Voici le résulta de DiagHelp :
DiagHelp version v1.4 -
http://www.malekal.comexcute le 15/05/2008 à 18:26:43,93
Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf -->15/05/2008 18:26:43
C:\WINDOWS\prefetch\CHCP.COM-18156052.pf -->15/05/2008 18:26:37
C:\WINDOWS\prefetch\WINRAR.EXE-39C6DAD9.pf -->15/05/2008 18:25:48
C:\WINDOWS\prefetch\DAP.EXE-35E17E3D.pf -->15/05/2008 18:24:06
C:\WINDOWS\prefetch\WINWORD.EXE-37F6AE09.pf -->15/05/2008 18:22:24
C:\WINDOWS\prefetch\IEXPLORE.EXE-27122324.pf -->15/05/2008 18:21:19
C:\WINDOWS\prefetch\FIREFOX.EXE-28641590.pf -->15/05/2008 18:18:37
C:\WINDOWS\prefetch\NOTEPAD.EXE-336351A9.pf -->15/05/2008 18:18:08
C:\WINDOWS\prefetch\TASKMGR.EXE-20256C55.pf -->15/05/2008 18:14:06
C:\WINDOWS\prefetch\ .EXE-243DF4AE.pf -->15/05/2008 18:14:00
C:\WINDOWS\System32\drivers\dtscsi.sys -->22/03/2008 10:54:03
C:\WINDOWS\System32\drivers\sptd6621.sys -->22/03/2008 10:52:12
C:\WINDOWS\System32\drivers\sptd.sys -->22/03/2008 10:52:12
C:\WINDOWS\System32\drivers\epfwtdir.sys -->13/03/2008 16:52:18
C:\WINDOWS\System32\drivers\easdrv.sys -->13/03/2008 16:44:36
C:\WINDOWS\System32\drivers\eamon.sys -->13/03/2008 16:43:42
C:\WINDOWS\System32\drivers\aswmon.sys -->06/09/2007 10:05:25
C:\WINDOWS\System32\nvapps.xml -->15/05/2008 17:41:51
C:\WINDOWS\System32\CONFIG.NT -->14/05/2008 22:19:55
C:\WINDOWS\System32\wpa.dbl -->11/05/2008 18:28:28
C:\WINDOWS\System32\BASSMOD.dll -->06/05/2008 12:26:26
C:\WINDOWS\System32\mshta.rar -->30/04/2008 21:12:00
C:\WINDOWS\System32\mshta.zip -->30/04/2008 21:11:40
C:\WINDOWS\System32\lncom_.JPG -->23/04/2008 18:37:33
C:\WINDOWS\System32\matrix2.scr -->13/04/2008 18:34:59
C:\WINDOWS\System32\SHELLLNK.TLB -->12/04/2008 21:21:34
C:\WINDOWS\System32\setupmspi.log -->11/04/2008 14:06:28
C:\WINDOWS\System32\msxml.p2i -->11/04/2008 14:06:28
C:\WINDOWS\System32\_tmp9877 -->07/04/2008 20:06:08
C:\WINDOWS\System32\lncom_.mp3 -->22/03/2008 12:02:29
C:\WINDOWS\System32\FNTCACHE.DAT -->20/03/2008 23:38:23
C:\WINDOWS\System32\nscompat.tlb -->20/03/2008 23:34:32
C:\WINDOWS\System32\amcompat.tlb -->20/03/2008 23:34:32
C:\WINDOWS\System32\wbocx.ocx -->20/03/2008 23:22:36
C:\WINDOWS\System32\wbhelp2.dll -->20/03/2008 23:22:36
C:\WINDOWS\System32\AniGIF.ocx -->20/03/2008 23:22:36
C:\WINDOWS\System32\PerfStringBackup.INI -->20/03/2008 22:11:14
C:\WINDOWS\System32\perfh00C.dat -->20/03/2008 22:11:14
C:\WINDOWS\System32\perfh009.dat -->20/03/2008 22:11:14
C:\WINDOWS\System32\perfc00C.dat -->20/03/2008 22:11:14
C:\WINDOWS\System32\perfc009.dat -->20/03/2008 22:11:14
C:\WINDOWS\System32\spdwnwxp.log -->20/03/2008 22:03:37
C:\WINDOWS\QTFont.qfn -->15/05/2008 18:01:53
C:\WINDOWS\0.log -->15/05/2008 17:00:52
C:\WINDOWS\wiaservc.log -->15/05/2008 16:59:59
C:\WINDOWS\wiadebug.log -->15/05/2008 16:59:56
C:\WINDOWS\bootstat.dat -->15/05/2008 16:59:52
C:\WINDOWS\SchedLgU.Txt -->15/05/2008 13:42:20
C:\WINDOWS\win.ini -->15/05/2008 13:41:54
C:\WINDOWS\system.ini -->15/05/2008 13:41:54
C:\WINDOWS\wmsetup.log -->14/05/2008 16:14:42
C:\WINDOWS\QTFont.for -->11/05/2008 23:10:56
C:\WINDOWS\PhotoBrush.INI -->06/05/2008 13:25:49
C:\WINDOWS\Thumbs.db -->24/04/2008 02:11:33
C:\WINDOWS\SpeedWiz.ini -->16/04/2008 01:40:22
C:\WINDOWS\ssaver.ini -->13/04/2008 18:36:05
C:\WINDOWS\matrix2.INI -->13/04/2008 18:35:00
winlogon.exe
Verified: Signed
svchost.exe
Verified: Signed
ws2_32.dll
Verified: Signed
user32.dll
Verified: Signed
tcpip.sys
Verified: Signed
ndis.sys
Verified: Signed
null.sys
Verified: Signed
ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals -
www.sysinternals.com------------------------------------------------------------------------------
explorer.exe pid: 768
Command line: C:\WINDOWS\Explorer.EXE
Base Size Version Path
0x01000000 0xf9000 6.00.2800.1106 C:\WINDOWS\Explorer.EXE
0x77be0000 0x53000 7.00.2600.1106 C:\WINDOWS\system32\msvcrt.dll
0x77290000 0x64000 6.00.2800.1106 C:\WINDOWS\system32\SHLWAPI.dll
0x77390000 0x805000 6.00.2800.1106 C:\WINDOWS\system32\SHELL32.dll
0x770e0000 0x8b000 3.50.5016.0000 C:\WINDOWS\system32\OLEAUT32.dll
0x75f10000 0xfc000 6.00.2800.1106 C:\WINDOWS\System32\BROWSEUI.dll
0x76960000 0x14a000 6.00.2800.1106 C:\WINDOWS\System32\SHDOCVW.dll
0x5b090000 0x34000 6.00.2800.1106 C:\WINDOWS\System32\UxTheme.dll
0x78090000 0xe4000 6.00.2800.1106 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll
0x77300000 0x8b000 5.82.2800.1106 C:\WINDOWS\system32\comctl32.dll
0x76f80000 0x78000 2001.12.4414.0042 C:\WINDOWS\System32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0042 C:\WINDOWS\System32\COMRes.dll
0x5b950000 0x72000 6.00.2800.1106 C:\WINDOWS\System32\themeui.dll
0x71ca0000 0x1b000 6.00.2600.0000 C:\WINDOWS\System32\actxprxy.dll
0x074a0000 0x13000 10.00.0000.3802 C:\PROGRA~1\WINDOW~2\wmpband.dll
0x00fa0000 0x15000 3.00.9435.0000 C:\WINDOWS\System32\ATL.DLL
0x76080000 0x7a000 6.00.2800.1106 C:\WINDOWS\system32\urlmon.dll
0x01210000 0x201000 2.00.2600.1106 C:\WINDOWS\System32\msi.dll
0x74aa0000 0x43000 6.00.2800.1106 C:\WINDOWS\System32\webcheck.dll
0x74a60000 0x9000 6.00.2600.0000 C:\WINDOWS\System32\BatMeter.dll
0x74a40000 0x7000 6.00.2600.0000 C:\WINDOWS\System32\POWRPROF.dll
0x76be0000 0x2b000 5.131.2600.0000 C:\WINDOWS\System32\WINTRUST.dll
0x76250000 0x8d000 5.131.2600.1106 C:\WINDOWS\system32\CRYPT32.dll
0x76340000 0x46000 6.00.2800.1106 C:\WINDOWS\system32\comdlg32.dll
0x10000000 0x76d000 6.14.0010.9382 C:\WINDOWS\System32\nvcpl.dll
0x74bf0000 0x2c000 4.02.5406.0000 C:\WINDOWS\System32\OLEACC.dll
0x76010000 0x61000 6.00.8972.0000 C:\WINDOWS\System32\MSVCP60.dll
0x01ae0000 0x44000 6.14.0010.9382 C:\WINDOWS\System32\NVRSFR.DLL
0x019a0000 0x36000 6.14.0010.9382 C:\WINDOWS\System32\nvapi.dll
0x01b40000 0x73000 6.14.0010.11076 C:\WINDOWS\System32\nvshell.dll
0x76190000 0x99000 6.00.2800.1106 C:\WINDOWS\system32\WININET.dll
0x5ce30000 0x69000 6.00.2800.1106 C:\WINDOWS\System32\shimgvw.dll
0x78190000 0x1a1000 5.01.3101.0000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.10.0_x-ww_712befd8\gdiplus.dll
0x52330000 0xd000 8.05.0005.0004 C:\Program Files\DAP\DAPIEMonitor.dll
0x6c370000 0xf2000 6.00.8665.0000 C:\Program Files\DAP\MFC42.DLL
0x61d70000 0xe000 6.00.8665.0000 C:\WINDOWS\System32\MFC42LOC.DLL
0x723a0000 0x13000 6.00.2800.1106 C:\WINDOWS\System32\browselc.dll
0x1f7b0000 0x31000 3.520.9030.0000 C:\WINDOWS\System32\ODBC32.dll
0x1f850000 0x18000 3.520.7713.0000 C:\WINDOWS\System32\odbcint.dll
0x746e0000 0x8f000 6.00.2600.0000 C:\WINDOWS\System32\MLANG.dll
0x01920000 0x29000 C:\Program Files\WinRAR\rarext.dll
0x30b60000 0xe000 8.05.0000.0001 C:\PROGRA~1\DAP\PRIVAC~1\DAPCTX~1.DLL
0x64f00000 0x12000 4.07.1043.0000 C:\Program Files\Alwil Software\Avast4\ashShell.dll
0x732d0000 0x52000 6.00.2800.1106 C:\WINDOWS\System32\zipfldr.dll
0x325c0000 0x12000 11.00.5510.0000 C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
0x70ee0000 0x7000 1.01.0000.3917 C:\WINDOWS\System32\asfsipc.dll
0x60990000 0xd000 2.00.2600.0000 C:\WINDOWS\System32\MSISIP.DLL
0x74e10000 0x10000 5.06.0000.6626 C:\WINDOWS\System32\wshext.dll
0x59000000 0xe000 5.06.0000.6626 C:\WINDOWS\System32\wshFR.DLL
0x36d30000 0x1a000 11.00.6551.0000 C:\PROGRA~1\MICROS~2\OFFICE11\MCPS.DLL
ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals -
www.sysinternals.com------------------------------------------------------------------------------
winlogon.exe pid: 584
Command line: winlogon.exe
Base Size Version Path
0x01000000 0x84000 \??\C:\WINDOWS\system32\winlogon.exe
0x77be0000 0x53000 7.00.2600.1106 C:\WINDOWS\system32\msvcrt.dll
0x76250000 0x8d000 5.131.2600.1106 C:\WINDOWS\system32\CRYPT32.dll
0x77390000 0x805000 6.00.2800.1106 C:\WINDOWS\system32\SHELL32.dll
0x77290000 0x64000 6.00.2800.1106 C:\WINDOWS\system32\SHLWAPI.dll
0x77300000 0x8b000 5.82.2800.1106 C:\WINDOWS\system32\COMCTL32.dll
0x1f7b0000 0x31000 3.520.9030.0000 C:\WINDOWS\System32\ODBC32.dll
0x76340000 0x46000 6.00.2800.1106 C:\WINDOWS\system32\comdlg32.dll
0x78090000 0xe4000 6.00.2800.1106 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll
0x1f850000 0x18000 3.520.7713.0000 C:\WINDOWS\System32\odbcint.dll
0x76b70000 0x20000 6.00.2800.1106 C:\WINDOWS\System32\SHSVCS.dll
0x76be0000 0x2b000 5.131.2600.0000 C:\WINDOWS\System32\WINTRUST.dll
0x5b090000 0x34000 6.00.2800.1106 C:\WINDOWS\System32\uxtheme.dll
0x73d50000 0x3000 1.05.0540.0000 C:\WINDOWS\system32\WgaLogon.dll
0x77000000 0xd4000 2001.12.4414.0042 C:\WINDOWS\System32\COMRes.dll
0x770e0000 0x8b000 3.50.5016.0000 C:\WINDOWS\system32\OLEAUT32.dll
0x76f80000 0x78000 2001.12.4414.0042 C:\WINDOWS\System32\CLBCATQ.DLL
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 6C2B-8EDE
Répertoire de C:\WINDOWS\system32
28/08/2001 12:00 4 096 csrss.exe
1 fichier(s) 4 096 octets
0 Rép(s) 30 239 383 552 octets libres
Contenu de Downloaded Program Files
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 6C2B-8EDE
Répertoire de C:\WINDOWS\Downloaded Program Files
22/03/2008 16:47 <REP> .
22/03/2008 16:47 <REP> ..
11/03/2008 16:13 65 desktop.ini
14/10/1997 17:52 697 DirectAnimation Java Classes.osd
11/04/2007 14:55 1 292 erma.inf
20/11/2007 16:04 1 523 536 FP_AX_CAB_INSTALLER.exe
20/01/2000 14:25 1 162 Microsoft XML Parser for Java.osd
20/11/2007 15:50 247 swflash.inf
6 fichier(s) 1 526 999 octets
Total des fichiers listés :
6 fichier(s) 1 526 999 octets
2 Rép(s) 30 239 383 552 octets libres
Recherche de rootkit! (Merci S!Ri)
Recherche d'infections connues
Export des clefs sensibles..
Liste des fichiers en exception sur le pare-feu XP SP2
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
Export de la clef SharedTaskScheduler
[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
exports des policies
REGEDIT4
[system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
Export des clefs sensibles..
Rechercher adresses sensibles dans le fichier HOSTS...
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-05-15 18:27:05
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s0"=dword:3e256502
"s1"=dword:3bf04f5e
"s2"=dword:8f7c5551
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:07,e5,1c,58,6f,1f,33,f5,62,ad,06,90,b8,a3,f6,be,be,ba,d8,fd,a3,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:07,e5,1c,58,6f,1f,33,f5,62,ad,06,90,b8,a3,f6,be,be,ba,d8,fd,a3,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden services: 0
hidden files: 0
KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (
www.security.org.sg)
Process list by traversal of KiWaitListHead
4 - System
172 - ashDisp.exe
276 - btdna.exe
336 - dslmon.exe
344 - iexplore.exe
436 - DUC20.exe
560 - csrss.exe
584 - winlogon.exe
632 - services.exe
644 - lsass.exe
768 - explorer.exe
836 - svchost.exe
860 - svchost.exe
924 - svchost.exe
1040 - ashServ.exe
1356 - nvsvc32.exe
1404 - svchost.exe
1736 - FixCamera.exe
1948 - tsnp325.exe
1980 - vsnp325.exe
2268 - usnsvc.exe
2440 - msnmsgr.exe
2684 - cmd.exe
3860 - iexplore.exe
Total number of processes = 24
NOTE: Under WinXP, this will not show all processes.
KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (
www.security.org.sg)
Driver/Module list by traversal of PsLoadedModuleList
804D4000 - \WINDOWS\system32\ntoskrnl.exe
806BA000 - \WINDOWS\system32\hal.dll
F7D2F000 - \WINDOWS\system32\KDCOM.DLL
F7C3F000 - \WINDOWS\system32\BOOTVID.dll
F773B000 - sptd.sys
F7D31000 - \WINDOWS\System32\Drivers\WMILIB.SYS
F7724000 - \WINDOWS\System32\Drivers\SPTD6621.SYS
F76F8000 - ACPI.sys
F782F000 - pci.sys
F783F000 - isapnp.sys
F7DF7000 - pciide.sys
F7AAF000 - \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
F784F000 - MountMgr.sys
F76D9000 - ftdisk.sys
F7D33000 - dmload.sys
F76B5000 - dmio.sys
F7AB7000 - PartMgr.sys
F785F000 - VolSnap.sys
F769F000 - atapi.sys
F786F000 - disk.sys
F787F000 - \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
F768B000 - KSecDD.sys
F7601000 - Ntfs.sys
F75D8000 - NDIS.sys
F75BE000 - Mup.sys
F7A1F000 - \SystemRoot\System32\DRIVERS\processr.sys
F6B43000 - \SystemRoot\System32\DRIVERS\nv4_mini.sys
F6B31000 - \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
F7B07000 - \SystemRoot\System32\DRIVERS\usbuhci.sys
F6B0F000 - \SystemRoot\System32\DRIVERS\USBPORT.SYS
F7B0F000 - \SystemRoot\System32\DRIVERS\usbehci.sys
F7B17000 - \SystemRoot\System32\DRIVERS\fdc.sys
F6AFC000 - \SystemRoot\System32\DRIVERS\parport.sys
F7A2F000 - \SystemRoot\System32\DRIVERS\i8042prt.sys
F7B1F000 - \SystemRoot\System32\DRIVERS\kbdclass.sys
F7B27000 - \SystemRoot\System32\DRIVERS\mouclass.sys
F7A3F000 - \SystemRoot\System32\DRIVERS\serial.sys
F7596000 - \SystemRoot\System32\DRIVERS\serenum.sys
F7A4F000 - \SystemRoot\System32\DRIVERS\imapi.sys
F7A5F000 - \SystemRoot\System32\DRIVERS\cdrom.sys
F7A6F000 - \SystemRoot\System32\DRIVERS\redbook.sys
F6ADC000 - \SystemRoot\System32\DRIVERS\ks.sys
F6AA6000 - \SystemRoot\system32\drivers\smwdm.sys
F6A85000 - \SystemRoot\system32\drivers\portcls.sys
F7A7F000 - \SystemRoot\system32\drivers\drmk.sys
F6A65000 - \SystemRoot\system32\drivers\aeaudio.sys
F6A05000 - \SystemRoot\system32\drivers\senfilt.sys
F7F33000 - \SystemRoot\System32\DRIVERS\audstub.sys
F7A8F000 - \SystemRoot\System32\DRIVERS\rasl2tp.sys
F758E000 - \SystemRoot\System32\DRIVERS\ndistapi.sys
F69DE000 - \SystemRoot\System32\DRIVERS\ndiswan.sys
F7A9F000 - \SystemRoot\System32\DRIVERS\raspppoe.sys
F78EF000 - \SystemRoot\System32\DRIVERS\raspptp.sys
F7586000 - \SystemRoot\System32\DRIVERS\TDI.SYS
F69A5000 - \SystemRoot\System32\DRIVERS\psched.sys
F78FF000 - \SystemRoot\System32\DRIVERS\msgpc.sys
F7B37000 - \SystemRoot\System32\DRIVERS\ptilink.sys
F7B3F000 - \SystemRoot\System32\DRIVERS\raspti.sys
F6978000 - \SystemRoot\System32\DRIVERS\rdpdr.sys
F792F000 - \SystemRoot\System32\DRIVERS\termdd.sys
F7E52000 - \SystemRoot\System32\DRIVERS\swenum.sys
F6956000 - \SystemRoot\System32\DRIVERS\update.sys
F6FA0000 - \SystemRoot\System32\Drivers\NDProxy.SYS
F6F90000 - \SystemRoot\System32\DRIVERS\usbhub.sys
F7D67000 - \SystemRoot\System32\DRIVERS\USBD.SYS
F7B5F000 - \SystemRoot\System32\DRIVERS\flpydisk.sys
F7D75000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS
F7E9F000 - \SystemRoot\System32\Drivers\Null.SYS
F7D77000 - \SystemRoot\System32\Drivers\Beep.SYS
F7B6F000 - \SystemRoot\System32\drivers\vga.sys
F7D79000 - \SystemRoot\System32\Drivers\mnmdd.SYS
F7D7B000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys
F7B77000 - \SystemRoot\System32\Drivers\Msfs.SYS
F7B7F000 - \SystemRoot\System32\Drivers\Npfs.SYS
F7D2B000 - \SystemRoot\System32\DRIVERS\rasacd.sys
F6F70000 - \SystemRoot\System32\DRIVERS\ipsec.sys
F57BC000 - \SystemRoot\System32\DRIVERS\tcpip.sys
F6F60000 - \SystemRoot\System32\Drivers\aswTdi.SYS
F6F50000 - \SystemRoot\System32\DRIVERS\wanarp.sys
F576D000 - \SystemRoot\System32\DRIVERS\netbt.sys
F6F40000 - \SystemRoot\System32\DRIVERS\epfwtdir.sys
F6F30000 - \SystemRoot\System32\Drivers\Fips.SYS
F6F20000 - \SystemRoot\System32\DRIVERS\easdrv.sys
F7B8F000 - \SystemRoot\System32\Drivers\Aavmker4.SYS
F6F10000 - \SystemRoot\System32\Drivers\Cdfs.SYS
F4D05000 - \SystemRoot\System32\DRIVERS\snp325.sys
F797F000 - \SystemRoot\System32\DRIVERS\STREAM.SYS
F4CEA000 - \SystemRoot\System32\DRIVERS\e4usbaw.sys
F4CD4000 - \SystemRoot\System32\Drivers\dump_atapi.sys
F7D95000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS
BF800000 - \SystemRoot\System32\win32k.sys
F6936000 - \SystemRoot\System32\watchdog.sys
F6932000 - \SystemRoot\System32\drivers\Dxapi.sys
BFF80000 - \SystemRoot\System32\drivers\dxg.sys
F7F24000 - \SystemRoot\System32\drivers\dxgthk.sys
BF9BB000 - \SystemRoot\System32\nv4_disp.dll
BAD9F000 - \SystemRoot\System32\drivers\afd.sys
BAE38000 - \SystemRoot\System32\DRIVERS\ndisuio.sys
BAC99000 - \SystemRoot\System32\Drivers\aswMon2.SYS
BA666000 - \SystemRoot\System32\DRIVERS\mrxdav.sys
F7DD1000 - \SystemRoot\System32\Drivers\ParVdm.SYS
BA5F1000 - \SystemRoot\System32\DRIVERS\eamon.sys
BA5C9000 - \SystemRoot\System32\Drivers\aswRdr.SYS
F7C2F000 - \SystemRoot\System32\Drivers\TDTCP.SYS
BA46C000 - \SystemRoot\System32\Drivers\RDPWD.SYS
BA721000 - \SystemRoot\system32\drivers\sysaudio.sys
BA358000 - \SystemRoot\system32\drivers\wdmaud.sys
B8775000 - \SystemRoot\system32\drivers\kmixer.sys
BFFA0000 - \SystemRoot\System32\ATMFD.DLL
F7EA0000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys
Total number of drivers = 110
Liste des programmes installes
325 USB PC Camera
4.0
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Apple Software Update
avast! Antivirus
CCleaner (remove only)
Corona Visualization Plug-in for WMP
Counter-Strike 1.6
Download Accelerator Plus (DAP)
ESET NOD32 Antivirus
Exlib
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Windows XP (KB926239)
Jasc Animation Shop 3
K-Lite Codec Pack 3.4.5 Full
Kit de Connexion MENARA
Lecteur Windows Media 10
Messenger Plus! Live & Sponsor (CiD)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mozilla Firefox (2.0.0.14)
No-IP.com DUC (remove only)
NVIDIA Drivers
OneStep Search 1.0 build 166
PacSteamT
PhotoDream 1.2
PhotoFiltre Studio
PhotoSEAM 1.0
QuickTime
SoundMAX
Ulead Photo Express 6
WebFldrs XP
WinASO Registry Optimizer 3.1
Windows Genuine Advantage Notifications (KB905474)
Windows Live Messenger
Windows Media Format Runtime
WinPcap 3.1 beta3
WinRAR archiver
Wondershare Photo Collage Studio (2.4.0) Trial Version
Yahoo! Install Manager
Yahoo! Toolbar
Yahoo! Toolbar avec bloqueur de fenêtres pop-up
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 6C2B-8EDE
Répertoire de C:\Program Files
14/05/2008 22:27 <REP> .
14/05/2008 22:27 <REP> ..
13/04/2008 18:26 <REP> AdVantage
14/05/2008 21:02 <REP> Ahead
08/05/2008 13:06 <REP> Alwil Software
11/03/2008 17:59 <REP> Analog Devices
24/04/2008 20:05 <REP> Apple Software Update
01/05/2008 10:13 <REP> atom new eggs
02/05/2008 01:36 <REP> BitTorrent
11/03/2008 18:56 <REP> CCleaner
12/05/2008 16:17 <REP> Circle Developement
11/03/2008 16:11 <REP> ComPlus Applications
12/05/2008 15:57 <REP> Counter-Strike 1.6
13/03/2008 02:07 <REP> Custom-Strike
20/03/2008 23:48 <REP> DAP
02/05/2008 01:35 <REP> DNA
14/05/2008 21:02 <REP> Fichiers communs
21/03/2008 16:58 <REP> Google
22/03/2008 10:16 <REP> Groove Games
20/03/2008 23:50 <REP> IMMonitor
20/03/2008 22:01 <REP> Internet Explorer
14/05/2008 21:35 <REP> Jasc Software Inc
11/03/2008 18:13 <REP> K-Lite Codec Pack
11/03/2008 16:27 <REP> Menara
20/03/2008 22:06 <REP> Messenger
01/04/2008 18:57 <REP> Messenger Plus! Live
11/03/2008 16:14 <REP> microsoft frontpage
11/03/2008 18:37 <REP> Microsoft Office
11/03/2008 18:37 <REP> Microsoft.NET
20/03/2008 22:01 <REP> Movie Maker
15/05/2008 18:18 <REP> Mozilla Firefox
11/03/2008 16:11 <REP> MSN
11/03/2008 16:11 <REP> MSN Gaming Zone
01/04/2008 18:57 <REP> MSN Messenger
14/05/2008 21:02 <REP> Nero
20/03/2008 22:01 <REP> NetMeeting
08/05/2008 01:02 <REP> No-IP
11/03/2008 22:50 <REP> NVD
20/03/2008 22:01 <REP> Outlook Express
21/04/2008 00:33 <REP> Photo-Brush
11/03/2008 22:45 <REP> PhotoDreamr
11/03/2008 19:45 <REP> PhotoFiltre Studio
14/05/2008 22:46 <REP> PhotoSEAM
24/04/2008 20:05 <REP> QuickTime
11/03/2008 16:11 <REP> Services en ligne
11/03/2008 23:01 <REP> TechSmith
12/05/2008 21:25 <REP> Trend Micro
13/04/2008 18:25 <REP> UberIcon
11/03/2008 19:16 <REP> Ulead Systems
01/05/2008 15:10 <REP> UnFREEz
03/05/2008 19:14 <REP> Valve
11/03/2008 22:34 <REP> WinASO
11/03/2008 17:50 <REP> Windows Live
20/03/2008 19:30 <REP> Windows Media Connect 2
20/03/2008 23:41 <REP> Windows Media Player
20/03/2008 22:01 <REP> Windows NT
20/03/2008 23:50 <REP> WinPcap
20/03/2008 19:36 <REP> WinRAR
11/03/2008 16:14 <REP> xerox
25/03/2008 00:23 <REP> Xilisoft
11/03/2008 22:37 <REP> Yahoo!
0 fichier(s) 0 octets
61 Rép(s) 30 238 658 560 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 6C2B-8EDE
Répertoire de C:\Program Files\fichiers communs
14/05/2008 21:02 <REP> .
14/05/2008 21:02 <REP> ..
11/03/2008 18:37 <REP> DESIGNER
22/03/2008 10:57 <REP> InstallShield
11/03/2008 18:37 <REP> Microsoft Shared
11/03/2008 16:12 <REP> MSSoap
11/03/2008 20:38 <REP> Nero
11/03/2008 16:03 <REP> ODBC
11/03/2008 16:12 <REP> Services
01/04/2008 17:10 <REP> snp325
11/03/2008 16:03 <REP> SpeechEngines
20/03/2008 22:01 <REP> System
07/05/2008 16:11 <REP> Thraex Software
11/03/2008 19:16 <REP> Ulead Systems
0 fichier(s) 0 octets
14 Rép(s) 30 238 658 560 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 6C2B-8EDE
Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders
11/03/2008 18:37 <REP> .
11/03/2008 18:37 <REP> ..
11/03/2008 18:37 <REP> 1033
11/03/2008 18:37 <REP> 1036
11/07/2003 10:15 1 292 872 MSONSEXT.DLL
03/06/1999 13:09 122 937 MSOWS409.DLL
07/03/2001 08:00 127 033 MSOWS40c.DLL
11/07/2003 02:25 80 448 PKMWS.DLL
4 fichier(s) 1 623 290 octets
4 Rép(s) 30 238 658 560 octets libres
c:\Documents and Settings\Admin\Application Data\atom new eggs\DUPETOOLBEND.exe
c:\Documents and Settings\Admin\Application Data\atom new eggs\hsapzfce.exe
c:\Documents and Settings\Admin\Application Data\atom new eggs\JUNKGLUEPINGBIB.exe
c:\Documents and Settings\Admin\Application Data\Kingston\SecureTraveler.exe
c:\Documents and Settings\Admin\Application Data\Microsoft\Installer\{7C4196CA-CA41-4F34-9C08-7724E7705D52}\ARPPRODUCTICON.exe
c:\Documents and Settings\Admin\Application Data\Microsoft\Installer\{7C4196CA-CA41-4F34-9C08-7724E7705D52}\NewShortcut1_7C4196CACA414F349C087724E7705D52.exe
c:\Documents and Settings\Admin\Application Data\Thinstall\Ad-Aware 2007\4000009100003i\aawservice.exe
c:\Documents and Settings\Admin\Bureau\Ares Galaxy 3.0 - BR (Portable).exe
c:\Documents and Settings\Admin\Bureau\DiagHelp\catchme.exe
c:\Documents and Settings\Admin\Bureau\DiagHelp\diff.exe
c:\Documents and Settings\Admin\Bureau\DiagHelp\dumphive.exe
c:\Documents and Settings\Admin\Bureau\DiagHelp\FilesInfoCmd.exe
c:\Documents and Settings\Admin\Bureau\DiagHelp\find2.exe
c:\Documents and Settings\Admin\Bureau\DiagHelp\Fport.exe
c:\Documents and Settings\Admin\Bureau\DiagHelp\grep.exe
c:\Documents and Settings\Admin\Bureau\DiagHelp\gzip.exe
c:\Documents and Settings\Admin\Bureau\DiagHelp\KProcCheck.exe
c:\Documents and Settings\Admin\Bureau\DiagHelp\LFiles.exe
c:\Documents and Settings\Admin\Bureau\DiagHelp\LISTDLLS.exe
c:\Documents and Settings\Admin\Bureau\DiagHelp\md5sums.exe
c:\Documents and Settings\Admin\Bureau\DiagHelp\pslist.exe
c:\Documents and Settings\Admin\Bureau\DiagHelp\sigcheck.exe
c:\Documents and Settings\Admin\Bureau\DiagHelp\streams.exe
c:\Documents and Settings\Admin\Bureau\DiagHelp\swreg.exe
c:\Documents and Settings\Admin\Bureau\DiagHelp\tar.exe
c:\Documents and Settings\Admin\Local Settings\Temp\aiw13172125.EXE
c:\Documents and Settings\Admin\Local Settings\Temp\aiw9863109.EXE
c:\Documents and Settings\Admin\Local Settings\Temp\aiw9886687.EXE
c:\Documents and Settings\Admin\Local Settings\Temp\upx.exe
c:\Documents and Settings\Admin\Local Settings\Temp\Rar$EX05.985\KAV.v.7.0.0.120.Portable\Kaspersky 7.0\wmias.exe
c:\Documents and Settings\Admin\Local Settings\Temp\Rar$EX05.985\KAV.v.7.0.0.120.Portable\Kaspersky 7.0\wmiav.exe
c:\Documents and Settings\Admin\Local Settings\Temp\Rar$EX05.985\KAV.v.7.0.0.120.Portable\Kaspersky 7.0\KLIFX86\drvins32.exe
c:\Documents and Settings\Invité\Local Settings\Temp\upx.exe
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll
c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
****** Fin du rapport DiagHelp
Veuillez svp envoyer le fichier C:\upload_moi_INTOUCHABLE.tar.gz a l'adresse
http://upload.malekal.com