Explorer 6"
"ComponentID"="BASEIE40_W2K"
"StubPath"=expand:"%SystemRoot%\system32\ie4uinit.exe"

[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\AuthorizedCDFPrefix]

[Installed Components\{8b15971b-5355-4c82-8c07-7e181ea07608}]
"@="Fax"
"ComponentID"="Fax"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser"

[Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
"@="Liaison de données Dynamic HTML"
"ComponentID"="Tridata"

[Installed Components\{94de52c8-2d59-4f1b-883e-79663d2d9a8c}]
"@="Fax Provider"
"ComponentID"="Fax Provider"
"StubPath"=""

[Installed Components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}]
"@="Accès Internet Explorer"
"ComponentID"="IEACCESS"
"StubPath"=expand:"rundll32 iesetup.dll,IEAccessUserInst"

[Installed Components\{b59c7da0-daea-11d2-83c7-0000f8051539}]
"@="Mise à jour de l'Assistant Inscription"

[Installed Components\{B9A1063C-F9CC-11D1-8E01-0020AFE53FCF}]
"@="Mise à jour Active accessibility"

[Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}]
"@="Polices de base Internet Explorer"
"ComponentID"="Fontcore"

[Installed Components\{CA0A4247-44BE-11d1-A005-00805F8ABE06}]
"@="Paramètres de gestion de l'alimentation"
"StubPath"="RunDLL setupx.dll,InstallHinfSection PowerCfg.user 0 powercfg.inf"

[Installed Components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
"@="Planificateur de tâches"
"ComponentID"="MSTASK"

[Installed Components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
"@="Adobe Flash Player 9 ActiveX"
"ComponentID"="Flash"

[Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
"@="Aide HTML"
"ComponentID"="HTMLHelp"

[Installed Components\{E5925FA0-73D1-11D2-BCC5-0000F83002C6}]
"@="Correctifs An 2000 pour Windows 98"

[Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
"@="Active Directory Service Interface"
"ComponentID"="ADSI"

-----Comparing registry keys CCS1 vs CCS2 -----
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Dhcp\Parameters {6CA1C0AF-6945-4DA1-8ED7-4053A87B9809} REG_BINARY 06000000000000000400000000000000D2E77246C0A8010103000000000000000400000000000000D2E77246C0A8010101000000000000000400000000000000D2E77246FFFFFF0036000000000000000400000000000000D2E77246C0A8010135000000000000000100000000000000D2E7724605000000330000000000000004000000000000009E2A744600015180
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Dhcp\Parameters {6CA1C0AF-6945-4DA1-8ED7-4053A87B9809} REG_BINARY 060000000000000004000000000000009E2A7446C0A80101030000000000000004000000000000009E2A7446C0A80101010000000000000004000000000000009E2A7446FFFFFF00330000000000000004000000000000009E2A744600015180360000000000000004000000000000009E2A7446C0A80101350000000000000001000000000000009E2A744605000000
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\ESENT EventMessageFile REG_EXPAND_SZ C:\WINDOWS\System32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Application\ESENT EventMessageFile REG_EXPAND_SZ c:\windows\system32\ESENT.dll
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\ESENT CategoryMessageFile REG_EXPAND_SZ C:\WINDOWS\System32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Application\ESENT CategoryMessageFile REG_EXPAND_SZ c:\windows\system32\ESENT.dll
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\Microsoft H.323 Telephony Service Provider
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\DS
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\LSA
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\NetDDE Object
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\SC Manager
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\Security
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\Security Account Manager
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\Spooler
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Kl1 InData REG_BINARY 96731C0000000000
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Kl1 InData REG_BINARY 9404000000000000
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Kl1 OutData REG_BINARY C363050000000000
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Kl1 OutData REG_BINARY 2201000000000000
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\MRxDAV\EncryptedDirectories
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\srescan\Parameters\Loaded

Result compared: Different

-----Comparing registry keys CCS1 vs CCS3 -----
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services

Result compared: Identical

===================== loaded Dlls =====================

*** NOTE *** Process iesanhppba.exe belongs to SystemScan
Already known legit dlls are not shown

------------------------------------------------------------------------------
System pid: 4
Command line: <no command line>
------------------------------------------------------------------------------
SMSS.EXE pid: 336
Command line: \SystemRoot\System32\smss.exe

Base Size Version Path
0x48580000 0xe000 \SystemRoot\System32\smss.exe
------------------------------------------------------------------------------
CSRSS.EXE pid: 468
Command line: C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

Base Size Version Path
0x4a680000 0x4000 \??\C:\WINDOWS\system32\csrss.exe
0x75ad0000 0xa000 5.01.2600.0000 C:\WINDOWS\system32\CSRSRV.dll
0x75ae0000 0xe000 5.01.2600.0000 C:\WINDOWS\system32\basesrv.dll
0x75af0000 0x46000 5.01.2600.0000 C:\WINDOWS\system32\winsrv.dll
*** File timestamp: Thu Aug 23 18:43:58 2001
*** Loaded image timestamp: Thu Aug 23 18:43:59 2001
------------------------------------------------------------------------------
WINLOGON.EXE pid: 492
Command line: winlogon.exe

Base Size Version Path
0x01000000 0x6f000 \??\C:\WINDOWS\system32\winlogon.exe
*** File timestamp: Thu Aug 23 18:43:58 2001
*** Loaded image timestamp: Thu Aug 23 18:43:59 2001
0x76c70000 0x10000 5.01.2600.0000 C:\WINDOWS\system32\AUTHZ.dll
0x008f0000 0xe4000 6.00.2600.0000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
0x10000000 0x47000 1.00.0000.1030 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
------------------------------------------------------------------------------
SERVICES.EXE pid: 544
Command line: C:\WINDOWS\system32\services.exe

Base Size Version Path
0x01000000 0x1b000 5.01.2600.0000 C:\WINDOWS\system32\services.exe
*** File timestamp: Thu Aug 23 18:43:58 2001
*** Loaded image timestamp: Thu Aug 23 18:43:59 2001
0x75860000 0x50000 5.01.2600.0000 C:\WINDOWS\system32\SCESRV.dll
0x76c70000 0x10000 5.01.2600.0000 C:\WINDOWS\system32\AUTHZ.dll
0x75840000 0x1c000 5.01.2600.0000 C:\WINDOWS\system32\umpnpmgr.dll
0x75820000 0xf000 5.01.2600.0000 C:\WINDOWS\system32\eventlog.dll
------------------------------------------------------------------------------
LSASS.EXE pid: 556
Command line: C:\WINDOWS\system32\lsass.exe

Base Size Version Path
0x01000000 0x5000 5.01.2600.0000 C:\WINDOWS\system32\lsass.exe
*** File timestamp: Thu Aug 23 18:43:58 2001
*** Loaded image timestamp: Thu Aug 23 18:43:59 2001
0x74490000 0xa8000 5.01.2600.0000 C:\WINDOWS\system32\LSASRV.dll
0x743b0000 0x6d000 5.01.2600.0000 C:\WINDOWS\system32\SAMSRV.dll
0x76730000 0xb000 5.01.2600.0000 C:\WINDOWS\system32\cryptdll.dll
0x76ed0000 0x25000 5.01.2600.0000 C:\WINDOWS\system32\DNSAPI.dll
0x76740000 0x13000 5.01.2600.0000 C:\WINDOWS\system32\NTDSAPI.dll
0x74310000 0xd000 5.01.2600.0000 C:\WINDOWS\system32\msprivs.dll
0x71c50000 0x44000 5.01.2600.0000 C:\WINDOWS\system32\kerberos.dll
0x74420000 0x63000 5.01.2600.0000 C:\WINDOWS\system32\netlogon.dll
0x76760000 0x2b000 5.01.2600.0000 C:\WINDOWS\system32\w32time.dll
0x76010000 0x61000 6.00.8972.0000 C:\WINDOWS\system32\MSVCP60.dll
0x76ac0000 0x15000 3.00.9238.0000 C:\WINDOWS\system32\ATL.DLL
0x008e0000 0xe4000 6.00.2600.0000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
0x76790000 0x24000 5.01.2600.0000 C:\WINDOWS\system32\schannel.dll
0x742e0000 0xf000 5.01.2600.0000 C:\WINDOWS\system32\wdigest.dll
0x74370000 0x2f000 5.01.2600.0000 C:\WINDOWS\system32\scecli.dll
0x74340000 0x28000 5.01.2600.0000 C:\WINDOWS\system32\ipsecsvc.dll
0x74540000 0xb7000 5.01.2600.0000 C:\WINDOWS\system32\oakley.DLL
0x742d0000 0xa000 5.01.2600.0000 C:\WINDOWS\system32\WINIPSEC.DLL
0x74300000 0x9000 5.01.2600.0000 C:\WINDOWS\system32\pstorsvc.dll
0x71990000 0x3c000 5.01.2600.0000 C:\WINDOWS\system32\mswsock.dll
0x719d0000 0x8000 5.01.2600.0000 C:\WINDOWS\System32\wshtcpip.dll
0x74320000 0x17000 5.01.2600.0000 C:\WINDOWS\system32\psbase.dll
0x0ffa0000 0x21000 5.01.2518.0000 C:\WINDOWS\System32\dssenh.dll
------------------------------------------------------------------------------
SVCHOST.EXE pid: 712
Command line: C:\WINDOWS\system32\svchost -k rpcss

Base Size Version Path
0x01000000 0x6000 5.01.2600.0000 C:\WINDOWS\system32\svchost.exe
*** File timestamp: Thu Aug 23 18:43:58 2001
*** Loaded image timestamp: Thu Aug 23 18:43:59 2001
0x71990000 0x3c000 5.01.2600.0000 C:\WINDOWS\system32\mswsock.dll
0x719d0000 0x8000 5.01.2600.0000 C:\WINDOWS\System32\wshtcpip.dll
0x76ed0000 0x25000 5.01.2600.0000 C:\WINDOWS\system32\DNSAPI.dll
0x76ac0000 0x15000 3.00.9238.0000 C:\WINDOWS\system32\ATL.DLL
0x00700000 0xe4000 6.00.2600.0000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
------------------------------------------------------------------------------
SVCHOST.EXE pid: 776
Command line: C:\WINDOWS\System32\svchost.exe -k netsvcs

Base Size Version Path
0x01000000 0x6000 5.01.2600.0000 C:\WINDOWS\System32\svchost.exe
*** File timestamp: Thu Aug 23 18:43:58 2001
*** Loaded image timestamp: Thu Aug 23 18:43:59 2001
0x71950000 0xe4000 6.00.2600.0000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
0x76ed0000 0x25000 5.01.2600.0000 c:\windows\system32\DNSAPI.dll
0x76ac0000 0x15000 3.00.9238.0000 c:\windows\system32\ATL.DLL
0x00800000 0x3c000 5.01.2600.0000 C:\WINDOWS\system32\mswsock.dll
0x00760000 0x8000 5.01.2600.0000 C:\WINDOWS\System32\wshtcpip.dll
0x76790000 0x24000 5.01.2600.0000 C:\WINDOWS\System32\SCHANNEL.dll
0x76740000 0x13000 5.01.2600.0000 c:\windows\system32\NTDSAPI.dll
0x66820000 0xb000 5.01.2600.0000 c:\windows\system32\iprip.dll
0x74eb0000 0xa000 5.01.2600.0000 c:\windows\pchealth\helpctr\binaries\pchsvc.dll
0x76b10000 0x3d000 2001.12.4414.0042 c:\windows\system32\es.dll
0x74f00000 0x9000 2600.00.0503.0000 c:\windows\system32\dmserver.dll
0x74ed0000 0xb000 5.01.2600.0000 c:\windows\system32\msgsvc.dll
0x75040000 0x17000 2001.12.4414.0042 C:\WINDOWS\System32\mtxoci.dll
0x74e30000 0x5000 5.04.2600.0000 c:\windows\system32\wuauserv.dll
0x72410000 0xf000 8.00.0001.0020 c:\windows\system32\mspmspsv.dll
0x50040000 0x14a000 5.08.0000.2469 C:\WINDOWS\System32\wuaueng.dll
0x751d0000 0x27000 6.00.2600.0000 C:\WINDOWS\System32\ADVPACK.dll
0x750c0000 0x13000 5.01.2600.0000 C:\WINDOWS\System32\Cabinet.dll
0x60440000 0x9000 5.01.2600.0000 C:\WINDOWS\System32\mspatcha.dll
0x59a80000 0x1c000 5.01.2600.0000 c:\windows\system32\wbem\wmisvc.dll
0x76760000 0x2b000 5.01.2600.0000 c:\windows\system32\w32time.dll
0x76010000 0x61000 6.00.8972.0000 c:\windows\system32\MSVCP60.dll
0x76c70000 0x10000 5.01.2600.0000 c:\windows\system32\AUTHZ.dll
0x742d0000 0xa000 5.01.2600.0000 c:\windows\system32\WINIPSEC.DLL
0x74e40000 0xf000 5.01.2600.0000 C:\WINDOWS\System32\wbem\wbemsvc.dll
0x76bb0000 0x2e000 5.01.2600.0000 C:\WINDOWS\system32\credui.dll
0x57f70000 0x31000 5.01.2600.0000 C:\WINDOWS\System32\unimdm.tsp
0x68ce0000 0x3f000 5.01.2600.0000 C:\WINDOWS\System32\hnetcfg.dll
0x5b390000 0x15000 5.01.2600.0000 C:\WINDOWS\System32\unimdmat.dll
0x61a20000 0x27000 5.01.2600.0000 C:\WINDOWS\System32\modemui.dll
0x57ff0000 0xb000 5.01.2600.0000 C:\WINDOWS\System32\kmddsp.tsp
0x57fd0000 0x10000 5.01.2600.0000 C:\WINDOWS\System32\ndptsp.tsp
0x58000000 0x7000 5.01.2600.0000 C:\WINDOWS\System32\ipconf.tsp
0x58020000 0x43000 5.01.2600.0000 C:\WINDOWS\System32\h323.tsp
0x58010000 0xa000 5.01.2600.0000 C:\WINDOWS\System32\hidphone.tsp
0x72010000 0x19000 5.01.2600.0000 c:\windows\system32\rasauto.dll
0x741e0000 0x4000 5.01.2600.0000 C:\WINDOWS\System32\icmp.dll
0x7c6d0000 0x122000 8.50.2162.0000 C:\WINDOWS\System32\msxml3.dll
0x50640000 0xc000 5.08.0000.2469 C:\WINDOWS\System32\wups.dll
0x50e60000 0x7000 5.08.0000.2469 C:\WINDOWS\System32\wups2.dll
0x72220000 0x5000 5.01.2600.0000 C:\WINDOWS\System32\sensapi.dll
0x746e0000 0x8f000 6.00.2600.0000 C:\WINDOWS\System32\mlang.dll
------------------------------------------------------------------------------
SVCHOST.EXE pid: 852
Command line: C:\WINDOWS\System32\svchost.exe -k NetworkService

Base Size Version Path
0x01000000 0x6000 5.01.2600.0000 C:\WINDOWS\System32\svchost.exe
*** File timestamp: Thu Aug 23 18:43:58 2001
*** Loaded image timestamp: Thu Aug 23 18:43:59 2001
0x76ed0000 0x25000 5.01.2600.0000 c:\windows\system32\DNSAPI.dll
0x76ac0000 0x15000 3.00.9238.0000 c:\windows\system32\ATL.DLL
0x00640000 0xe4000 6.00.2600.0000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
0x71990000 0x3c000 5.01.2600.0000 C:\WINDOWS\system32\mswsock.dll
0x719d0000 0x8000 5.01.2600.0000 C:\WINDOWS\System32\wshtcpip.dll
------------------------------------------------------------------------------
SVCHOST.EXE pid: 876
Command line: C:\WINDOWS\System32\svchost.exe -k LocalService

Base Size Version Path
0x01000000 0x6000 5.01.2600.0000 C:\WINDOWS\System32\svchost.exe
*** File timestamp: Thu Aug 23 18:43:58 2001
*** Loaded image timestamp: Thu Aug 23 18:43:59 2001
0x76ac0000 0x15000 3.00.9238.0000 c:\windows\system32\ATL.DLL
0x76ed0000 0x25000 5.01.2600.0000 c:\windows\system32\DNSAPI.dll
0x00640000 0xe4000 6.00.2600.0000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
0x74b90000 0x10000 5.01.2600.0000 c:\windows\system32\regsvc.dll
0x71990000 0x3c000 5.01.2600.0000 C:\WINDOWS\system32\mswsock.dll
0x719d0000 0x8000 5.01.2600.0000 C:\WINDOWS\System32\wshtcpip.dll
0x72220000 0x5000 5.01.2600.0000 C:\WINDOWS\System32\sensapi.dll
------------------------------------------------------------------------------
VSMON.EXE pid: 900
Command line: C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe -service

------------------------------------------------------------------------------
EXPLORER.EXE pid: 1148
Command line: C:\WINDOWS\Explorer.EXE

Base Size Version Path
0x01000000 0xf8000 6.00.2600.0000 C:\WINDOWS\Explorer.EXE
*** File timestamp: Thu Aug 23 18:43:58 2001
*** Loaded image timestamp: Thu Aug 23 18:43:59 2001
0x75f10000 0xfc000 6.00.2600.0000 C:\WINDOWS\System32\BROWSEUI.dll
0x76960000 0x149000 6.00.2600.0000 C:\WINDOWS\System32\SHDOCVW.dll
0x71950000 0xe4000 6.00.2600.0000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
0x5b950000 0x71000 6.00.2600.0000 C:\WINDOWS\System32\themeui.dll
0x76310000 0x5000 5.01.2600.0000 C:\WINDOWS\System32\MSIMG32.dll
0x5ffb0000 0x36000 5.01.2600.0000 C:\WINDOWS\System32\msutb.dll
0x74690000 0x4b000 5.01.2600.0000 C:\WINDOWS\System32\MSCTF.dll
0x76920000 0x7000 5.01.2600.0000 C:\WINDOWS\System32\LINKINFO.dll
0x76ac0000 0x15000 3.00.9238.0000 C:\WINDOWS\System32\ATL.DLL
0x76bb0000 0x2e000 5.01.2600.0000 C:\WINDOWS\system32\credui.dll
0x76ed0000 0x25000 5.01.2600.0000 C:\WINDOWS\system32\DNSAPI.dll
0x10000000 0x73000 1.01.0050.0000 C:\PROGRA~1\MICROA~1\SÉCURI~1\ANTI-V~1\ANTI-S~1\OEHook.dll
0x76010000 0x61000 6.00.8972.0000 C:\WINDOWS\System32\MSVCP60.dll
0x00f70000 0x7000 1.01.0050.0000 C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus Perso & Pro\Anti-Spam\CatNames.dll
0x74a70000 0x20000 5.01.2600.0000 C:\WINDOWS\System32\stobject.dll
0x74a60000 0x9000 6.00.2600.0000 C:\WINDOWS\System32\BatMeter.dll
0x5b2a0000 0x3c000 5.01.2600.0000 C:\WINDOWS\System32\upnpui.dll
0x01240000 0x3c000 5.01.2600.0000 C:\WINDOWS\system32\mswsock.dll
0x01550000 0x8000 5.01.2600.0000 C:\WINDOWS\System32\wshtcpip.dll
0x71ca0000 0x1b000 6.00.2600.0000 C:\WINDOWS\System32\actxprxy.dll
0x74af0000 0x86000 5.01.2600.0000 C:\WINDOWS\System32\printui.dll
0x74a50000 0x7000 5.01.2600.0000 C:\WINDOWS\System32\CFGMGR32.dll
0x69270000 0x8c000 5.02.1776.0000 C:\WINDOWS\System32\fxsst.dll
0x694a0000 0x70000 5.02.1776.0000 C:\WINDOWS\System32\FXSAPI.dll
0x71b70000 0xd000 5.01.2600.0000 C:\WINDOWS\System32\ntlanman.dll
0x71c30000 0x16000 5.01.2600.0000 C:\WINDOWS\System32\NETUI0.dll
0x71bf0000 0x3c000 5.01.2600.0000 C:\WINDOWS\System32\NETUI1.dll
0x75ef0000 0x6000 5.01.2600.0000 C:\WINDOWS\System32\drprov.dll
0x75f00000 0x9000 5.01.2600.0000 C:\WINDOWS\System32\davclnt.dll
0x76100000 0x8e000 6.00.2600.0000 C:\WINDOWS\System32\shdoclc.dll
------------------------------------------------------------------------------
CFD.EXE pid: 1240
Command line: "C:\Program Files\BroadJump\Client Foundation\CFD.exe"

Base Size Version Path
0x00400000 0x5c000 2.02.0001.0168 C:\Program Files\BroadJump\Client Foundation\CFD.exe
*** File timestamp: Thu Aug 23 18:43:58 2001
*** Loaded image timestamp: Thu Aug 23 18:43:59 2001
0x689e0000 0x80000 4.00.0000.0000 C:\WINDOWS\System32\stlport_4_0_0_DDR.dll
0x71950000 0xe4000 6.00.2600.0000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
0x74690000 0x4b000 5.01.2600.0000 C:\WINDOWS\System32\MSCTF.dll
0x68e00000 0x22000 3.02.0000.0014 C:\Program Files\BroadJump\Client Foundation\BJComRT.dll
0x68ee0000 0x19000 3.02.0000.0014 C:\Program Files\BroadJump\Client Foundation\BasicLoaderService.dll
0x68fa0000 0x11000 2.02.0002.0036 C:\Program Files\BroadJump\Client Foundation\AppProperties.dll
0x68e80000 0x8000 1.00.0001.0013 C:\Program Files\BroadJump\Client Foundation\Marshaller.dll
0x68860000 0x2d000 2.02.0000.0034 C:\Program Files\BroadJump\Client Foundation\TimerManager.dll
0x68db0000 0xb000 2.02.0002.0032 C:\Program Files\BroadJump\Client Foundation\BJComSRCManager.dll
0x76ac0000 0x15000 3.00.9238.0000 C:\WINDOWS\System32\ATL.DLL
0x010e0000 0x3c000 5.01.2600.0000 C:\WINDOWS\system32\mswsock.dll
0x01120000 0x8000 5.01.2600.0000 C:\WINDOWS\System32\wshtcpip.dll
------------------------------------------------------------------------------
KAV.EXE pid: 1252
Command line: <unable to retrieve>
------------------------------------------------------------------------------
OESpamTest.exe pid: 1260
Command line: "C:\PROGRA~1\MICROA~1\SÉCURI~1\ANTI-V~1\ANTI-S~1\OESpamTest.ExE"

Base Size Version Path
0x00400000 0xc000 1.01.0050.0000 C:\PROGRA~1\MICROA~1\SÉCURI~1\ANTI-V~1\ANTI-S~1\OESpamTest.ExE
*** File timestamp: Thu Aug 23 18:43:58 2001
*** Loaded image timestamp: Thu Aug 23 18:43:59 2001
0x10000000 0x73000 1.01.0050.0000 C:\PROGRA~1\MICROA~1\SÉCURI~1\ANTI-V~1\ANTI-S~1\OEHook.dll
0x76010000 0x61000 6.00.8972.0000 C:\WINDOWS\System32\MSVCP60.dll
0x71950000 0xe4000 6.00.2600.0000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
0x00850000 0x7000 1.01.0050.0000 C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus Perso & Pro\Anti-Spam\CatNames.dll
0x74690000 0x4b000 5.01.2600.0000 C:\WINDOWS\System32\MSCTF.dll
------------------------------------------------------------------------------
PicasaMediaDetector.exe pid: 1268
Command line: "C:\Program Files\Picasa2\PicasaMediaDetector.exe"

Base Size Version Path
0x00400000 0x5c000 2.06.0036.0019 C:\Program Files\Picasa2\PicasaMediaDetector.exe
*** File timestamp: Thu Aug 23 18:43:58 2001
*** Loaded image timestamp: Thu Aug 23 18:43:59 2001
0x73af0000 0x13000 5.01.2600.0000 C:\WINDOWS\System32\STI.dll
0x74a50000 0x7000 5.01.2600.0000 C:\WINDOWS\System32\CFGMGR32.dll
0x71950000 0xe4000 6.00.2600.0000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\COMCTL32.dll
0x74690000 0x4b000 5.01.2600.0000 C:\WINDOWS\System32\MSCTF.dll
0x10000000 0x73000 1.01.0050.0000 C:\PROGRA~1\MICROA~1\SÉCURI~1\ANTI-V~1\ANTI-S~1\OEHook.dll
0x76010000 0x61000 6.00.8972.0000 C:\WINDOWS\System32\MSVCP60.dll
0x00aa0000 0x7000 1.01.0050.0000 C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus Perso & Pro\Anti-Spam\CatNames.dll
------------------------------------------------------------------------------
ZLCLIENT.EXE pid: 1276
Command line: "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

------------------------------------------------------------------------------
JUSCHED.EXE pid: 1284
Command line: "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"

Base Size Version Path
0x00400000 0x11000 5.00.0110.0003 C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
*** File timestamp: Thu Aug 23 18:43:58 2001
*** Loaded image timestamp: Thu Aug 23 18:43:59 2001
0x71950000 0xe4000 6.00.2600.0000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
0x74690000 0x4b000 5.01.2600.0000 C:\WINDOWS\System32\MSCTF.dll
------------------------------------------------------------------------------
QTTASK.EXE pid: 1292
Command line: "C:\Program Files\QuickTime\qttask.exe" -atboottime

Base Size Version Path
0x00400000 0x47000 7.01.0006.0200 C:\Program Files\QuickTime\qttask.exe
*** File timestamp: Thu Aug 23 18:43:58 2001
*** Loaded image timestamp: Thu Aug 23 18:43:59 2001
0x71950000 0xe4000 6.00.2600.0000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
0x74690000 0x4b000 5.01.2600.0000 C:\WINDOWS\System32\MSCTF.dll
------------------------------------------------------------------------------
DRMPBDU.EXE pid: 1300
Command line: "C:\windows\system32\drmpbdu.exe" drmpbdu

Base Size Version Path
0x00400000 0x65000 C:\windows\system32\drmpbdu.exe
*** File timestamp: Thu Aug 23 18:43:58 2001
*** Loaded image timestamp: Thu Aug 23 18:43:59 2001
0x76ac0000 0x15000 3.00.9238.0000 C:\windows\system32\ATL.DLL
0x76ed0000 0x25000 5.01.2600.0000 C:\windows\system32\DNSAPI.dll
0x00a50000 0xe4000 6.00.2600.0000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
0x00b40000 0x10000 7.00.2600.0000 C:\windows\system32\MSVCIRT.dll
0x10000000 0x73000 1.01.0050.0000 C:\PROGRA~1\MICROA~1\SÉCURI~1\ANTI-V~1\ANTI-S~1\OEHook.dll
0x76010000 0x61000 6.00.8972.0000 C:\WINDOWS\System32\MSVCP60.dll
0x00b80000 0x7000 1.01.0050.0000 C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus Perso & Pro\Anti-Spam\CatNames.dll
0x74690000 0x4b000 5.01.2600.0000 C:\WINDOWS\System32\MSCTF.dll
0x74e60000 0xa000 5.01.2600.0000 C:\WINDOWS\System32\wbem\wbemprox.dll
0x74e40000 0xf000 5.01.2600.0000 C:\WINDOWS\System32\wbem\wbemsvc.dll
0x7c6d0000 0x122000 8.50.2162.0000 C:\WINDOWS\System32\msxml3.dll
0x74bf0000 0x2c000 4.02.5406.0000 C:\windows\system32\OLEACC.DLL
0x74780000 0x2ad000 6.00.2600.0000 C:\WINDOWS\System32\mshtml.dll
0x71ca0000 0x1b000 6.00.2600.0000 C:\WINDOWS\System32\actxprxy.dll
------------------------------------------------------------------------------
CTFMON.EXE pid: 1308
Command line: "C:\WINDOWS\System32\ctfmon.exe"

Base Size Version Path
0x00400000 0x6000 5.01.2600.0000 C:\WINDOWS\System32\ctfmon.exe
*** File timestamp: Thu Aug 23 18:43:58 2001
*** Loaded image timestamp: Thu Aug 23 18:43:59 2001
0x74690000 0x4b000 5.01.2600.0000 C:\WINDOWS\System32\MSCTF.dll
0x5ffb0000 0x36000 5.01.2600.0000 C:\WINDOWS\System32\MSUTB.dll
0x10000000 0x73000 1.01.0050.0000 C:\PROGRA~1\MICROA~1\SÉCURI~1\ANTI-V~1\ANTI-S~1\OEHook.dll
0x71950000 0xe4000 6.00.2600.0000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\COMCTL32.dll
0x76010000 0x61000 6.00.8972.0000 C:\WINDOWS\System32\MSVCP60.dll
0x008e0000 0x7000 1.01.0050.0000 C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus Perso & Pro\Anti-Spam\CatNames.dll
------------------------------------------------------------------------------
MSNMSGR.EXE pid: 1316
Command line: "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

Base Size Version Path
0x00400000 0x56a000 8.01.0178.0000 C:\Program Files\MSN Messenger\MsnMsgr.Exe
*** File timestamp: Thu Aug 23 18:43:58 2001
*** Loaded image timestamp: Thu Aug 23 18:43:59 2001
0x78130000 0x9b000 8.00.50727.0163 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll
0x76310000 0x5000 5.01.2600.0000 C:\WINDOWS\System32\MSIMG32.dll
0x70d00000 0x1a0000 5.01.3097.0000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13\gdiplus.dll
0x59100000 0xf7000 8.01.0178.0000 C:\Program Files\MSN Messenger\MSNCore.dll
0x00270000 0xe4000 6.00.2600.0000 C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\COMCTL32.dll
0x76ac0000 0x15000 3.00.9238.0000 C:\WINDOWS\System32\ATL.DLL
0x76ed0000 0x25000 5.01.2600.0000 C:\WINDOWS\System32\DNSAPI.dll
0x27500000 0xc8000 4.100.0313.0001 C:\Program Files\MSN Messenger\msidcrl40.dll
0x72220000 0x5000 5.01.2600.0000 C:\WINDOWS\System32\SensApi.dll
0x5a700000 0x55000 8.01.0178.0000 C:\Program Files\MSN Messenger\ContactsUX.dll
0x73ca0000 0x10000 5.131.2600.0000 C:\WINDOWS\System32\CRYPTNET.dll
0x10000000 0x73000 1.01.0050.0000 C:\PROGRA~1\MICROA~1\SÉCURI~1\ANTI-V~1\ANTI-S~1\OEHook.dll
0x76010000 0x61000 6.00.8972.0000 C:\WINDOWS\System32\MSVCP60.dll
0x01230000 0x7000 1.01.0050.0000 C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus Perso & Pro\Anti-Spam\CatNames.dll
0x74690000 0x4b000 5.01.2600.0000 C:\WINDOWS\System32\MSCTF.dll
0x74d00000 0x95000 6.00.2600.0000 C:\WINDOWS\System32\inetcomm.dll
0x74cd0000 0x1f000 6.00.2600.0000 C:\WINDOWS\System32\MSOERT2.dll
0x66b00000 0xe000 6.00.2600.0000 C:\WINDOWS\System32\inetres.dll
0x746e0000 0x8f000 6.00.2600.0000 C:\WINDOWS\System32\mlang.dll
0x59300000 0x1a9000 8.01.0178.0000 C:\Program Files\MSN Messenger\msgslang.8.1.0178.00.dll
0x5b200000 0x23e000 8.01.0178.0000 C:\Program Files\MSN Messenger\msgsres.dll
0x76b10000 0x3d000 2001.12.4414.0042 C:\WINDOWS\System32\es.dll
0x79000000 0x1a4000 1.07.0256.0000 C:\Program Files\MSN Messenger\lcapi.dll
0x73e60000 0x55000 5.01.2600.0000 C:\WINDOWS\System32\DSOUND.dll
0x73600000 0x7000 6.04.2600.0000 C:\WINDOWS\System32\msdmo.dll
0x7a100000 0x60000 1.07.0109.0000 C:\Program Files\MSN Messenger\lcres.dll
0x016e0000 0x3db000 3.00.5774.0000 C:\Program Files\MSN Messenger\RTMPLTFM.dll
0x73e40000 0xf000 6.04.2600.0000 C:\WINDOWS\System32\devenum.dll
0x73ec0000 0x149000 6.04.2600.0000 C:\WINDOWS\System32\quartz.dll
0x736b0000 0x45000 5.01.2600.0000 C:\WINDOWS\System32\DDRAW.dll
0x73b10000 0x6000 5.01.2600.0000 C:\WINDOWS\System32\DCIMAN32.dll
0x73890000 0xc7000 5.01.2600.0000 C:\WINDOWS\System32\D3DIM700.DLL
0x6cb80000 0x11000 5.01.2600.0000 C:\WINDOWS\System32\dpnhupnp.dll
0x71990000 0x3c000 5.01.2600.0000 C:\WINDOWS\system32\mswsock.dll
0x719d0000 0x8000 5.01.2600.0000 C:\WINDOWS\System32\wshtcpip.dll
0x68ce0000 0x3f000 5.01.2600.0000 C:\WINDOWS\System32\hnetcfg.dll
0x76bb0000 0x2e000 5.01.2600.0000 C:\WINDOWS\System32\credui.dll
0x74e60000 0xa000 5.01.2600.0000 C:\WINDOWS\System32\wbem\wbemprox.dll
0x74e40000 0xf000 5.01.2600.0000 C:\WINDOWS\System32\wbem\wbemsvc.dll
0x76790000 0x24000 5.01.2600.0000 C:\WINDOWS\system32\schannel.dll
0x7c6d0000 0x122000 8.50.2162.0000 C:\WINDOWS\System32\msxml3.dll
0x5b500000 0xa4000 8.01.0178.0000 C:\Program Files\MSN Messenger\MSGSWCAM.dll
0x5a600000 0x13000 8.01.0178.0000 C:\WINDOWS\System32\sirenacm.dll
0x74da0000 0x6b000 5.30.0023.1210 C:\WINDOWS\System32\RichEd20.dll
------------------------------------------------------------------------------
SUPERAntiSpyware.exe pid: 1360
Command line: "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"

Base Size Version Path
0x00400000 0x149000 3.06.0000.1000 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
*** File timestamp: Thu Aug 23 18:43:58 2001
*** Loaded image timestamp: Thu Aug 23 18:43:59 2001
0x10000000 0x5a000 1.00.0000.0002 C:\Program Files\SUPERAntiSpyware\deupx.dll
0x71950000 0xe4000 6.00.2600.0000 C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\COMCTL32.dll
0x00c40000 0x73000 1.01.0050.0000 C:\PROGRA~1\MICROA~1\SÉCURI~1\ANTI-V~1\ANTI-S~1\OEHook.dll
0x76010000 0x61000 6.00.8972.0000 C:\WINDOWS\System32\MSVCP60.dll
0x00cc0000 0x7000 1.01.0050.0000 C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus Perso & Pro\Anti-Spam\CatNames.dll
0x74690000 0x4b000 5.01.2600.0000 C:\WINDOWS\System32\MSCTF.dll
0x5d300000 0x80000 5.02.3669.0000 C:\WINDOWS\System32\hhctrl.ocx
0x68d60000 0x19000 4.74.9273.0000 C:\WINDOWS\System32\mui\000c\hhctrlui.dll
0x76960000 0x149000 6.00.2600.0000 C:\WINDOWS\System32\shdocvw.dll
0x76100000 0x8e000 6.00.2600.0000 C:\WINDOWS\System32\shdoclc.dll
0x74780000 0x2ad000 6.00.2600.0000 C:\WINDOWS\System32\mshtml.dll
0x74660000 0x29000 5.01.2600.0000 C:\WINDOWS\System32\msimtf.dll
0x74630000 0x27000 3.10.0349.0000 C:\WINDOWS\System32\MSLS31.DLL
------------------------------------------------------------------------------
KAVPF.EXE pid: 1376
Command line: "C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus Perso & Pro\Anti-Hacker\KAVPF.exe" /silence

Base Size Version Path
0x00400000 0x369000 1.08.0000.0180 C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus Perso & Pro\Anti-Hacker\KAVPF.exe
*** File timestamp: Thu Aug 23 18:43:58 2001
*** Loaded image timestamp: Thu Aug 23 18:43:59 2001
0x10000000 0xf0000 5.84.0000.0000 C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus Perso & Pro\Anti-Hacker\BCGCB59.dll
0x71950000 0xe4000 6.00.2600.0000 C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\COMCTL32.dll
0x76010000 0x61000 6.00.8972.0000 C:\WINDOWS\System32\MSVCP60.dll
0x00d30000 0x73000 1.01.0050.0000 C:\PROGRA~1\MICROA~1\SÉCURI~1\ANTI-V~1\ANTI-S~1\OEHook.dll
0x003c0000 0x7000 1.01.0050.0000 C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus Perso & Pro\Anti-Spam\CatNames.dll
0x74690000 0x4b000 5.01.2600.0000 C:\WINDOWS\System32\MSCTF.dll
0x00df0000 0x15c000 1.08.0000.0000 C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus Perso & Pro\Anti-Hacker\perfiloc.dll
0x73230000 0x5000 5.01.2600.0000 C:\WINDOWS\System32\RICHED32.DLL
0x74da0000 0x6b000 5.30.0023.1210 C:\WINDOWS\System32\RICHED20.dll
0x00f50000 0xb000 C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus Perso & Pro\Anti-Hacker\BCGCBRes.dll
0x019f0000 0x3c000 5.01.2600.0000 C:\WINDOWS\System32\mswsock.dll
0x76ed0000 0x25000 5.01.2600.0000 C:\WINDOWS\System32\DNSAPI.dll
------------------------------------------------------------------------------
SPOOLSV.EXE pid: 1748
Command line: C:\WINDOWS\system32\spoolsv.exe

Base Size Version Path
0x01000000 0xf000 5.01.2600.0000 C:\WINDOWS\system32\spoolsv.exe
*** File timestamp: Thu Aug 23 18:43:58 2001
*** Loaded image timestamp: Thu Aug 23 18:43:59 2001
0x76ed0000 0x25000 5.01.2600.0000 C:\WINDOWS\system32\DNSAPI.dll
0x62da0000 0x8000 5.01.2600.0000 C:\WINDOWS\system32\lprmon.dll
0x62db0000 0x6000 5.01.2600.0000 C:\WINDOWS\system32\LPRHELP.dll
0x69380000 0x8000 5.02.1776.0000 C:\WINDOWS\system32\FXSMON.DLL
0x693a0000 0x13000 5.02.1776.0000 C:\WINDOWS\system32\FXSEVENT.dll
0x71990000 0x3c000 5.01.2600.0000 C:\WINDOWS\System32\mswsock.dll
0x741e0000 0x4000 5.01.2600.0000 C:\WINDOWS\system32\icmp.dll
0x76ac0000 0x15000 3.00.9238.0000 C:\WINDOWS\system32\ATL.DLL
0x00e50000 0xe4000 6.00.2600.0000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
0x71470000 0xc000 6.00.2600.0001 C:\WINDOWS\system32\ADMWPROX.DLL
------------------------------------------------------------------------------
GUARD.EXE pid: 1940
Command line: "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe"

Base Size Version Path
0x00400000 0x34000 7.05.0000.0047 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
*** File timestamp: Thu Aug 23 18:43:58 2001
*** Loaded image timestamp: Thu Aug 23 18:43:59 2001
0x10000000 0xdd000 4.02.0000.0015 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\engine.dll
0x71950000 0xe4000 6.00.2600.0000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
------------------------------------------------------------------------------
INETINFO.EXE pid: 1968
Command line: C:\WINDOWS\System32\inetsrv\inetinfo.exe

Base Size Version Path
0x01000000 0x6000 5.01.2600.0001 C:\WINDOWS\System32\inetsrv\inetinfo.exe
*** File timestamp: Thu Aug 23 18:43:58 2001
*** Loaded image timestamp: Thu Aug 23 18:43:59 2001
0x66e00000 0x20000 6.00.2600.0001 C:\WINDOWS\system32\IisRTL.DLL
0x5dc60000 0x5000 6.00.2600.0001 C:\WINDOWS\System32\inetsrv\rpcref.dll
0x67160000 0x9000 6.00.2600.0001 C:\WINDOWS\System32\inetsrv\iisadmin.dll
0x76ac0000 0x15000 3.00.9238.0000 C:\WINDOWS\system32\ATL.DLL
0x6ec60000 0xd000 6.00.2600.0001 C:\WINDOWS\System32\inetsrv\COADMIN.dll
0x71470000 0xc000 6.00.2600.0001 C:\WINDOWS\system32\ADMWPROX.dll
0x005c0000 0xe4000 6.00.2600.0000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
0x62010000 0x15000 5.01.2600.0001 C:\WINDOWS\System32\inetsrv\metadata.dll
0x5f680000 0xc000 6.00.2600.0001 C:\WINDOWS\System32\inetsrv\nsepm.dll
0x66e50000 0x12000 6.00.2600.0001 C:\WINDOWS\system32\IISMAP.dll
0x76790000 0x24000 5.01.2600.0000 C:\WINDOWS\system32\schannel.dll
0x76b10000 0x3d000 2001.12.4414.0042 C:\WINDOWS\System32\es.dll
0x5ab10000 0xf000 5.01.2600.0001 C:\WINDOWS\System32\inetsrv\wamreg.dll
0x714a0000 0xa000 6.00.2600.0001 C:\WINDOWS\System32\inetsrv\admexs.dll
0x5bf50000 0xe000 5.01.2600.0001 C:\WINDOWS\System32\inetsrv\svcext.dll
0x71ef0000 0x4000 5.01.2600.0000 C:\WINDOWS\system32\Security.dll
0x76ed0000 0x25000 5.01.2600.0000 C:\WINDOWS\system32\DNSAPI.dll
0x6c110000 0x6000 6.00.2600.0001 C:\WINDOWS\system32\RWNH.dll
0x69940000 0xc000 5.06.2600.0001 C:\WINDOWS\system32\exstrace.dll
0x5c100000 0x6000 6.00.2600.0001 C:\WINDOWS\system32\STAXMEM.dll
0x71990000 0x3c000 5.01.2600.0000 C:\WINDOWS\system32\mswsock.dll
0x719d0000 0x8000 5.01.2600.0000 C:\WINDOWS\System32\wshtcpip.dll
0x6bc70000 0x35000 6.00.2600.0001 C:\WINDOWS\System32\inetsrv\seo.dll
------------------------------------------------------------------------------
KAVSVC.EXE pid: 1988
Command line: <unable to retrieve>
------------------------------------------------------------------------------
PCTSPK.EXE pid: 212
Command line: C:\WINDOWS\system32\pctspk.exe

Base Size Version Path
0x00400000 0x18000 4.00.0000.0000 C:\WINDOWS\system32\pctspk.exe
*** File timestamp: Thu Aug 23 18:43:58 2001
*** Loaded image timestamp: Thu Aug 23 18:43:59 2001
0x73aa0000 0x15000 5.01.2600.0000 C:\WINDOWS\system32\AVIFIL32.dll
0x73b20000 0x1f000 5.01.2600.0000 C:\WINDOWS\system32\MSVFW32.dll
0x71950000 0xe4000 6.00.2600.0000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
------------------------------------------------------------------------------
TCPSVCS.EXE pid: 248
Command line: C:\WINDOWS\System32\tcpsvcs.exe

Base Size Version Path
0x01000000 0x7000 5.01.2600.0000 C:\WINDOWS\System32\tcpsvcs.exe
*** File timestamp: Thu Aug 23 18:43:58 2001
*** Loaded image timestamp: Thu Aug 23 18:43:59 2001
0x5cb90000 0x8000 5.01.2600.0000 C:\WINDOWS\System32\simptcp.dll
0x71990000 0x3c000 5.01.2600.0000 C:\WINDOWS\system32\mswsock.dll
0x719d0000 0x8000 5.01.2600.0000 C:\WINDOWS\System32\wshtcpip.dll
0x76ed0000 0x25000 5.01.2600.0000 C:\WINDOWS\System32\DNSAPI.dll
------------------------------------------------------------------------------
SNMP.EXE pid: 308
Command line: C:\WINDOWS\System32\snmp.exe

Base Size Version Path
0x01000000 0x9000 5.01.2600.0000 C:\WINDOWS\System32\snmp.exe
*** File timestamp: Thu Aug 23 18:43:58 2001
*** Loaded image timestamp: Thu Aug 23 18:43:59 2001
0x71ed0000 0x8000 5.01.2600.0000 C:\WINDOWS\System32\snmpapi.dll
0x71990000 0x3c000 5.01.2600.0000 C:\WINDOWS\System32\mswsock.dll
0x76ed0000 0x25000 5.01.2600.0000 C:\WINDOWS\System32\DNSAPI.dll
0x719d0000 0x8000 5.01.2600.0000 C:\WINDOWS\System32\wshtcpip.dll
0x62f70000 0xb000 5.01.2600.0000 C:\WINDOWS\System32\lmmib2.dll
0x66b20000 0xb000 5.01.2600.0000 C:\WINDOWS\System32\inetmib1.dll
0x76ac0000 0x15000 3.00.9238.0000 C:\WINDOWS\System32\ATL.DLL
0x006f0000 0xe4000 6.00.2600.0000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
0x68c00000 0xc000 5.01.2600.0000 C:\WINDOWS\System32\hostmib.dll
0x5c830000 0x5000 5.01.2600.0000 C:\WINDOWS\System32\snmpmib.dll
0x69980000 0x1e000 5.01.2600.0000 C:\WINDOWS\System32\evntagnt.dll
0x76010000 0x61000 6.00.8972.0000 C:\WINDOWS\System32\MSVCP60.dll
0x67220000 0x5000 5.01.2600.0000 C:\WINDOWS\System32\igmpagnt.dll
0x621d0000 0x6000 5.01.2600.0000 C:\WINDOWS\System32\mcastmib.dll
0x5d6c0000 0xa000 5.01.2600.0000 C:\WINDOWS\System32\rtipxmib.dll
0x67970000 0x5000 5.01.2600.0001 C:\WINDOWS\System32\inetsrv\httpmib.dll
0x66ae0000 0x6000 6.00.2600.0001 C:\WINDOWS\system32\INFOADMN.dll
0x66e00000 0x20000 6.00.2600.0001 C:\WINDOWS\system32\IisRTL.DLL
0x5ead0000 0x9000 5.01.2600.0000 C:\WINDOWS\System32\perfos.dll
------------------------------------------------------------------------------
SVCHOST.EXE pid: 376
Command line: C:\WINDOWS\System32\svchost.exe -k imgsvc

Base Size Version Path
0x01000000 0x6000 5.01.2600.0000 C:\WINDOWS\System32\svchost.exe
*** File timestamp: Thu Aug 23 18:43:58 2001
*** Loaded image timestamp: Thu Aug 23 18:43:59 2001
0x73990000 0x50000 5.01.2600.0000 c:\windows\system32\wiaservc.dll
0x74a50000 0x7000 5.01.2600.0000 c:\windows\system32\CFGMGR32.dll
0x73a80000 0x13000 5.01.2600.0000 c:\windows\system32\mscms.dll
0x71ca0000 0x1b000 6.00.2600.0000 C:\WINDOWS\System32\actxprxy.dll
0x73af0000 0x13000 5.01.2600.0000 C:\WINDOWS\System32\sti.dll
------------------------------------------------------------------------------
KLSWD.EXE pid: 660
Command line: <unable to retrieve>
------------------------------------------------------------------------------
wuauclt.exe pid: 3004
Command line: "C:\WINDOWS\System32\wuauclt.exe" /RunStoreAsComServer Local\[308]SUSDS74b79b7ca63b184d94b98728476beb17

Base Size Version Path
0x00400000 0x1f000 5.08.0000.2469 C:\WINDOWS\System32\wuauclt.exe
*** File timestamp: Thu Aug 23 18:43:58 2001
*** Loaded image timestamp: Thu Aug 23 18:43:59 2001
0x76ac0000 0x15000 3.00.9238.0000 C:\WINDOWS\System32\ATL.DLL
0x71950000 0xe4000 6.00.2600.0000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\COMCTL32.dll
0x50940000 0x2c000 5.08.0000.2469 C:\WINDOWS\System32\wuaucpl.cpl
0x50040000 0x14a000 5.08.0000.2469 C:\WINDOWS\System32\wuaueng.dll
0x751d0000 0x27000 6.00.2600.0000 C:\WINDOWS\System32\ADVPACK.dll
0x002a0000 0x8000 5.01.2

===================== Hidden Objects =====================

SCAN ABORTED: an unknown error has occurred. Please check Rootkit presence with another tool

===================== Checking Rustock rootkit =====================

===================== Checking Suspicious files =====================
(Unusually Runtime packers compressed exe and dll files in C:\, %windir%\, %windir%\system32\

==========================================
Scan completed in 2,9 minutes
End of report

Réponse 13 / 17

riviere

es sa qu'il te fallait je pense avoir reussi il y a la suite

SystemScan - www.suspectfile.com - ver. 3.1.2

Running on: Windows XP PROFESSIONAL Edition (2600.5.1)
System directory: C:\WINDOWS

Date: 15/06/2007
Time: 20:29:32

Output limited to:
-Recent files
-Registry Run Keys
-Loaded Dlls
-Hidden objects
-Suspicious Files

===================== Recent files (30 days old)=====================

----- recent files in C:\
28/05/2007 11:28:30 (DIR) 0 byte 18 days old -- FOUND.018
28/05/2007 22:37:52 244 byte 18 days old -- sqmnoopt01.sqm
28/05/2007 22:37:52 268 byte 18 days old -- sqmdata01.sqm
29/05/2007 00:54:24 268 byte 17 days old -- sqmdata02.sqm
29/05/2007 00:54:24 244 byte 17 days old -- sqmnoopt02.sqm
01/06/2007 20:03:18 (DIR) 0 byte 14 days old -- FOUND.019
11/06/2007 20:08:12 (DIR) 0 byte 4 days old -- FOUND.020
14/06/2007 07:06:48 (DIR) 0 byte 1 days old -- FOUND.007
14/06/2007 07:06:48 (DIR) 0 byte 1 days old -- FOUND.006
14/06/2007 07:06:48 (DIR) 0 byte 1 days old -- FOUND.005
14/06/2007 07:06:48 (DIR) 0 byte 1 days old -- undo
14/06/2007 07:06:48 (DIR) 0 byte 1 days old -- FOUND.009
14/06/2007 07:06:48 (DIR) 0 byte 1 days old -- FOUND.008
14/06/2007 07:06:48 (DIR) 0 byte 1 days old -- FOUND.001
14/06/2007 07:06:48 (DIR) 0 byte 1 days old -- FOUND.000
14/06/2007 07:06:48 (DIR) 0 byte 1 days old -- FOUND.002
14/06/2007 07:06:48 (DIR) 0 byte 1 days old -- FOUND.004
14/06/2007 07:06:48 (DIR) 0 byte 1 days old -- FOUND.003
14/06/2007 20:19:48 (DIR) 0 byte 1 days old -- Deckard
14/06/2007 23:46:34 (DIR) 0 byte 1 days old -- suspectfile
15/06/2007 20:23:00 503316480 byte 0 days old -- pagefile.sys

----- recent files in C:\WINDOWS\
03/06/2007 16:33:50 1120 byte 12 days old -- win.ini
03/06/2007 16:52:52 74752 byte 12 days old -- ST6UNST.EXE
03/06/2007 16:52:54 253952 byte 12 days old -- Setup1.exe
04/06/2007 19:13:42 1409 byte 11 days old -- QTFont.for
11/06/2007 10:36:36 2 byte 4 days old -- System32KBRunOnce2.t__
11/06/2007 10:36:36 0 byte 4 days old -- System32KBRunOnce2.tm_
12/06/2007 11:39:02 (DIR) 0 byte 3 days old -- Minidump
13/06/2007 00:57:14 54156 byte 2 days old -- QTFont.qfn
14/06/2007 06:31:32 335 byte 1 days old -- mozregistry.dat
14/06/2007 20:20:16 (DIR) 0 byte 1 days old -- ERDNT
15/06/2007 20:21:54 50 byte 0 days old -- wiaservc.log
15/06/2007 20:21:54 32172 byte 0 days old -- SchedLgU.Txt
15/06/2007 20:21:58 1227898 byte 0 days old -- WindowsUpdate.log
15/06/2007 20:23:02 2048 byte 0 days old -- bootstat.dat
15/06/2007 20:23:56 159 byte 0 days old -- wiadebug.log
15/06/2007 20:24:00 4344 byte 0 days old -- ModemLog_HSP56 Micromodem.txt
15/06/2007 20:24:06 0 byte 0 days old -- 0.log

----- recent files in C:\WINDOWS\Downloaded Program Files\

----- recent files in C:\WINDOWS\system\

----- recent files in C:\WINDOWS\system32\
11/06/2007 10:21:28 2184 byte 4 days old -- wpa.dbl
11/06/2007 10:28:10 13573 byte 4 days old -- KB_963493.exe.bak
11/06/2007 20:10:46 24 byte 4 days old -- KBRunOnce2.t__
11/06/2007 20:11:22 30720 byte 4 days old -- poof.ren
15/06/2007 20:24:10 336 byte 0 days old -- vsconfig.xml

----- recent files in C:\WINDOWS\system32\drivers\
17/05/2007 15:15:40 82258 byte 29 days old -- klin.sys
17/05/2007 15:15:40 82258 byte 29 days old -- klick.sys

----- recent files in C:\WINDOWS\temp\
14/06/2007 09:35:32 16384 byte 1 days old -- Perflib_Perfdata_f8.dat
14/06/2007 22:01:14 16384 byte 1 days old -- Perflib_Perfdata_180.dat
14/06/2007 22:01:18 0 byte 1 days old -- T30DebugLogFile.txt
15/06/2007 07:03:12 16384 byte 0 days old -- Perflib_Perfdata_f4.dat
15/06/2007 16:40:34 256 byte 0 days old -- ZLT00f3d.TMP
15/06/2007 16:41:04 16384 byte 0 days old -- Perflib_Perfdata_fc.dat
15/06/2007 20:23:28 256 byte 0 days old -- ZLT039d7.TMP
15/06/2007 20:23:32 256 byte 0 days old -- ZLT039e4.TMP
15/06/2007 20:23:58 16384 byte 0 days old -- Perflib_Perfdata_134.dat

----- recent files in C:\Program Files\
12/06/2007 21:43:38 (DIR) 0 byte 3 days old -- Alice
12/06/2007 21:45:04 (DIR) 0 byte 3 days old -- InstallShield Installation Information
12/06/2007 21:48:30 (DIR) 0 byte 3 days old -- Trojan Remover
13/06/2007 08:45:20 (DIR) 0 byte 2 days old -- Mozilla Firefox
14/06/2007 20:21:56 (DIR) 0 byte 1 days old -- HijackThis

----- recent files in C:\Program Files\Fichiers communs\

===================== REGISTRY SCAN =====================

-----HKLM\Software\Microsoft\Windows\CurrentVersion\Run-----

Réponse 14 / 17

Utilisateur anonyme

Fais un clic droit sur ce lien :Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.zip logiciel d'Il Mafioso

Fais un clic droit sur navilog1.zip et choisis "tout extraire"
Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).

Laisse-toi guider. Au menu principal choisis F, ensuite choisis 1 et valides.
(ne fais pas le choix 2,3 ou 4 sansmon avis)

Patiente jusqu'au message :
*** Analyse Termine le ..... ***

Appuie sur une touche comme demandé, le bloc-note va s'ouvrir.
Copie-colle l'intégralité dans un nouveau message
Le rapport est aussi sauvegardé à la racine du disque (fixnavi.txt)

riviere

merci de ton aide voici les resultat du scan demander

Search Navipromo version 2.0.3 commencé le 17/06/2007 à 0:28:00,35

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Poster ce rapport sur le forum pour le faire analyser !!!
!!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!!

Fix lancé depuis C:\Program Files\navilog1
Mise a jour le 08.06.2007 a 17h00 by IL-MAFIOSO

Executé en mode normal

*** Recherche Programmes installes ***

*** Recherche dossiers dans C:\WINDOWS ***

*** Recherche dossiers dans C:\Program Files ***

C:\Program Files\MessengerSkinner trouvé !

*** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***

*** Recherche dossiers dans C:\Documents and Settings\Sanchez\Application Data ***

...\Application Data\MessengerSkinner trouvé !

*** Recherche avec BlackLight Engine/F-secure ***
BlackLight Engine est un produit de F-secure, pour + d'infos :
https://www.f-secure.com/en

Fichier(s) caché(s) dans C:\WINDOWS\system32 :

C:\windows\system32\drmpbdu.exe

Processus caché(s) dans C:\WINDOWS\system32 :

C:\windows\system32\drmpbdu.exe

*** Recherche fichiers ***

C:\WINDOWS\pack.epk trouvé !
C:\WINDOWS\system32\nvs2.inf trouvé !

*** Recherche cles registre ***

Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]

Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage]

Recherche Clé Magic Control

HKEY_CURRENT_USER\Software\Lanconfig trouvé !

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche fichiers connus:

2)Recherche Heuristique :
*
C:\WINDOWS\system32\drmpbdu.dat trouvé !
**
C:\WINDOWS\system32\drmpbdu.dat trouvé !
***
****
C:\WINDOWS\system32\drmpbdu_navps.dat trouvé !
*****
******
*******
C:\WINDOWS\system32\ouwyfrp.exe trouvé !
********
C:\WINDOWS\system32\ouwyfrp.exe trouvé !
C:\WINDOWS\system32\fcwmyp.exe trouvé !
C:\WINDOWS\system32\oeyhksnmq.exe trouvé !
C:\WINDOWS\system32\qpdhsfzaki.exe trouvé !

*** Analyse Terminé le 17/06/2007 à 0:29:11,22 ***

Utilisateur anonyme > riviere

N'installe plus ce porgramme c'est de la saloperie : MessengerSkinner

Avec Navilog :

Double clique sur le raccourci Navilog1 présent sur le bureau et laisse-toi guider.
Au menu principal, choisis 2 et valide.

Le fix va t'informer qu'il va alors redémarrer ton PC
Ferme toutes les fenêtres ouvertes et enregistre tes documents personnels ouverts
Appuie sur une touche comme demandé.
(si ton Pc ne redémarre pas automatiquement, fais le toi même)
Au redémarrage de ton PC, choisis ta session habituelle.

Patiente jusqu'au message :
*** Nettoyage Termine le ..... ***
Le blocnote va s'ouvrir.
Sauvegarde le rapport de manière à le retrouver
Referme le blocnote. Ton bureau va réapparaitre

Si ton bureau ne réapparait pas, appuie en même temps sur les touches CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "exécuter"
Tape explorer et valide. Cela te fera apparaitre ton bureau.

riviere > Utilisateur anonyme

j'ai effectuer le nettoyage comme demander et mozilla firefox marche maintenant merci merci et encore merci tes vraiment genial ya t'il autre chose a faire apres sa je te donne le rapport de nettoyage navilog 1

Clean Navipromo version 2.0.3 commencé le 17/06/2007 à 8:56:04,05

Fix lancé depuis C:\Program Files\navilog1
Mise a jour le 08.06.2007 a 17h00 by IL-MAFIOSO

Mode suppression automatique avec prise en charge résultats Blacklight

*** Creation backups fichiers trouvés par Blacklight ***

Copie vers "C:\Program Files\navilog1\Backupnavi"

*** Suppression des fichiers trouvés avec Blacklight ***

C:\windows\system32\drmpbdu.exe supprimé !

** 2ème passage **

C:\WINDOWS\system32\drmpbdu.exe absent !
C:\WINDOWS\system32\drmpbdu_navup.dat absent !
C:\WINDOWS\system32\drmpbdu_navtmp.dat absent !
C:\WINDOWS\system32\drmpbdu_m2s.xml absent !

C:\WINDOWS\system32\drmpbdu.dat trouvé !
Copie C:\WINDOWS\system32\drmpbdu.dat réalise avec succes !
C:\WINDOWS\system32\drmpbdu.dat supprimé !

C:\WINDOWS\system32\drmpbdu_nav.dat trouvé !
Copie C:\WINDOWS\system32\drmpbdu_nav.dat réalise avec succes !
C:\WINDOWS\system32\drmpbdu_nav.dat supprimé !

C:\WINDOWS\system32\drmpbdu_navps.dat trouvé !
Copie C:\WINDOWS\system32\drmpbdu_navps.dat réalise avec succes !
C:\WINDOWS\system32\drmpbdu_navps.dat supprimé !

C:\WINDOWS\prefetch\drmpbdu*.pf trouvé !
Copie C:\WINDOWS\prefetch\drmpbdu*.pf réalise avec succes !
C:\WINDOWS\prefetch\drmpbdu*.pf supprimé !

*** Suppression dossiers dans C:\WINDOWS ***

*** Suppression dossiers dans C:\Program Files ***

C:\Program Files\MessengerSkinner ...suppression...
C:\Program Files\MessengerSkinner supprimé !

*** Suppression dossiers dans C:\Documents and Settings\All Users\Application Data ***

*** Suppression dossiers dans C:\Documents and Settings\Sanchez\Application Data ***

...\Application Data\MessengerSkinner ...suppression...
...\Application Data\MessengerSkinner supprimé !

*** Suppression fichiers ***

C:\WINDOWS\pack.epk supprimé !
C:\WINDOWS\system32\nvs2.inf supprimé !

*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\Sanchez\Local Settings\Temp effectué !

*** Sauvegarde du registre vers dossier Backupnavi***

sauvegarde du registre réalise avec succes !

*** Nettoyage registre ***

Nettoyage registre Ok

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche fichiers connus:

2)Recherche et Suppression Heuristique :

*
**
***
****
*****
******
*******
C:\WINDOWS\System32\ouwyfrp.exe trouvé !
Copie C:\WINDOWS\system32\ouwyfrp.exe réalise avec succes !
C:\WINDOWS\system32\ouwyfrp.exe supprimé !

********
C:\WINDOWS\System32\fcwmyp.exe trouvé !
Copie C:\WINDOWS\system32\fcwmyp.exe réalise avec succes !
C:\WINDOWS\system32\fcwmyp.exe supprimé !

C:\WINDOWS\System32\oeyhksnmq.exe trouvé !
Copie C:\WINDOWS\system32\oeyhksnmq.exe réalise avec succes !
C:\WINDOWS\system32\oeyhksnmq.exe supprimé !

C:\WINDOWS\System32\qpdhsfzaki.exe trouvé !
Copie C:\WINDOWS\system32\qpdhsfzaki.exe réalise avec succes !
C:\WINDOWS\system32\qpdhsfzaki.exe supprimé !

3)Contrôle présence clés Rootkit dans le registre :

Aucune autre clés présente dans le registre !

*** Nettoyage termine le 17/06/2007 à 8:59:22,83 ***

riviere

re apres le nettoyage navilog 1 mozilla firefox marcher correctement puis apres plus rien sa marche plus je suppose qu'il doit y avoir encore des saloperie merci de ta reponse et ton aides.

riviere > Utilisateur anonyme

coucou boulepat desole de t'embeter mais sa marche tjr pas j'ai toujour une page blanche avec mozilla.
merci de ton aide.

Réponse 15 / 17

Utilisateur anonyme

C'ets quoi cette page blanche ? ! T'as regardé au niveau de ta page de démarrage ?

Avec Internet Explorer comment ça se passe ?

A++

riviere

en fait c toujours mozilla firefox quand je l'ouvre cet une page blanche et les info sur la page cet about blank et au niveau d'explorer sa a l'air d'aller pour le moment j'ai plus de page de pub merci de ton aide.

Réponse 16 / 17

Utilisateur anonyme

oki, fais ces deux choses :

Télécharge
http://www.trojaner-info.de/cgi-bin/download.cgi?file=sphjfix

Clic sur Start disinfection
Clic sur "LOg"
Le rapport s'ouvre, copie et colle le contenu ici stp

ET

Télécharge
https://www.malwarebytes.com/

Clic sur begin scan

Dès qu'ils ont terminé, redémarre ton PC et ouvre FireFox dis mo ice que ça donne ;-)

riviere

ok merci voici le rapport du 1er lien demander

(6/21/07 00:07:38) SPSeHjFix started v1.1.2
(6/21/07 00:07:38) OS: WinXP (5.1.2600)
(6/21/07 00:07:38) Language: français
(6/21/07 00:07:38) Win-Path: C:\WINDOWS
(6/21/07 00:07:38) System-Path: C:\WINDOWS\System32
(6/21/07 00:07:38) Temp-Path: C:\DOCUME~1\Sanchez\LOCALS~1\Temp\
(6/21/07 00:07:42) Disinfection started
(6/21/07 00:07:42) Bad-Dll(IEP): (not found)
(6/21/07 00:07:42) Bad-Dll(IEP) in BHO: (not found)
(6/21/07 00:07:42) UBF: 4 - UBB: 0 - UBR: 11
(6/21/07 00:07:42) UBF: 4 - UBB: 0 - UBR: 11
(6/21/07 00:07:42) Bad IE-pages: (none)
(6/21/07 00:07:42) Stealth-String not found
(6/21/07 00:07:42) Not infected->END

riviere

about buster me marque scan was completed successfully at 00:24:12
puis erreue d'execution '339' le composant 'comctl32.ocx' ou une de ses dependances n'est pas correctementenregistre :un fichier est absent ou incorrect donc j'ai pas de rapport de scan et mozilla marche toujours pas merci de ton aide.

Réponse 17 / 17

Utilisateur anonyme

Télécharge http://www.malwarebytes.org/libraries/COMCTL32.OCX

Mets ce fichier dans le dossier /System32/
Une fois que tu l'as mis dans ce dossier.

Ensuite, clic sur démarrer, exécuter et tape :
regsrv32 %windir%\system32\COMCTL32.OCX

Puis exécute à nouveau le logiciel.

A mon avis ça donnera rien, as-tu essayé de réinstaller complétement firefox ?

riviere

j'ai tout essayer et rien a faire cela ne veut pas marcher.

Discussions similaires

Avis site about you

Méssage Firefox ''Couldn't load XPCOM''

Site de contrefaçon ou non ?

Problème de téléchargement de firefox mozilla

Une solution pour about:blank

Probleme de about blank sur mozilla firefox

17 réponses

Votre réponse

Discussions similaires

Newsletters