désolé, voila
DiagHelp version v1.4 -
http://www.malekal.comexcute le 18/01/2008 à 21:25:15,53
Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
C:\WINDOWS\prefetch\CHCP.COM-18156052.pf -->18/01/2008 21:25:14
C:\WINDOWS\prefetch\EXPLORER.EXE-082F38A9.pf -->18/01/2008 21:25:03
C:\WINDOWS\prefetch\WUAUCLT.EXE-399A8E72.pf -->18/01/2008 21:24:34
C:\WINDOWS\prefetch\FIREFOX.EXE-28641590.pf -->18/01/2008 21:15:04
C:\WINDOWS\prefetch\FLASHGOT.EXE-2438BC43.pf -->18/01/2008 21:15:02
C:\WINDOWS\prefetch\HHUFAKTT.EXE-2DF89859.pf -->18/01/2008 21:14:22
C:\WINDOWS\prefetch\AVGARKT.EXE-2AC612CA.pf -->18/01/2008 21:14:22
C:\WINDOWS\prefetch\NTOSBOOT-B00DFAAD.pf -->18/01/2008 21:14:08
C:\WINDOWS\prefetch\MSNMSGR.EXE-366A1A81.pf -->18/01/2008 21:14:08
C:\WINDOWS\prefetch\WMPLAYER.EXE-18DDEFA5.pf -->18/01/2008 19:56:47
C:\WINDOWS\System32\drivers\fidbox.dat -->18/01/2008 21:22:18
C:\WINDOWS\System32\drivers\fidbox2.dat -->18/01/2008 21:13:12
C:\WINDOWS\System32\drivers\fidbox2.idx -->18/01/2008 20:12:06
C:\WINDOWS\System32\drivers\fidbox.idx -->18/01/2008 20:12:06
C:\WINDOWS\System32\drivers\klin.dat -->28/12/2007 15:06:18
C:\WINDOWS\System32\drivers\klif.sys -->28/12/2007 15:06:18
C:\WINDOWS\System32\drivers\klick.dat -->28/12/2007 15:06:18
C:\WINDOWS\System32\vsconfig.xml -->18/01/2008 21:13:18
C:\WINDOWS\System32\ikhcore.log -->18/01/2008 21:13:03
C:\WINDOWS\System32\zllictbl.dat -->18/01/2008 19:07:04
C:\WINDOWS\System32\wpa.dbl -->16/01/2008 22:58:58
C:\WINDOWS\System32\ntP2.trk -->12/01/2008 00:49:06
C:\WINDOWS\System32\lvcoinst.log -->04/01/2008 20:10:42
C:\WINDOWS\System32\BASSMOD.dll -->23/11/2007 04:11:53
C:\WINDOWS\System32\PerfStringBackup.INI -->28/10/2007 16:38:15
C:\WINDOWS\System32\perfh00C.dat -->28/10/2007 16:38:15
C:\WINDOWS\System32\perfh009.dat -->28/10/2007 16:38:15
C:\WINDOWS\System32\perfc00C.dat -->28/10/2007 16:38:15
C:\WINDOWS\System32\perfc009.dat -->28/10/2007 16:38:15
C:\WINDOWS\System32\CmdLineExt.dll -->27/10/2007 12:35:58
C:\WINDOWS\System32\FNTCACHE.DAT -->18/10/2007 21:23:52
C:\WINDOWS\System32\msvcp71.dll -->18/10/2007 18:08:17
C:\WINDOWS\System32\rmoc3260.dll -->18/10/2007 16:18:24
C:\WINDOWS\System32\pndx5032.dll -->18/10/2007 16:18:19
C:\WINDOWS\System32\pndx5016.dll -->18/10/2007 16:18:19
C:\WINDOWS\System32\pncrt.dll -->18/10/2007 16:18:19
C:\WINDOWS\System32\msvcr71.dll -->18/10/2007 16:18:19
C:\WINDOWS\System32\61xx.xml -->18/10/2007 13:43:07
C:\WINDOWS\System32\jupdate-1.5.0_12-b04.log -->17/10/2007 15:51:19
C:\WINDOWS\System32\LoopyMusic.wav -->17/10/2007 12:15:35
C:\WINDOWS\System32\BuzzingBee.wav -->17/10/2007 12:15:35
C:\WINDOWS\System32\nvapps.xml -->17/10/2007 12:15:27
C:\WINDOWS\WindowsUpdate.log -->18/01/2008 21:25:15
C:\WINDOWS\0.log -->18/01/2008 21:13:20
C:\WINDOWS\wiaservc.log -->18/01/2008 21:13:19
C:\WINDOWS\wiadebug.log -->18/01/2008 21:13:19
C:\WINDOWS\bootstat.dat -->18/01/2008 21:13:09
C:\WINDOWS\SchedLgU.Txt -->18/01/2008 20:12:03
C:\WINDOWS\system.ini -->18/01/2008 00:18:42
C:\WINDOWS\setupapi.log -->17/01/2008 22:07:27
C:\WINDOWS\winamp.ini -->17/01/2008 20:37:48
C:\WINDOWS\mozver.dat -->15/01/2008 20:50:29
C:\WINDOWS\win.ini -->15/01/2008 20:24:28
C:\WINDOWS\NeroDigital.ini -->25/11/2007 00:17:53
C:\WINDOWS\hpoins07.dat -->23/10/2007 21:04:54
C:\WINDOWS\ODBC.INI -->18/10/2007 13:54:06
C:\WINDOWS\Ascd_tmp.ini -->18/10/2007 13:18:55
winlogon.exe
Verified: Signed
svchost.exe
Verified: Signed
ws2_32.dll
Verified: Signed
user32.dll
Verified: Signed
tcpip.sys
Verified: Unsigned
ndis.sys
Verified: Signed
null.sys
Verified: Signed
ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals -
http://www.sysinternals.com------------------------------------------------------------------------------
explorer.exe pid: 1500
Command line: C:\WINDOWS\Explorer.EXE
Base Size Version Path
*** Loaded C:\WINDOWS\system32\kernel32.dll differs from file image:
*** File timestamp: Fri Aug 20 01:09:14 2004
*** Loaded image timestamp: Fri Aug 20 01:09:15 2004
*** Loaded C:\WINDOWS\system32\SHDOCVW.dll differs from file image:
*** File timestamp: Thu Mar 30 11:29:26 2006
*** Loaded image timestamp: Thu Mar 30 11:31:40 2006
0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x5a000000 0x1a000 3.06.0000.2080 C:\Program Files\Spyware Doctor\tools\swpg.dat
0x10000000 0x25000 6.00.0002.0621 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scrchpg.dll
0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x745e0000 0x2c6000 3.01.4000.2435 C:\WINDOWS\system32\msi.dll
0x02830000 0x1b8000 3.01.0000.0008 C:\Program Files\Fichiers communs\Nero\Lib\NeroDigitalExt.dll
0x781d0000 0x10f000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80.DLL
0x78130000 0x9b000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll
0x7c420000 0x87000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll
0x5d360000 0xf000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80FRA.DLL
0x41f00000 0x7000 1.00.0000.3845 C:\WINDOWS\system32\asfsipc.dll
0x60980000 0x7000 3.01.4000.1823 C:\WINDOWS\system32\MSISIP.DLL
0x74e10000 0x10000 5.06.0000.8820 C:\WINDOWS\system32\wshext.dll
0x73d20000 0xfe000 6.02.4131.0000 C:\WINDOWS\system32\MFC42.DLL
0x61d70000 0xe000 6.00.8665.0000 C:\WINDOWS\system32\MFC42LOC.DLL
0x59000000 0xe000 5.06.0000.6626 C:\WINDOWS\system32\wshFR.DLL
0x36d30000 0x19000 11.00.5510.0000 C:\PROGRA~1\MICROS~2\OFFICE11\MCPS.DLL
ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals -
http://www.sysinternals.com------------------------------------------------------------------------------
winlogon.exe pid: 800
Command line: winlogon.exe
Base Size Version Path
0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe
*** Loaded C:\WINDOWS\system32\kernel32.dll differs from file image:
*** File timestamp: Fri Aug 20 01:09:14 2004
*** Loaded image timestamp: Fri Aug 20 01:09:15 2004
0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x10000000 0x33000 6.00.0002.0621 C:\WINDOWS\system32\klogon.dll
0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
0x5a000000 0x1a000 3.06.0000.2080 C:\Program Files\Spyware Doctor\tools\swpg.dat
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est E024-22FA
Répertoire de C:\WINDOWS\system
10/09/1999 12:06 4 672 wowpost.exe
1 fichier(s) 4 672 octets
0 Rép(s) 150 107 308 032 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est E024-22FA
Répertoire de C:\WINDOWS\system32
19/08/2004 16:09 6 144 csrss.exe
1 fichier(s) 6 144 octets
0 Rép(s) 150 107 308 032 octets libres
Contenu de Downloaded Program Files
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est E024-22FA
Répertoire de C:\WINDOWS\Downloaded Program Files
17/01/2008 22:07 <REP> .
17/01/2008 22:07 <REP> ..
16/10/2007 15:23 65 desktop.ini
20/11/2007 16:04 1 523 536 FP_AX_CAB_INSTALLER.exe
08/08/2006 11:45 576 kavwebscan.inf
20/11/2007 15:50 247 swflash.inf
4 fichier(s) 1 524 424 octets
Total des fichiers listés :
4 fichier(s) 1 524 424 octets
2 Rép(s) 150 107 303 936 octets libres
Recherche de rootkit! (Merci S!Ri)
Recherche d'infections connues
Export des clefs sensibles..
Liste des fichiers en exception sur le pare-feu XP SP2
Export de la clef SharedTaskScheduler
[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
exports des policies
REGEDIT4
[system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
Export des clefs sensibles..
Rechercher adresses sensibles dans le fichier HOSTS...
catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-01-18 21:25:31
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden services & system hive ...
IPC error: 2 Le fichier spécifié est introuvable.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:82,92,de,ac,ed,11,a8,f9,30,5c,af,4b,7e,c3,9a,e5,11,e6,ca,71,7e,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,ba,1a,7c,b3,a3,ed,e5,3a,4e,cd,8a,29,0a,d5,05,b2,fc,..
"khjeh"=hex:e7,c7,e3,ad,84,d8,31,d9,09,8f,b4,22,5f,c7,c7,ad,f8,fd,7c,d5,6e,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:4d,87,0b,6f,8f,e3,7d,bc,8b,81,58,25,2b,c7,71,a7,e8,d8,bd,83,33,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:2d,a9,38,70,74,29,fd,1d,2e,d2,14,6e,7c,e8,80,70,c5,1c,98,3d,63,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:98,69,2c,b9,b3,42,2d,4d,4e,4d,c6,19,5f,67,00,93,71,eb,8a,b5,39,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:82,92,de,ac,ed,11,a8,f9,30,5c,af,4b,7e,c3,9a,e5,11,e6,ca,71,7e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,ba,1a,7c,b3,a3,ed,e5,3a,4e,cd,8a,29,0a,d5,05,b2,fc,..
"khjeh"=hex:e7,c7,e3,ad,84,d8,31,d9,09,8f,b4,22,5f,c7,c7,ad,f8,fd,7c,d5,6e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:4d,87,0b,6f,8f,e3,7d,bc,8b,81,58,25,2b,c7,71,a7,e8,d8,bd,83,33,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:2d,a9,38,70,74,29,fd,1d,2e,d2,14,6e,7c,e8,80,70,c5,1c,98,3d,63,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:98,69,2c,b9,b3,42,2d,4d,4e,4d,c6,19,5f,67,00,93,71,eb,8a,b5,39,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden services: 0
hidden files: 0
KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (
http://www.security.org.sg)
Process list by traversal of KiWaitListHead
4 - System
460 - cmd.exe
644 - csrss.exe
800 - winlogon.exe
844 - services.exe
856 - lsass.exe
1020 - svchost.exe
1188 - svchost.exe
1228 - svchost.exe
1320 - svchost.exe
1500 - explorer.exe
1644 - alg.exe
1856 - avp.exe
1896 - LVComSer.exe
1960 - avp.exe
1964 - nvsvc32.exe
2108 - svchost.exe
2228 - LVComSer.exe
3216 - firefox.exe
Total number of processes = 19
NOTE: Under WinXP, this will not show all processes.
KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (
http://www.security.org.sg)
Driver/Module list by traversal of PsLoadedModuleList
804D7000 - \WINDOWS\system32\ntkrnlpa.exe
806E2000 - \WINDOWS\system32\hal.dll
BADA8000 - \WINDOWS\system32\KDCOM.DLL
BACB8000 - \WINDOWS\system32\BOOTVID.dll
BA6BD000 - sptd.sys
BADAA000 - \WINDOWS\System32\Drivers\WMILIB.SYS
BA6A5000 - \WINDOWS\System32\Drivers\SCSIPORT.SYS
BA676000 - ACPI.sys
BA665000 - pci.sys
BA8A8000 - isapnp.sys
BADAC000 - avgarkt.sys
BAE70000 - pciide.sys
BAB28000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
BA8B8000 - MountMgr.sys
BA646000 - ftdisk.sys
BADAE000 - dmload.sys
BA620000 - dmio.sys
BAB30000 - PartMgr.sys
BA8C8000 - VolSnap.sys
BA608000 - atapi.sys
BA5D5000 - mv61xx.sys
BA8D8000 - disk.sys
BA8E8000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
BA5B6000 - fltMgr.sys
BA5A4000 - sr.sys
BA58D000 - KSecDD.sys
BA500000 - Ntfs.sys
BA4D3000 - NDIS.sys
BA4BF000 - srescan.sys
BA4A5000 - Mup.sys
BA489000 - kl1.sys
BAB38000 - \WINDOWS\system32\drivers\TDI.SYS
BA9B8000 - \SystemRoot\system32\DRIVERS\intelppm.sys
B9D4C000 - \SystemRoot\system32\DRIVERS\nv4_mini.sys
B9D38000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
BABA8000 - \SystemRoot\system32\DRIVERS\usbuhci.sys
B9D15000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS
BABB0000 - \SystemRoot\system32\DRIVERS\usbehci.sys
B9CF0000 - \SystemRoot\system32\DRIVERS\HDAudBus.sys
BA9C8000 - \SystemRoot\system32\DRIVERS\imapi.sys
BA9D8000 - \SystemRoot\system32\DRIVERS\cdrom.sys
BA9E8000 - \SystemRoot\system32\DRIVERS\redbook.sys
B9CCD000 - \SystemRoot\system32\DRIVERS\ks.sys
BA9F8000 - \SystemRoot\system32\DRIVERS\atl01_xp.sys
BABB8000 - \SystemRoot\system32\DRIVERS\fdc.sys
BADBA000 - \SystemRoot\system32\DRIVERS\ASACPI.sys
B9CBC000 - \SystemRoot\system32\DRIVERS\serial.sys
BA451000 - \SystemRoot\system32\DRIVERS\serenum.sys
BAA08000 - \SystemRoot\system32\DRIVERS\i8042prt.sys
BABC0000 - \SystemRoot\system32\DRIVERS\kbdclass.sys
B9C55000 - \SystemRoot\System32\Drivers\atx2yt2n.SYS
BAFB0000 - \SystemRoot\system32\DRIVERS\audstub.sys
BAA68000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys
BA41D000 - \SystemRoot\system32\DRIVERS\ndistapi.sys
B9C2C000 - \SystemRoot\system32\DRIVERS\ndiswan.sys
BAA78000 - \SystemRoot\system32\DRIVERS\raspppoe.sys
BAA88000 - \SystemRoot\system32\DRIVERS\raspptp.sys
B9BF3000 - \SystemRoot\system32\DRIVERS\psched.sys
BAA98000 - \SystemRoot\system32\DRIVERS\msgpc.sys
BAC20000 - \SystemRoot\system32\DRIVERS\ptilink.sys
BAC28000 - \SystemRoot\system32\DRIVERS\raspti.sys
B9BC2000 - \SystemRoot\system32\DRIVERS\rdpdr.sys
BAAA8000 - \SystemRoot\system32\DRIVERS\termdd.sys
BAC30000 - \SystemRoot\system32\DRIVERS\mouclass.sys
BADD4000 - \SystemRoot\system32\DRIVERS\swenum.sys
B9B8E000 - \SystemRoot\system32\DRIVERS\update.sys
BA405000 - \SystemRoot\system32\DRIVERS\mssmbios.sys
BAAB8000 - \SystemRoot\System32\Drivers\NDProxy.SYS
BAAC8000 - \SystemRoot\system32\DRIVERS\usbhub.sys
BADDE000 - \SystemRoot\system32\DRIVERS\USBD.SYS
B753B000 - \SystemRoot\system32\drivers\RtkHDAud.sys
B7519000 - \SystemRoot\system32\drivers\portcls.sys
BAAE8000 - \SystemRoot\system32\drivers\drmk.sys
BAC40000 - \SystemRoot\system32\DRIVERS\flpydisk.sys
BADE2000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS
BAF69000 - \SystemRoot\System32\Drivers\Null.SYS
BADE4000 - \SystemRoot\System32\Drivers\Beep.SYS
BAF6A000 - \SystemRoot\System32\DRIVERS\AvgArCln.sys
BAC50000 - \SystemRoot\System32\drivers\vga.sys
BADE6000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys
BAC58000 - \SystemRoot\System32\Drivers\Msfs.SYS
BAC60000 - \SystemRoot\System32\Drivers\Npfs.SYS
B9C08000 - \SystemRoot\system32\DRIVERS\rasacd.sys
B7456000 - \SystemRoot\system32\DRIVERS\ipsec.sys
B73FE000 - \SystemRoot\system32\DRIVERS\tcpip.sys
B73B5000 - \SystemRoot\system32\DRIVERS\ipnat.sys
B738D000 - \SystemRoot\system32\DRIVERS\netbt.sys
B732E000 - \SystemRoot\System32\vsdatant.sys
B730C000 - \SystemRoot\System32\drivers\afd.sys
BAB08000 - \SystemRoot\system32\DRIVERS\netbios.sys
BAC68000 - \??\C:\WINDOWS\system32\SAVRKBootTasks.sys
BAC70000 - \SystemRoot\system32\DRIVERS\usbccgp.sys
B9B76000 - \SystemRoot\system32\DRIVERS\hidusb.sys
BAB18000 - \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
BAC78000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
B72E1000 - \SystemRoot\system32\DRIVERS\rdbss.sys
B7272000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys
B7242000 - \??\C:\WINDOWS\system32\drivers\klif.sys
BA938000 - \??\C:\WINDOWS\system32\drivers\ikhlayer.sys
BAC80000 - \??\C:\WINDOWS\system32\drivers\ikhfile.sys
BA948000 - \SystemRoot\System32\Drivers\Fips.SYS
BA968000 - \SystemRoot\system32\drivers\LVUSBSta.sys
B750D000 - \SystemRoot\system32\DRIVERS\usbscan.sys
BAC90000 - \SystemRoot\system32\DRIVERS\usbprint.sys
BAC98000 - \SystemRoot\system32\DRIVERS\HPZius12.sys
B7505000 - \SystemRoot\system32\DRIVERS\mouhid.sys
BA978000 - \SystemRoot\system32\DRIVERS\HPZid412.sys
B7501000 - \SystemRoot\system32\DRIVERS\HPZipr12.sys
BAA28000 - \SystemRoot\System32\Drivers\Cdfs.SYS
B6F08000 - \SystemRoot\System32\Drivers\dump_atapi.sys
BAE2C000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS
BF800000 - \SystemRoot\System32\win32k.sys
B74DD000 - \SystemRoot\System32\drivers\Dxapi.sys
BACA8000 - \SystemRoot\System32\watchdog.sys
BF9C3000 - \SystemRoot\System32\drivers\dxg.sys
BAF30000 - \SystemRoot\System32\drivers\dxgthk.sys
BF9D5000 - \SystemRoot\System32\nv4_disp.dll
B6F80000 - \SystemRoot\system32\DRIVERS\wanarp.sys
B6B93000 - \SystemRoot\system32\DRIVERS\ndisuio.sys
B693C000 - \SystemRoot\System32\Drivers\Fastfat.SYS
B6A37000 - \SystemRoot\System32\Drivers\Aspi32.SYS
B670A000 - \SystemRoot\system32\DRIVERS\srv.sys
B6655000 - \SystemRoot\system32\drivers\wdmaud.sys
BA928000 - \SystemRoot\system32\drivers\sysaudio.sys
BAFCF000 - \??\C:\WINDOWS\TEMP\mc21.tmp
BADFC000 - \??\C:\Program Files\CyberLink\PowerDVD\000.fcl
B627F000 - \SystemRoot\System32\Drivers\HTTP.sys
B5FD5000 - \SystemRoot\system32\drivers\kmixer.sys
BAF38000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys
Total number of drivers = 129
Liste des programmes installes
Archiveur WinRAR
Attansic L1 Gigabit Ethernet Driver
AudioCatalyst
AVG Anti-Rootkit Free
Azureus
BSPlayer
Coffret de pilotes Logitech QuickCam
FairStars Audio Converter 1.55
Foxit Reader
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
J2SE Runtime Environment 5.0 Update 12
Kaspersky Anti-Virus 6.0
Kaspersky Anti-Virus 6.0
Kaspersky Online Scanner
Kingdia Video to AVI DIVX WMV DVD MOV ASF MPEG FLV Converter V1
Logitech QuickCam
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2005 Redistributable
Mise à jour de sécurité pour Windows XP (KB923689)
Mozilla Firefox (2.0.0.11)
MP3Producer
Navilog1 3.4.0
Nero 8 Lite 8.1.1.0
NVIDIA Drivers
PowerDVD
PowerDVD
RealPlayer
Realtek High Definition Audio Driver
RegSupreme Pro 1.4
Remove DivX Codec
Sophos Anti-Rootkit 1.3.1
Spyware Doctor 4.0
Teleport Pro
TOEIC Mastery version 1.2
VoipDiscount
WebFldrs XP
WellGet
Winamp (remove only)
WinAVI Video Converter
Window Washer
Windows Live Messenger
ZoneAlarm Pro
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est E024-22FA
Répertoire de C:\Program Files
15/01/2008 22:40 <REP> .
15/01/2008 22:40 <REP> ..
19/11/2007 23:08 <REP> ALA
13/01/2008 23:47 <REP> Avira GmbH
27/10/2007 00:09 <REP> Azureus
16/10/2007 15:21 <REP> ComPlus Applications
18/10/2007 18:09 <REP> CyberLink
21/10/2007 19:25 <REP> DAEMON Tools
22/11/2007 05:11 <REP> DivX
26/10/2007 23:16 <REP> Download Direct
21/11/2007 03:15 <REP> Electronic Arts
15/01/2008 00:24 <REP> Error Repair Professional
12/01/2008 00:53 <REP> FairStars Audio Converter
23/11/2007 01:30 <REP> Fichiers communs
22/11/2007 00:38 <REP> Foxit Software
13/01/2008 23:53 <REP> GRISOFT
26/10/2007 21:57 <REP> Intel
16/10/2007 15:25 <REP> Internet Explorer
17/10/2007 15:51 <REP> Java
17/10/2007 12:23 <REP> Kaspersky Lab
16/11/2007 01:54 <REP> Kingdia Software
04/01/2008 20:08 <REP> Logitech
18/10/2007 13:43 <REP> Marvell
16/10/2007 15:24 <REP> microsoft frontpage
18/10/2007 13:53 <REP> Microsoft Office
21/10/2007 19:28 <REP> Midway Home Entertainment
16/10/2007 15:22 <REP> Movie Maker
18/01/2008 21:15 <REP> Mozilla Firefox
12/01/2008 00:48 <REP> MP3Producer
16/10/2007 15:24 <REP> msn gaming zone
17/10/2007 15:56 <REP> MSN Messenger
15/01/2008 22:43 <REP> Navilog1
23/11/2007 01:31 <REP> Nero
16/10/2007 15:24 <REP> netmeeting
16/10/2007 15:22 <REP> Outlook Express
18/10/2007 16:18 <REP> Real
17/10/2007 12:08 <REP> Realtek
18/10/2007 13:43 <REP> RegSupreme Pro
16/10/2007 15:23 <REP> Services en ligne
14/01/2008 23:18 <REP> Sophos
02/01/2008 18:30 <REP> Spyware Doctor
13/01/2008 22:33 <REP> Teleport Pro
31/12/2007 19:33 <REP> VoipDiscount.com
17/10/2007 16:00 <REP> Webroot
17/10/2007 15:52 <REP> Webteh
26/10/2007 22:31 <REP> WellGet
13/01/2008 17:49 <REP> Winamp
21/11/2007 20:50 <REP> WinAVI Video Converter
16/10/2007 15:25 <REP> Windows Media Player
16/10/2007 15:24 <REP> Windows NT
27/10/2007 14:12 <REP> WinRAR
16/10/2007 15:24 <REP> xerox
12/01/2008 00:18 <REP> Xing
17/10/2007 12:32 <REP> Zone Labs
0 fichier(s) 0 octets
54 Rép(s) 150 107 103 232 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est E024-22FA
Répertoire de C:\Program Files\fichiers communs
23/11/2007 01:30 <REP> .
23/11/2007 01:30 <REP> ..
18/10/2007 13:53 <REP> DESIGNER
15/11/2007 00:54 <REP> InstallShield
17/10/2007 15:50 <REP> Java
04/01/2008 20:10 <REP> LogiShrd
21/10/2007 19:28 <REP> Microsoft Shared
16/10/2007 15:22 <REP> MSSoap
23/11/2007 01:31 <REP> Nero
16/10/2007 17:17 <REP> ODBC
18/10/2007 16:18 <REP> Real
16/10/2007 15:22 <REP> Services
16/10/2007 17:17 <REP> SpeechEngines
16/10/2007 15:22 <REP> System
17/10/2007 16:00 <REP> Webroot Shared
18/10/2007 16:18 <REP> xing shared
0 fichier(s) 0 octets
16 Rép(s) 150 107 103 232 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est E024-22FA
Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders
18/10/2007 13:53 <REP> .
18/10/2007 13:53 <REP> ..
18/10/2007 13:53 <REP> 1033
18/10/2007 13:53 <REP> 1036
11/07/2003 09:15 1 292 872 MSONSEXT.DLL
15/07/2003 05:52 35 896 MSOSV.DLL
03/06/1999 11:09 122 937 MSOWS409.DLL
07/03/2001 06:00 127 033 MSOWS40c.DLL
11/07/2003 01:25 80 448 PKMWS.DLL
5 fichier(s) 1 659 186 octets
4 Rép(s) 150 107 103 232 octets libres
Attention : C:\autorun.inf existe
c:\Documents and Settings\XP\Application Data\LimeWire\.NetworkShare\LimeWireWin4.16.2.exe
c:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\77grefef.default\FlashGot.exe
c:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\77grefef.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\maconfsetup.exe
c:\Documents and Settings\XP\Bureau\ComboFix.exe
c:\Documents and Settings\XP\Bureau\Flash_Disinfector.exe
c:\Documents and Settings\XP\Bureau\Navilog1.exe
c:\Documents and Settings\XP\Bureau\vundofix_vundofix_6.5.4_anglais_25107.exe
c:\Documents and Settings\XP\Bureau\WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
c:\Documents and Settings\XP\Bureau\DiagHelp\DiagHelp\catchme.exe
c:\Documents and Settings\XP\Bureau\DiagHelp\DiagHelp\diff.exe
c:\Documents and Settings\XP\Bureau\DiagHelp\DiagHelp\dumphive.exe
c:\Documents and Settings\XP\Bureau\DiagHelp\DiagHelp\FilesInfoCmd.exe
c:\Documents and Settings\XP\Bureau\DiagHelp\DiagHelp\find2.exe
c:\Documents and Settings\XP\Bureau\DiagHelp\DiagHelp\Fport.exe
c:\Documents and Settings\XP\Bureau\DiagHelp\DiagHelp\grep.exe
c:\Documents and Settings\XP\Bureau\DiagHelp\DiagHelp\gzip.exe
c:\Documents and Settings\XP\Bureau\DiagHelp\DiagHelp\KProcCheck.exe
c:\Documents and Settings\XP\Bureau\DiagHelp\DiagHelp\LFiles.exe
c:\Documents and Settings\XP\Bureau\DiagHelp\DiagHelp\LISTDLLS.exe
c:\Documents and Settings\XP\Bureau\DiagHelp\DiagHelp\md5sums.exe
c:\Documents and Settings\XP\Bureau\DiagHelp\DiagHelp\pslist.exe
c:\Documents and Settings\XP\Bureau\DiagHelp\DiagHelp\sigcheck.exe
c:\Documents and Settings\XP\Bureau\DiagHelp\DiagHelp\streams.exe
c:\Documents and Settings\XP\Bureau\DiagHelp\DiagHelp\swreg.exe
c:\Documents and Settings\XP\Bureau\DiagHelp\DiagHelp\tar.exe
c:\Documents and Settings\XP\Bureau\Error Repair Professional 3.7.7\erpsetup.exe
c:\Documents and Settings\XP\Mes documents\Nouveau dossier\HHHH.exe
c:\Documents and Settings\XP\Mes documents\Nouveau dossier\sarsfx.exe
c:\Documents and Settings\XP\Mes documents\Nouveau dossier\VirtualDub-1.7.7\auxsetup.exe
c:\Documents and Settings\XP\Mes documents\Nouveau dossier\VirtualDub-1.7.7\vdub.exe
c:\Documents and Settings\XP\Mes documents\Nouveau dossier\VirtualDub-1.7.7\VirtualDub.exe
c:\Documents and Settings\XP\Mes documents\Nouveau dossier\voip vers fixe gratuit\setupvoipdiscount.exe
c:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Bases\avcmhk4.dll
c:\Documents and Settings\All Users\Application Data\Logishrd\LQCVFX\Filters\MMSEF.dll
c:\Documents and Settings\All Users\Application Data\Logishrd\LQCVFX\Filters\VMSEF.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll
c:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\77grefef.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
****** Fin du rapport DiagHelp