j'ai fait le scan.
je suis bloqué à l'étape envoyer le fichier :
upload............il me dit que le fichier est invalide
diaghelp est bloqué : j'ai le message "appuyer sur une touche pour continuer" mais ça ne marche pas.
par contre voici le résultat :
DiagHelp version v1.4 -
http://www.malekal.comexcute le 2008-02-24 à 16:13:28.73
Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
C:\Windows\prefetch\DLLHOST.EXE-71214090.pf -->2008-02-24 16:13:28
C:\Windows\prefetch\CHCP.COM-950EAF32.pf -->2008-02-24 16:13:27
C:\Windows\prefetch\SEARCHFILTERHOST.EXE-AA7A1FDD.pf -->2008-02-24 16:13:08
C:\Windows\prefetch\SEARCHPROTOCOLHOST.EXE-AFAD3EF9.pf -->2008-02-24 16:13:05
C:\Windows\prefetch\AOLTBSERVER.EXE-2F1E4D28.pf -->2008-02-24 16:12:51
C:\Windows\prefetch\IEXPLORE.EXE-1B894AFB.pf -->2008-02-24 16:12:46
C:\Windows\prefetch\PRESENTATIONFONTCACHE.EXE-42767AE9.pf -->2008-02-24 16:12:36
C:\Windows\prefetch\NTOSBOOT-B00DFAAD.pf -->2008-02-24 16:12:36
C:\Windows\prefetch\MOBSYNC.EXE-D8BC6ED2.pf -->2008-02-24 16:12:36
C:\Windows\prefetch\HPQTOASTER.EXE-3B718527.pf -->2008-02-24 16:12:36
C:\Windows\System32\drivers\SYMEVENT.SYS -->2008-02-22 18:55:30
C:\Windows\System32\drivers\SYMEVENT.INF -->2008-02-22 18:55:30
C:\Windows\System32\drivers\SYMEVENT.CAT -->2008-02-22 18:55:30
C:\Windows\System32\drivers\Pcouffin.sys -->2008-02-17 09:21:41
C:\Windows\System32\drivers\wmiacpi.sys -->2008-02-16 17:35:28
C:\Windows\System32\drivers\compbatt.sys -->2008-02-16 17:35:28
C:\Windows\System32\drivers\acpi.sys -->2008-02-16 17:35:28
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -->2008-02-24 16:11:00
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -->2008-02-24 16:11:00
C:\Windows\System32\PerfStringBackup.INI -->2008-02-23 12:56:26
C:\Windows\System32\perfh00C.dat -->2008-02-23 12:56:26
C:\Windows\System32\perfh009.dat -->2008-02-23 12:56:26
C:\Windows\System32\perfc00C.dat -->2008-02-23 12:56:26
C:\Windows\System32\perfc009.dat -->2008-02-23 12:56:26
C:\Windows\System32\jupdate-1.5.0_11-b03.log -->2008-02-17 10:24:07
C:\Windows\System32\FNTCACHE.DAT -->2008-02-16 18:09:38
C:\Windows\System32\PhotoScreensaver.scr -->2008-02-16 17:35:30
C:\Windows\System32\wtsapi32.dll -->2008-02-16 17:35:28
C:\Windows\System32\win32k.sys -->2008-02-16 17:35:28
C:\Windows\System32\timedate.cpl -->2008-02-16 17:35:26
C:\Windows\System32\sysmain.dll -->2008-02-16 17:35:26
C:\Windows\System32\wlansvc.dll -->2008-02-16 17:35:24
C:\Windows\System32\wlansec.dll -->2008-02-16 17:35:24
C:\Windows\System32\wlanmsm.dll -->2008-02-16 17:35:24
C:\Windows\System32\wlanhlp.dll -->2008-02-16 17:35:24
C:\Windows\System32\wlanapi.dll -->2008-02-16 17:35:24
C:\Windows\System32\wlan.tmf -->2008-02-16 17:35:24
C:\Windows\System32\WebClnt.dll -->2008-02-16 17:35:00
C:\Windows\System32\wpd_ci.dll -->2008-02-16 17:33:21
C:\Windows\System32\umpnpmgr.dll -->2008-02-16 17:33:20
C:\Windows\System32\drvinst.exe -->2008-02-16 17:33:20
C:\Windows\System32\dpx.dll -->2008-02-16 17:33:20
C:\Windows\bootstat.dat -->2008-02-24 16:10:54
C:\Windows\WindowsUpdate.log -->2008-02-24 16:09:44
C:\Windows\system.ini -->2008-02-23 16:06:13
C:\Windows\PFRO.log -->2008-02-23 16:04:59
C:\Windows\setupact.log -->2008-02-23 12:53:25
C:\Windows\setuperr.log -->2008-02-23 12:53:24
C:\Windows\CDE DX7400DEFGIPS.ini -->2008-02-16 18:38:25
C:\Windows\explorer.exe -->2008-02-16 17:35:27
C:\Windows\CSUP.txt -->2007-11-21 07:11:17
C:\Windows\WindowsShell.Manifest -->2007-11-21 07:08:33
C:\Windows\UNNeroMediaHome.exe -->2007-06-27 19:05:02
C:\Windows\UNNeroVision.exe -->2007-06-26 14:12:02
C:\Windows\UNRecode.exe -->2007-04-23 16:42:50
C:\Windows\UNNeroBackItUp.exe -->2007-03-20 21:22:04
C:\Windows\UNNeroShowTime.exe -->2007-02-28 16:41:02
winlogon.exe
Verified: Signed
svchost.exe
Verified: Signed
ws2_32.dll
Verified: Signed
user32.dll
Verified: Signed
tcpip.sys
Verified: Signed
ndis.sys
Verified: Signed
null.sys
Verified: Signed
ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals -
http://www.sysinternals.com------------------------------------------------------------------------------
explorer.exe pid: 1704
Command line: C:\Windows\Explorer.EXE
Base Size Version Path
0x009f0000 0x2cd000 6.00.6000.16549 C:\Windows\Explorer.EXE
0x76f60000 0x11e000 6.00.6000.16386 C:\Windows\system32\ntdll.dll
0x75ae0000 0xd8000 6.00.6000.16386 C:\Windows\system32\kernel32.dll
0x75a20000 0xbf000 6.00.6000.16386 C:\Windows\system32\ADVAPI32.dll
0x76bf0000 0xc3000 6.00.6000.16525 C:\Windows\system32\RPCRT4.dll
0x76d50000 0x4b000 6.00.6000.16386 C:\Windows\system32\GDI32.dll
0x769d0000 0x9e000 6.00.6000.16438 C:\Windows\system32\USER32.dll
0x76b40000 0xaa000 7.00.6000.16386 C:\Windows\system32\msvcrt.dll
0x76820000 0x55000 6.00.6000.16386 C:\Windows\system32\SHLWAPI.dll
0x75bc0000 0xace000 6.00.6000.16513 C:\Windows\system32\SHELL32.dll
0x76880000 0x144000 6.00.6000.16386 C:\Windows\system32\ole32.dll
0x76ed0000 0x8c000 6.00.6000.16609 C:\Windows\system32\OLEAUT32.dll
0x72f10000 0x107000 6.00.6000.16386 C:\Windows\system32\SHDOCVW.dll
0x748c0000 0x3f000 6.00.6000.16386 C:\Windows\system32\UxTheme.dll
0x74b70000 0x1a000 6.00.6000.16386 C:\Windows\system32\POWRPROF.dll
0x73020000 0xc000 6.00.6000.20640 C:\Windows\system32\dwmapi.dll
0x74070000 0x1aa000 5.02.6000.16386 C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll
0x75160000 0x39000 6.00.6000.16509 C:\Windows\system32\slc.dll
0x73d70000 0xb7000 6.00.6000.16386 C:\Windows\system32\PROPSYS.dll
0x72c40000 0x145000 6.00.6000.16386 C:\Windows\system32\BROWSEUI.dll
0x77090000 0x1e000 6.00.6000.16386 C:\Windows\system32\IMM32.dll
0x75820000 0xc7000 6.00.6000.16386 C:\Windows\system32\MSCTF.dll
0x74890000 0x30000 6.00.6000.16386 C:\Windows\system32\DUser.dll
0x77080000 0x9000 6.00.6000.16386 C:\Windows\system32\LPK.DLL
0x77120000 0x7d000 1.626.6000.16386 C:\Windows\system32\USP10.dll
0x745c0000 0x194000 6.10.6000.16386 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll
0x73620000 0xb2000 6.00.6000.16493 C:\Windows\system32\WindowsCodecs.dll
0x72c20000 0x6000 6.00.6000.16386 C:\Windows\system32\IconCodecService.dll
0x756b0000 0x14000 6.00.6000.16386 C:\Windows\system32\Secur32.dll
0x76cc0000 0x84000 2001.12.6930.16386 C:\Windows\system32\CLBCatQ.DLL
0x74c40000 0x38000 6.00.6000.16386 C:\Windows\system32\rsaenh.dll
0x72520000 0xb2000 6.00.6000.16549 C:\Windows\system32\timedate.cpl
0x73ed0000 0x14000 3.05.2284.0000 C:\Windows\system32\ATL.DLL
0x75520000 0x6a000 6.00.6000.16386 C:\Windows\system32\NETAPI32.dll
0x75780000 0x7000 6.00.6000.16386 C:\Windows\system32\PSAPI.DLL
0x73f90000 0x38000 4.02.5406.0000 C:\Windows\system32\OLEACC.dll
0x72360000 0x53000 6.00.6000.16386 C:\Windows\system32\actxprxy.dll
0x756d0000 0x1e000 6.00.6000.16386 C:\Windows\system32\USERENV.dll
0x723c0000 0x2b000 6.00.6000.16386 C:\Windows\system32\msutb.dll
0x10000000 0x1b000 1.00.0000.0010 C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
0x725e0000 0x9b000 8.00.50727.0762 C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8\MSVCR80.dll
0x74d00000 0xd7000 6.00.6000.16386 C:\Windows\system32\WINBRAND.dll
0x73f30000 0x16000 6.00.6000.16386 C:\Windows\System32\shacct.dll
0x75300000 0x11000 6.00.6000.16386 C:\Windows\System32\SAMLIB.dll
0x75650000 0x2c000 6.00.6000.16386 C:\Windows\system32\apphelp.dll
0x71f60000 0x3c000 6.00.6000.16404 C:\Windows\System32\msshsq.dll
0x71dc0000 0xc5000 6.00.6000.16386 C:\Windows\System32\NaturalLanguage6.dll
0x751a0000 0xf1000 6.00.6000.16425 C:\Windows\System32\CRYPT32.dll
0x752e0000 0x12000 6.00.6000.16386 C:\Windows\System32\MSASN1.dll
0x743d0000 0x1e7000 6.00.6000.16513 C:\Windows\system32\authui.dll
0x74b60000 0x5000 6.00.6000.16386 C:\Windows\system32\MSIMG32.dll
0x72bc0000 0x9000 6.00.6000.16386 C:\Windows\system32\LINKINFO.dll
0x76da0000 0x127000 7.00.6000.16609 C:\Windows\system32\urlmon.dll
0x770d0000 0x45000 7.00.6000.16386 C:\Windows\system32\iertutil.dll
0x712d0000 0x5cd000 7.00.6000.16609 C:\Windows\system32\ieframe.dll
0x73fd0000 0x33000 6.00.6000.16386 C:\Windows\system32\WINMM.dll
0x73f00000 0x30000 6.00.6000.16386 C:\Windows\system32\wdmaud.drv
0x73f80000 0x4000 6.00.6000.16386 C:\Windows\system32\ksuser.dll
0x74a90000 0x7000 6.00.6000.16386 C:\Windows\system32\AVRT.dll
0x74860000 0x27000 6.00.6000.16386 C:\Windows\system32\MMDevAPI.DLL
0x74b90000 0x21000 6.00.6000.16386 C:\Windows\system32\NTMARTA.DLL
0x75920000 0x49000 6.00.6000.16386 C:\Windows\system32\WLDAP32.dll
0x758f0000 0x2d000 6.00.6000.16386 C:\Windows\system32\WS2_32.dll
0x770c0000 0x6000 6.00.6000.16386 C:\Windows\system32\NSI.dll
0x76690000 0x189000 6.00.6000.16609 C:\Windows\system32\SETUPAPI.dll
0x71eb0000 0x4a000 6.00.6000.16386 C:\Windows\system32\ntshrui.dll
0x749c0000 0x2d000 6.00.6000.16386 C:\Windows\system32\WINTRUST.dll
0x75970000 0x29000 6.00.6000.16470 C:\Windows\system32\imagehlp.dll
0x72280000 0xa000 6.00.6000.16386 C:\Windows\system32\cscapi.dll
0x72270000 0x9000 6.00.6000.16386 C:\Windows\system32\ExplorerFrame.dll
0x76a70000 0xcf000 7.00.6000.16609 C:\Windows\system32\WININET.dll
0x770b0000 0x3000 6.00.6000.16386 C:\Windows\system32\Normaliz.dll
0x73d10000 0x21000 6.00.6000.16386 C:\Windows\System32\audioses.dll
0x73720000 0x66000 6.00.6000.16386 C:\Windows\System32\audioeng.dll
0x74800000 0x9000 6.00.6000.16386 C:\Windows\system32\msacm32.drv
0x747e0000 0x15000 6.00.6000.16386 C:\Windows\system32\MSACM32.dll
0x74780000 0x7000 6.00.6000.16386 C:\Windows\system32\midimap.dll
0x73510000 0x7000 4.00.6000.16386 C:\Windows\system32\msiltcfg.dll
0x74f20000 0x8000 6.00.6000.16386 C:\Windows\system32\VERSION.dll
0x71fa0000 0x204000 4.00.6000.16386 C:\Windows\system32\msi.dll
0x718a0000 0x30000 6.00.6000.16386 C:\Windows\system32\MLANG.dll
0x710d0000 0x92000 6.00.6000.16386 C:\Windows\system32\stobject.dll
0x70cf0000 0xb6000 6.00.6000.16386 C:\Windows\system32\BatMeter.dll
0x74a80000 0x9000 6.00.6000.16553 C:\Windows\system32\WTSAPI32.dll
0x74bf0000 0x24000 6.00.6000.16386 C:\Windows\system32\WINSTA.dll
0x73b40000 0x45000 2001.12.6930.16386 C:\Windows\system32\es.dll
0x71250000 0x30000 6.00.6000.16386 C:\Windows\System32\SndVolSSO.dll
0x71220000 0x21000 6.00.6000.16386 C:\Windows\ehome\ehSSO.dll
0x73d60000 0x9000 6.00.6000.16386 C:\Windows\system32\HID.DLL
0x6fb80000 0x30b000 6.00.6000.16386 C:\Windows\System32\netshell.dll
0x750f0000 0x19000 6.00.6000.16386 C:\Windows\System32\IPHLPAPI.DLL
0x750b0000 0x35000 6.00.6000.16512 C:\Windows\System32\dhcpcsvc.DLL
0x75320000 0x2b000 6.00.6000.16386 C:\Windows\System32\DNSAPI.dll
0x750a0000 0x7000 6.00.6000.16386 C:\Windows\System32\WINNSI.DLL
0x75070000 0x20000 6.00.6000.16512 C:\Windows\System32\dhcpcsvc6.DLL
0x73ef0000 0xf000 6.00.6000.16386 C:\Windows\System32\nlaapi.dll
0x74aa0000 0x63000 6.00.6000.16501 C:\Windows\system32\FirewallAPI.dll
0x708d0000 0x1bf000 6.00.6000.16386 C:\Windows\system32\pnidui.dll
0x71290000 0x17000 6.00.6000.16386 C:\Windows\system32\QUtil.dll
0x75110000 0x3e000 6.00.6000.16386 C:\Windows\system32\wevtapi.dll
0x730c0000 0x6000 6.00.6000.16386 C:\Windows\system32\wlanutil.dll
0x708a0000 0x27000 6.00.6000.16386 C:\Windows\system32\FunDisc.dll
0x712c0000 0x9000 6.00.6000.16386 C:\Windows\system32\fdproxy.dll
0x70640000 0x126000 8.90.1101.0000 C:\Windows\System32\msxml3.dll
0x74830000 0x22000 1.01.1002.0000 C:\Windows\system32\xmllite.dll
0x6f660000 0x8000 6.00.6000.16386 C:\Windows\System32\npmproxy.dll
0x6dcd0000 0x28c000 6.00.6000.16386 C:\Windows\System32\NLSData000c.dll
0x6d0d0000 0x5f4000 6.00.6000.16386 C:\Windows\System32\NLSLexicons000c.dll
0x73f50000 0xe000 6.00.6000.20670 C:\Windows\system32\Wlanapi.dll
0x73550000 0x2d000 6.00.6000.16386 C:\Windows\system32\OneX.DLL
0x73540000 0xd000 6.00.6000.16386 C:\Windows\system32\eappprxy.dll
0x731e0000 0x28000 6.00.6000.16386 C:\Windows\system32\eappcfg.dll
0x74fd0000 0x44000 6.00.6000.16386 C:\Windows\system32\bcrypt.dll
0x70300000 0xd000 6.00.6000.16386 C:\Windows\System32\AltTab.dll
0x6ff70000 0x23000 6.00.6000.16386 C:\Windows\system32\wpdshserviceobj.dll
0x71f00000 0x5f000 6.00.6000.16386 C:\Windows\system32\WINHTTP.dll
0x6fea0000 0x40000 6.00.6000.16386 C:\Windows\System32\srchadmin.dll
0x6e230000 0x3c000 7.00.6000.16386 C:\Windows\system32\webcheck.dll
0x6d890000 0x21c000 6.00.6000.16386 C:\Windows\System32\SyncCenter.dll
0x6fee0000 0x39000 6.00.6000.16386 C:\Windows\system32\wscntfy.dll
0x70310000 0xb000 6.00.6000.16386 C:\Windows\system32\WSCAPI.dll
0x702d0000 0xb000 6.00.6000.16386 C:\Windows\system32\mssprxy.dll
0x6e130000 0xf9000 6.00.6000.16386 C:\Windows\system32\bthprops.cpl
0x6dc70000 0x51000 6.00.6000.16386 C:\Windows\system32\imapi2.dll
0x70fe0000 0x2c000 6.00.6000.16386 C:\Windows\System32\QAgent.dll
0x719f0000 0x8a000 6.00.6000.16386 C:\Windows\System32\fwpuclnt.dll
0x6e0b0000 0x2b000 6.00.6000.16386 C:\Windows\system32\PortableDeviceTypes.dll
0x6eff0000 0x46000 6.00.6000.16386 C:\Windows\system32\PortableDeviceApi.dll
0x75590000 0x5f000 6.00.6000.16386 C:\Windows\system32\SXS.DLL
0x752a0000 0x14000 6.00.6000.16386 C:\Windows\system32\MPR.dll
0x6cc00000 0x60000 6.00.6000.16386 C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
0x039f0000 0x10000 8.00.0000.0456 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
0x092d0000 0x185000 1.05.0000.0011 C:\PROGRA~1\SPYBOT~1\SDHelper.dll
0x759a0000 0x74000 6.00.6000.16386 C:\Windows\system32\comdlg32.dll
0x72500000 0x7000 6.00.6000.16386 C:\Windows\system32\wsock32.dll
0x6ed20000 0xdd000 6.00.6000.16386 C:\Windows\system32\wer.dll
0x71980000 0x6000 6.00.6000.16386 C:\Windows\system32\SensApi.dll
0x71b40000 0x26000 6.00.6000.16386 C:\Windows\system32\faultrep.dll
0x6ce90000 0x18000 6.00.6000.16386 C:\Windows\system32\olepro32.dll
0x735d0000 0xa000 7.00.6000.16609 C:\Windows\system32\jsproxy.dll
0x72680000 0x87000 8.00.50727.0762 C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8\MSVCP80.dll
0x6b160000 0x98000 107.00.0000.0102 c:\Program Files\Common Files\Symantec Shared\ccL70U.dll
0x6d7c0000 0x79000 6.00.0020.0006 C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
0x7c340000 0x56000 7.10.3052.0004 C:\Program Files\Java\jre1.6.0_02\bin\MSVCR71.dll
0x70ed0000 0x12000 6.00.6000.16386 C:\Windows\system32\thumbcache.dll
0x6ace0000 0x223000 6.00.6000.16386 C:\Windows\system32\NetworkExplorer.dll
0x749a0000 0x14000 6.00.6000.16386 C:\Windows\system32\Cabinet.dll
ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals -
http://www.sysinternals.com------------------------------------------------------------------------------
winlogon.exe pid: 752
Command line: winlogon.exe
Base Size Version Path
0x003b0000 0x4e000 6.00.6000.16386 C:\Windows\system32\winlogon.exe
0x76f60000 0x11e000 6.00.6000.16386 C:\Windows\system32\ntdll.dll
0x75ae0000 0xd8000 6.00.6000.16386 C:\Windows\system32\kernel32.dll
0x75a20000 0xbf000 6.00.6000.16386 C:\Windows\system32\ADVAPI32.dll
0x76bf0000 0xc3000 6.00.6000.16525 C:\Windows\system32\RPCRT4.dll
0x769d0000 0x9e000 6.00.6000.16438 C:\Windows\system32\USER32.dll
0x76d50000 0x4b000 6.00.6000.16386 C:\Windows\system32\GDI32.dll
0x76b40000 0xaa000 7.00.6000.16386 C:\Windows\system32\msvcrt.dll
0x756b0000 0x14000 6.00.6000.16386 C:\Windows\system32\Secur32.dll
0x74bf0000 0x24000 6.00.6000.16386 C:\Windows\system32\WINSTA.dll
0x75780000 0x7000 6.00.6000.16386 C:\Windows\system32\PSAPI.DLL
0x756d0000 0x1e000 6.00.6000.16386 C:\Windows\system32\USERENV.dll
0x77090000 0x1e000 6.00.6000.16386 C:\Windows\system32\IMM32.DLL
0x75820000 0xc7000 6.00.6000.16386 C:\Windows\system32\MSCTF.dll
0x77080000 0x9000 6.00.6000.16386 C:\Windows\system32\LPK.DLL
0x77120000 0x7d000 1.626.6000.16386 C:\Windows\system32\USP10.dll
0x75650000 0x2c000 6.00.6000.16386 C:\Windows\system32\apphelp.dll
0x74b90000 0x21000 6.00.6000.16386 C:\Windows\system32\NTMARTA.DLL
0x75920000 0x49000 6.00.6000.16386 C:\Windows\system32\WLDAP32.dll
0x758f0000 0x2d000 6.00.6000.16386 C:\Windows\system32\WS2_32.dll
0x770c0000 0x6000 6.00.6000.16386 C:\Windows\system32\NSI.dll
0x75300000 0x11000 6.00.6000.16386 C:\Windows\system32\SAMLIB.dll
0x76880000 0x144000 6.00.6000.16386 C:\Windows\system32\ole32.dll
0x736e0000 0x3e000 6.00.6000.16386 C:\Windows\system32\SHSVCS.dll
0x748c0000 0x3f000 6.00.6000.16386 C:\Windows\system32\uxtheme.dll
0x74c40000 0x38000 6.00.6000.16386 C:\Windows\system32\rsaenh.dll
0x73620000 0xb2000 6.00.6000.16493 C:\Windows\system32\WindowsCodecs.dll
0x75520000 0x6a000 6.00.6000.16386 C:\Windows\system32\NETAPI32.dll
0x75160000 0x39000 6.00.6000.16509 C:\Windows\system32\slc.dll
0x752a0000 0x14000 6.00.6000.16386 C:\Windows\system32\MPR.dll
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 0CA1-69CF
Répertoire de C:\Windows\system32
2006-11-02 10:45 7,680 csrss.exe
1 fichier(s) 7,680 octets
0 Rép(s) 81,888,661,504 octets libres
Contenu de Downloaded Program Files
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 0CA1-69CF
Répertoire de C:\Windows\Downloaded Program Files
2008-02-16 18:52 <REP> .
2008-02-16 18:52 <REP> ..
2007-01-24 02:41 841,304 ampAx3.0.84.2.dll
2006-09-18 22:26 65 desktop.ini
2002-07-25 17:13 24,576 dwusplay.dll
2002-07-25 17:13 196,608 dwusplay.exe
2007-11-21 07:10 2,681 install.log
2002-07-25 17:05 172,032 isusweb.dll
2007-11-21 07:10 38,428 unagiuninst.exe
7 fichier(s) 1,275,694 octets
Total des fichiers listés :
7 fichier(s) 1,275,694 octets
2 Rép(s) 81,888,661,504 octets libres
Recherche de rootkit! (Merci S!Ri)
Recherche d'infections connues
Export des clefs sensibles..
Liste des fichiers en exception sur le pare-feu XP SP2
Export de la clef SharedTaskScheduler
[SharedTaskScheduler]
exports des policies
REGEDIT4
[System]
"ConsentPromptBehaviorAdmin"=dword:00000002
"ConsentPromptBehaviorUser"=dword:00000001
"EnableInstallerDetection"=dword:00000001
"EnableLUA"=dword:00000000
"EnableSecureUIAPaths"=dword:00000001
"EnableVirtualization"=dword:00000001
"PromptOnSecureDesktop"=dword:00000001
"ValidateAdminCodeSignatures"=dword:00000000
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"scforceoption"=dword:00000000
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"FilterAdministratorToken"=dword:00000000
[System\UIPI]
[System\UIPI\Clipboard]
[System\UIPI\Clipboard\ExceptionFormats]
"CF_TEXT"=dword:00000001
"CF_BITMAP"=dword:00000002
"CF_OEMTEXT"=dword:00000007
"CF_DIB"=dword:00000008
"CF_PALETTE"=dword:00000009
"CF_UNICODETEXT"=dword:0000000d
"CF_DIBV5"=dword:00000011
Export des clefs sensibles..
Rechercher adresses sensibles dans le fichier HOSTS...
127.0.0.1
http://www.activexupdate.com127.0.0.1 activexupdate.com
127.0.0.1
http://www.avpcheckupdate.com127.0.0.1 avpcheckupdate.com
127.0.0.1 client.exeupdate.com
127.0.0.1
http://www.eupdatepage.com127.0.0.1 eupdatepage.com
127.0.0.1
http://www.exeupdate.com127.0.0.1 exeupdate.com
127.0.0.1 hotwinupdates.com
127.0.0.1
http://www.hotwinupdates.com127.0.0.1
http://www.lavasoftupdate.com127.0.0.1 lavasoftupdate.com
127.0.0.1
http://www.malwarewipeupdate.com127.0.0.1 malwarewipeupdate.com
127.0.0.1
http://www.msupdate.net127.0.0.1 msupdate.net
127.0.0.1
http://www.msupdater.net127.0.0.1 msupdater.net
127.0.0.1 necessaryupdates.com
127.0.0.1
http://www.necessaryupdates.com127.0.0.1 newupdates.lzio.com
127.0.0.1 redirect.msupdate.net
127.0.0.1 search.keyword.exeupdate.com
127.0.0.1
http://www.securityupdatesite.com127.0.0.1 securityupdatesite.com
127.0.0.1 settings.updatemysettings.com
127.0.0.1
http://www.spyaxeupdate.com127.0.0.1 spyaxeupdate.com
127.0.0.1
http://www.spyfalconupdate.com127.0.0.1 spyfalconupdate.com
127.0.0.1
http://www.systemupdates.net127.0.0.1 systemupdates.net
127.0.0.1 trial.updates.winsoftware.com
127.0.0.1 update.680180.net
127.0.0.1
http://www.updatemysettings.com127.0.0.1 updatemysettings.com
127.0.0.1 updates.spywarequake.com
127.0.0.1
http://www.urgentsystemupdate.biz127.0.0.1 urgentsystemupdate.biz
127.0.0.1
http://www.urgentsystemupdate.com127.0.0.1 urgentsystemupdate.com
127.0.0.1 windupdates.com
127.0.0.1
http://www.pandaantivirus-2007.com127.0.0.1 pandaantivirus-2007.com
127.0.0.1
http://www.pandadownload-now.com127.0.0.1 pandadownload-now.com
127.0.0.1
http://www.panda-hq.com127.0.0.1 panda-hq.com
catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-02-24 16:13:47
Windows 6.0.6000 NTFS
scanning hidden services & system hive ...
IPC error: 2 Le fichier spécifié est introuvable.
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden services: 0
hidden files: 0
KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (
http://www.security.org.sg)
Sorry, this version supports only Win2K/XP
KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (
http://www.security.org.sg)
Sorry, this version supports only Win2K/XP
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 0CA1-69CF
Répertoire de C:\Program Files
2008-02-24 15:21 <REP> .
2008-02-24 15:21 <REP> ..
2008-02-16 18:47 <REP> ABBYY FineReader 6.0 Sprint
2007-11-21 07:48 <REP> Activation Assistant for the 2007 Microsoft Office suites
2008-02-22 19:18 <REP> Adobe
2007-11-21 07:11 <REP> AIM6
2008-02-16 16:51 <REP> AOL
2008-01-14 23:54 <REP> Apoint2K
2008-01-14 23:52 <REP> Atheros
2008-02-23 10:34 <REP> Azureus
2008-02-18 18:24 <REP> CCleaner
2008-02-23 10:34 <REP> Common Files
2008-01-14 23:59 <REP> CONEXANT
2008-01-15 00:11 <REP> CyberLink
2008-02-16 22:46 <REP> DVD Shrink
2008-02-16 16:49 <REP> Electronic Arts
2008-02-16 19:32 <REP> eMule
2008-02-16 18:49 <REP> epson
2008-01-15 00:07 <REP> Hewlett-Packard
2008-01-15 00:05 <REP> Hp
2008-01-15 00:14 <REP> HP Games
2008-01-15 00:07 <REP> HPQ
2008-01-14 23:57 <REP> Intel
2008-02-16 18:07 <REP> Internet Explorer
2008-02-17 10:24 <REP> Java
2008-02-16 22:16 <REP> K-Lite Codec Pack
2006-11-02 13:37 <REP> Microsoft Games
2007-11-21 07:46 <REP> Microsoft Office
2007-11-21 07:47 <REP> Microsoft Works
2007-11-21 07:46 <REP> Microsoft.NET
2007-11-21 14:44 <REP> Movie Maker
2006-11-02 13:37 <REP> MSBuild
2006-11-02 13:37 <REP> MSN
2008-02-16 17:25 <REP> MSXML 4.0
2007-11-21 07:34 <REP> muvee Technologies
2008-02-17 21:25 <REP> Nero
2008-01-14 23:56 <REP> NetWaiting
2008-02-22 19:06 <REP> Norton Internet Security
2008-02-17 09:16 <REP> Online Services
2008-01-14 23:54 <REP> Realtek
2006-11-02 13:37 <REP> Reference Assemblies
2008-02-24 15:21 <REP> Spybot - Search & Destroy
2008-02-22 18:55 <REP> Symantec
2008-02-23 11:18 <REP> Trend Micro
2008-02-16 22:26 <REP> VideoLAN
2007-11-21 07:11 <REP> Viewpoint
2008-02-17 09:20 <REP> VSO
2007-11-21 07:04 <REP> Windows Calendar
2007-11-21 14:44 <REP> Windows Collaboration
2007-11-21 07:04 <REP> Windows Defender
2007-11-21 14:44 <REP> Windows Journal
2008-02-16 18:07 <REP> Windows Mail
2008-02-16 18:07 <REP> Windows Media Player
2008-02-16 16:37 <REP> Windows NT
2007-11-21 14:44 <REP> Windows Photo Gallery
2008-02-16 18:07 <REP> Windows Sidebar
2008-02-16 21:06 <REP> WinRAR
2008-02-18 18:24 <REP> Yahoo!
0 fichier(s) 0 octets
58 Rép(s) 81,882,931,200 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 0CA1-69CF
Répertoire de C:\Program Files\fichiers communs
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 0CA1-69CF
Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders
2007-11-21 07:46 <REP> .
2007-11-21 07:46 <REP> ..
2007-11-21 07:44 <REP> 1036
2006-10-26 20:12 40,256 MSOSV.DLL
1 fichier(s) 40,256 octets
3 Rép(s) 81,882,931,200 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 0CA1-69CF
Répertoire de C:\Program Files\common files
2008-02-23 10:34 <REP> .
2008-02-23 10:34 <REP> ..
2008-02-22 19:18 <REP> Adobe
2008-02-17 21:27 <REP> Ahead
2007-11-21 07:10 <REP> AOL
2007-11-21 07:46 <REP> DESIGNER
2008-02-16 18:52 <REP> InstallShield
2007-11-21 08:13 <REP> Java
2007-11-21 07:47 <REP> microsoft shared
2007-11-21 07:34 <REP> muvee Technologies
2006-11-02 12:18 <REP> Services
2006-11-02 12:18 <REP> SpeechEngines
2008-02-22 19:06 <REP> Symantec Shared
2007-11-21 07:04 <REP> System
0 fichier(s) 0 octets
14 Rép(s) 81,882,931,200 octets libres
****** Fin du rapport DiagHelp
Veuillez svp envoyer le fichier C:\upload_moi_PC-de-david.tar.gz a l'adresse
http://upload.malekal.com