yop,
punaise, il est long ce log... voici l'histoire :
------------
DiagHelp version v1.4 -
http://www.malekal.comexcute le 14.01.2008 22:35:42.78
Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
C:\WINDOWS\prefetch\CHCP.COM-18156052.pf -->14.01.2008 22:35:36
C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf -->14.01.2008 22:35:34
C:\WINDOWS\prefetch\EXPLORER.EXE-082F38A9.pf -->14.01.2008 22:35:00
C:\WINDOWS\prefetch\VERCLSID.EXE-3667BD89.pf -->14.01.2008 22:33:58
C:\WINDOWS\prefetch\DEVLDR32.EXE-2CF621DF.pf -->14.01.2008 22:33:16
C:\WINDOWS\prefetch\HPRBLOG.EXE-338DD722.pf -->14.01.2008 22:29:02
C:\WINDOWS\prefetch\RUNDLL32.EXE-377CD6D8.pf -->14.01.2008 22:25:48
C:\WINDOWS\prefetch\RUNDLL32.EXE-290419AF.pf -->14.01.2008 22:25:36
C:\WINDOWS\prefetch\RUNDLL32.EXE-1529F0CC.pf -->14.01.2008 22:25:33
C:\WINDOWS\prefetch\WMIPRVSE.EXE-28F301A9.pf -->14.01.2008 22:24:13
C:\WINDOWS\System32\drivers\secdrv.sys -->13.11.2007 11:25:54
C:\WINDOWS\System32\drivers\tcpip.sys -->30.10.2007 18:20:55
C:\WINDOWS\System32\drivers\avipbb.sys -->13.10.2007 17:45:11
C:\WINDOWS\System32\drivers\oobctm.sys -->28.06.2007 20:20:42
C:\WINDOWS\System32\drivers\update.sys -->23.04.2007 11:32:54
C:\WINDOWS\System32\drivers\ssmdrv.sys -->01.03.2007 09:34:36
C:\WINDOWS\System32\drivers\avgntdd.sys -->27.02.2007 14:18:30
C:\WINDOWS\System32\oodbs.lor -->14.01.2008 22:16:38
C:\WINDOWS\System32\wpa.dbl -->14.01.2008 21:59:06
C:\WINDOWS\System32\tmp.txt -->14.01.2008 21:11:10
C:\WINDOWS\System32\tmp.reg -->14.01.2008 21:11:10
C:\WINDOWS\System32\PerfStringBackup.INI -->11.01.2008 11:59:10
C:\WINDOWS\System32\perfh00C.dat -->11.01.2008 11:59:10
C:\WINDOWS\System32\perfh009.dat -->11.01.2008 11:59:10
C:\WINDOWS\System32\perfc00C.dat -->11.01.2008 11:59:10
C:\WINDOWS\System32\perfc009.dat -->11.01.2008 11:59:10
C:\WINDOWS\System32\MRT.exe -->02.01.2008 10:21:38
C:\WINDOWS\System32\TZLog.log -->12.12.2007 19:33:13
C:\WINDOWS\System32\FNTCACHE.DAT -->16.11.2007 10:07:21
C:\WINDOWS\System32\CONFIG.NT -->15.11.2007 13:15:13
C:\WINDOWS\System32\tzchange.exe -->13.11.2007 12:31:11
C:\WINDOWS\System32\lsasrv.dll -->07.11.2007 10:28:31
C:\WINDOWS\System32\quartz.dll -->29.10.2007 23:43:32
C:\WINDOWS\System32\xpsp3res.dll -->29.10.2007 16:35:14
C:\WINDOWS\System32\shell32.dll -->25.10.2007 17:56:24
C:\WINDOWS\System32\wmasf.dll -->20.10.2007 06:01:32
C:\WINDOWS\System32\tmpC2D04.FOT -->18.10.2007 12:55:18
C:\WINDOWS\System32\shlwapi.dll -->11.10.2007 07:13:41
C:\WINDOWS\System32\shdocvw.dll -->11.10.2007 07:13:40
C:\WINDOWS\System32\danim.dll -->11.10.2007 07:13:38
C:\WINDOWS\System32\cdfview.dll -->11.10.2007 07:13:38
C:\WINDOWS\System32\browseui.dll -->11.10.2007 07:13:38
C:\WINDOWS\pfirewall.log -->14.01.2008 22:35:35
C:\WINDOWS\spupdsvc.log -->14.01.2008 22:17:08
C:\WINDOWS\wiadebug.log -->14.01.2008 22:17:04
C:\WINDOWS\WindowsUpdate.log -->14.01.2008 22:17:03
C:\WINDOWS\wiaservc.log -->14.01.2008 22:17:02
C:\WINDOWS\0.log -->14.01.2008 22:17:02
C:\WINDOWS\bootstat.dat -->14.01.2008 22:16:45
C:\WINDOWS\SchedLgU.Txt -->14.01.2008 22:15:47
C:\WINDOWS\ie7_main.log -->14.01.2008 22:03:48
C:\WINDOWS\setupapi.log -->14.01.2008 22:00:12
C:\WINDOWS\tsoc.log -->14.01.2008 22:00:11
C:\WINDOWS\ocmsn.log -->14.01.2008 22:00:11
C:\WINDOWS\ntdtcsetup.log -->14.01.2008 22:00:11
C:\WINDOWS\imsins.log -->14.01.2008 22:00:11
C:\WINDOWS\iis6.log -->14.01.2008 22:00:11
winlogon.exe
Verified: Signed
svchost.exe
Verified: Signed
ws2_32.dll
Verified: Signed
user32.dll
Verified: Signed
tcpip.sys
Verified: Signed
ndis.sys
Verified: Signed
null.sys
Verified: Signed
ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals -
http://www.sysinternals.com------------------------------------------------------------------------------
explorer.exe pid: 1540
Command line: C:\WINDOWS\Explorer.EXE
Base Size Version Path
0x771b0000 0xce000 7.00.5730.0011 C:\WINDOWS\system32\WININET.dll
0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x5dca0000 0x45000 7.00.5730.0011 C:\WINDOWS\system32\iertutil.dll
0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll
0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x61410000 0x124000 7.00.5730.0011 C:\WINDOWS\system32\urlmon.dll
0x012b0000 0x5c9000 7.00.5730.0011 C:\WINDOWS\system32\ieframe.dll
0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x74b30000 0x3b000 7.00.5730.0011 C:\WINDOWS\system32\webcheck.dll
0x7d200000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll
0x10000000 0xe000 4.00.0000.0026 D:\PROGRAMMES UTILITAIRES\VNC4\wm_hooks.dll
0x02bd0000 0x1b9000 2.00.0000.0008 C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll
0x7c140000 0x103000 7.10.3077.0000 C:\Program Files\Fichiers communs\Ahead\Lib\MFC71.DLL
0x7c340000 0x56000 7.10.3052.0004 C:\Program Files\Fichiers communs\Ahead\Lib\MSVCR71.dll
0x7c3a0000 0x7b000 7.10.3077.0000 C:\Program Files\Fichiers communs\Ahead\Lib\MSVCP71.dll
0x02e90000 0x11a000 1.05.0000.0008 D:\PROGRA~1\SPYBOT~1\SDHelper.dll
0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
0x00d90000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x5a500000 0x4e000 8.01.0178.0000 C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll
0x78130000 0x9b000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll
0x5b660000 0xd000 6.00.3800.2180 C:\WINDOWS\System32\twext.dll
0x086d0000 0x247000 10.00.0000.4054 C:\WINDOWS\system32\wmvcore.dll
0x070d0000 0x3b000 10.00.0000.4060 C:\WINDOWS\system32\WMASF.DLL
0x03b90000 0x63000 1.03.0012.0001 C:\Program Files\Sony Ericsson\Mobile2\File Manager\fmgrgui.dll
0x03480000 0x28000 1.03.0004.0000 C:\Program Files\Sony Ericsson\Mobile2\File Manager\fmgrguil.dll
0x03d00000 0x27d000 4.00.0011.0021 D:\PROGRAMMES UTILITAIRES\R-Wipe&Clean\RWipe.dll
0x01960000 0x11000 7.00.0000.0010 D:\AntiVir PersonalEdition Classic\shlext.dll
0x03f80000 0x102000 7.10.3077.0000 D:\AntiVir PersonalEdition Classic\MFC71U.DLL
0x04090000 0x87000 10.00.0002.3363 D:\PROGRA~1\OOSOFT~1\OODEFR~1\oodsh.dll
0x03510000 0x4b000 10.00.0012.1681 D:\PROGRA~1\OOSOFT~1\OODEFR~1\OODSHRS.DLL
ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals -
http://www.sysinternals.com------------------------------------------------------------------------------
winlogon.exe pid: 432
Command line: winlogon.exe
Base Size Version Path
0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe
0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll
0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x10000000 0x10000 6.14.0010.4118 C:\WINDOWS\system32\Ati2evxx.dll
0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
Le volume dans le lecteur C n'a pas de nom.
Le numro de srie du volume est 000A-25A3
Rpertoire de C:\WINDOWS\system
16.06.1995 02:03 4'160 QTNOTIFY.EXE
1 fichier(s) 4'160 octets
0 Rp(s) 8'196'055'040 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numro de srie du volume est 000A-25A3
Rpertoire de C:\WINDOWS\system32
20.08.2004 00:09 6'144 csrss.exe
1 fichier(s) 6'144 octets
0 Rp(s) 8'196'055'040 octets libres
Contenu de Downloaded Program Files
Le volume dans le lecteur C n'a pas de nom.
Le numro de srie du volume est 000A-25A3
Rpertoire de C:\WINDOWS\Downloaded Program Files
14.01.2008 12:36 <REP> .
14.01.2008 12:36 <REP> ..
20.01.2005 13:53 171 ampx.inf
25.08.2004 22:49 65 desktop.ini
16.03.2004 19:13 365 f3initialsetup1.0.0.8.inf
04.06.2004 09:44 740 jinstall-1_4_2_05.inf
31.05.2002 08:20 117'328 PURfr-ch.dll
09.11.2006 14:36 5'019 swflash.inf
26.05.2005 03:19 291 wuweb.inf
7 fichier(s) 123'979 octets
Total des fichiers lists:
7 fichier(s) 123'979 octets
2 Rp(s) 8'196'050'944 octets libres
Recherche de rootkit! (Merci S!Ri)
Recherche d'infections connues
Export des clefs sensibles..
Liste des fichiers en exception sur le pare-feu XP SP2
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\multimdia\\Real\\realplay.exe"="D:\\multimdia\\Real\\realplay.exe:*:Enabled:RealOne Player"
"D:\\PROGRAMMES UTILITAIRES\\VNC4\\winvnc4.exe"="D:\\PROGRAMMES UTILITAIRES\\VNC4\\winvnc4.exe:*:Enabled:VNC Server Free Edition for Win32"
"D:\\StubInstaller.exe"="D:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"D:\\multimdia\\limewire\\LimeWire.exe"="D:\\multimdia\\limewire\\LimeWire.exe:*:Enabled:LimeWire"
"D:\\Programmes bureau\\office\\Office\\1036\\WFXMSRVR.EXE"="D:\\Programmes bureau\\office\\Office\\1036\\WFXMSRVR.EXE:*:Disabled:WFXMSRVR"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"D:\\Internet\\Firefox\\firefox.exe"="D:\\Internet\\Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"E:\\setup\\HPZNUI01.EXE"="E:\\setup\\HPZNUI01.EXE:*:Enabled:hpznui01.exe"
"D:\\materiel\\imprimante HP\\Digital Imaging\\bin\\hpqtra08.exe"="D:\\materiel\\imprimante HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"D:\\materiel\\imprimante HP\\Digital Imaging\\bin\\hpqste08.exe"="D:\\materiel\\imprimante HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"D:\\materiel\\imprimante HP\\Digital Imaging\\bin\\hpofxm08.exe"="D:\\materiel\\imprimante HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"D:\\materiel\\imprimante HP\\Digital Imaging\\bin\\hposfx08.exe"="D:\\materiel\\imprimante HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"D:\\materiel\\imprimante HP\\Digital Imaging\\bin\\hposid01.exe"="D:\\materiel\\imprimante HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"D:\\materiel\\imprimante HP\\Digital Imaging\\bin\\hpqscnvw.exe"="D:\\materiel\\imprimante HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"D:\\materiel\\imprimante HP\\Digital Imaging\\bin\\hpqkygrp.exe"="D:\\materiel\\imprimante HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"D:\\materiel\\imprimante HP\\Digital Imaging\\bin\\hpzwiz01.exe"="D:\\materiel\\imprimante HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"D:\\materiel\\imprimante HP\\Digital Imaging\\bin\\hpoews01.exe"="D:\\materiel\\imprimante HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"D:\\materiel\\imprimante HP\\Digital Imaging\\bin\\hpqnrs08.exe"="D:\\materiel\\imprimante HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Export de la clef SharedTaskScheduler
[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pr-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Dmon de cache des catgories de composant"
exports des policies
REGEDIT4
[system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
Export des clefs sensibles..
Rechercher adresses sensibles dans le fichier HOSTS...
catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-01-14 22:36:27
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060a550a6]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001060a550a6]
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]
"OODEFRAG06.00.00.01WORKSTATION"="184DE0706A374ADE5A8D4D6AED3DC8D60E316B06FE13065EC3876394408FB6A95F6B821126AA78CCF244BF01CF669BC39FD3D9A7F9828ECF135001857A7E4B1C884F1026D06FD7B6620759C2C2A4DED84FD5FDB50C1C4D82FE23DBB49D4A075DEE0705E46AA4A9F9374E4DBBC6925C57FA3CE12F561BB4BA583276B50C68A85671947C95B61F13460108F108A103C1D30504B528BFEA9A1470A7F9B1ED83CFC7736AB817BEE41E1F54183F5A5C79A237521C4B46712E3D7A9D1F32642DF90144DD739D59CE32385B4AD2D5F945AE753DCC651AC5FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C9DB7CE019D40AA5CA6171C11EC38DE3DA9C6AECB7A5D1407FEBC9E127BECC74CA1A87E46ACAD8C8F0D859470279F9B8A2C76E9AFFB9777C9856BAC0FBBA498849977699272013D30FD791D74C72343EF8F0D5C46B31794D32F537DD44CAE21EB1183E0E492F9E62999D2C4B66094128B4DA3A261DE4421234E1226F985E523616DC02C8F3C258039450158EDF48ED6906A49343B6DE7657FA972E7DC6EDE0060D656F3342587A2312BAA0AA10A2186C5323DED60D53D4DC44CF266318A243DF9B89FC44B85930CF7B6A76F2F294EB407B2760CB495F3686405C6ABFB68AF0455C3AB91211AB51E09998285C6E08D9E42BD9FB36CA7B06BE06852221995F4212AEB3F2F55234B5F70C9FD296D424A237C68136D11118B2DD3CCB19BB728D884C66950D6DA662679D1008D9C7CE2E243CB8EE4A2815890AA694C34CA5A36B2C48BB78CA579AC0DBAE23ADA8620DC2AA8DB4EDA246F08BF04E0C65A4A575A51986E18519D4FC03914EEB74071D8CC681B6B88EBA4DE2E0C7B90E05C1459B6F55FF88E332549F4599BD27E50CC7C55D78C4FE4C7BA2CDCDEF9DE7FA30BE06DD31847E27903AB1D0E0D02D74F68339BA68EECCC50E3832C940CC84FCFF13EA615E70C219FE51012EE4382D135FBF84AF9D640ED19FDE6B67BDF5E3F32F1998D56988B99D560603006C2EEBBAEA3208EE6C2593AEC4DAB99D8CB44015217EC52A9961F60FEE5DC59CFAFF4AB9BDA4D19F84F5BE84978FC79E4C5328D6A52882813F2334DB2509971BF55567B9106F6A0AFA07CF3DF0B57FA4A69749FE7F68DC68B62CB7DBCDEFE603BA0E9C7D86AECDDFC7C881994740ECAAA786CB5EE3E736A81BD7BD09C31C7149D249A706DB34E8F494E5FDA0488459519D50D13D5C385D2D202ECEA054C83FBB215E59C016F1076EF25737E78FDF58F1E09DF40A609E142D7CF5D33DE9B168DBD4EDE34750FFAD83EB44B8FF5F1F06FB5BE80069FF27B02D86C9D58C4EAB9C0754CAAE567EAAC7FF7D1845C30E0D66ECE469EF5B3C7985C12C193C786EBF593813205209FBC153954784DF491309B4C4E14FEE18935D4"
"OODEFRAG08.00.00.01WORKSTATION"="69A33A3F4C3E23E6228954C9A089871E2DBCFE36D0C8C0D4889D886577749524B2E7B78EC393B43388F780318B87CF7A08A102AAADE7FA15551ACBC7C0F960A591E700F192A34EC5846F3D6CFB827E8B15855E9AFC86C197149983DE3221F63DD0E66D019284C9B004432FFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933FEBC9E127BECC74C9DB7CE019D40AA5CA6A0AC4980AC79333FC9362D299BB84B41D4749D78D66B7DFD9EB60EBCA591890F08D317C25A989CB5108F252F4D1FCABE1AD2BA31C745C2027D0087C43EFEC66DE24D4A84D377F61AF9B4070DBA0F727CF4720B7052DAC29B5B94BF3729C016DD2A17D3724196CAE14514A96027625368B602209C5D17D851BE8326E394F3C0A3B7C19EE6B0E3EF29BFDF15AC27F6709843F54102A3E8D751C1A1DD01FDBA8624F7A3CB228850B12ECD0E07D9273042C29104E752334583EB9006BF293AB717E770D431C30151CC53E5587133E17435452F27C4A0EE231495EB8ED458F0959B9FB4B2D5D42762762013BEF9676BAE291EBD9F38E58FFDB8682B5ADEEE1D002B1B705EF5BE5CFD55BFF400F90B284DF0F16FF05A7E9DD41020B54DCFB490A7D551E1BD044E53A90300BEA67F9451C256888B60F4ABF72DB01E090F5152ECC19C5BDAF9A23816681155B8794AE0760793CDF1FA0610D28C24E7B68EBC53AA85F577C0FEAA1202448055BC07D12D79135B518F10C0B4B3006626E478A2AB9631CB870FFD2A56474BC93CBAA2BF9D8DE6CE476AAF0C87F61768A44BC3C6AF4F857B9154EDDEE2EA8FD56736E26F3BBE8387089AB481D649E50FD4B9A61F9848C5D73FB206C07AC4A5855AC59F74EE6AF0918E4C386FD8AE82B44D8E9D5A04C93A275EDF45F4C382282C3D9579148A4239EBFABF9A5A24FC0925453F69547370B2A262A6EADAC825B38E59E3D046404B6B8B13487DF6B6E09A2198D78EA24D2B7BF7DE64FC01F701EAE99D84CC3A26DF99D8BBD04930EF57595FCA73D38C583E6D4B100CC4AC243FF2EC1E5ED6D13A2F5B2E0352282415B36D867F43C58DC3415DB05124CFD604DBF539906E9DA05AB8CADD975E8AA6CC1D03B67E8DB655A11FAB32A6C6ED2BB0A8A167D0C114714AD2862A4E9A223EA50E487DB62B38C6E518364FB3A1B58A2AC9A6815C7BEEC1B1A8B14B9E3E67230FD4F2E2B708A2F9EAC062F84578FE0AD0B73B87D75529431B36716EA39495465D9538DD37A813BA6C801994C79F6871EC401AEB899800D976CD72B21F7F2A4949C5D5DC8D1FE8878E13C7FD4D03D13D27827E95DC26F6A29717E2AB7372E902EFB08B40B7164A9454875D020A20E09E1075ACDE5F6FD2E63588F3E1A9765B7CCFF41BDCD74B1C4AA842CF62DA897FF919DFE898447C9EAB6B"
"OODEFRAG10.00.00.01WORKSTATION"="A638E382327E5755A668FD6BA5944DB041760E95813ACA1BC5D1AB09397BFAAF963CC5DB5F94C4E5C87A0FEA89CCBD35C7587B5AC11EB3FE9174D06C08AFC3C986E543A76518FDCBBA2826C6107F1D4F68DA26801C7E50D567D91E9A3E5E0B9B36136F511F1C70DE97C17408BBC2CB8139657FCDDB160E70F2986536910870638DB09C7949838EE91EAA72EBF3002944716EBF3D32F3621405603F9699FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933BA7FD869164D67948EDD5E5BE2F6E6675D575E7D6A3B980824FD6E4DE00DB1F9ADA131A8D72E4ED0F351584D60E1B36F6228FC2FDE40C2947CC834A0285F845C4621B94E94963F7FFC46ED4A6165D8A4A1D4A0A15FDE0B474CED2F8EF2286A23593571ACE706B6BE6371F2458C7E04F6842B82AB26052CA674E60F27B336955670E8D3E9F52EC37FF210CF20DA5FC1DE3C38998823044F572B32789D6C9D6D6364CBD1D37A02AB984CE16260DBFA51BB4F8DCF15D873D05F7AD482CA36358B98E371D0DC40BAE3C2612D7D31B10CA9CF94C285D65F2C432BC0D2392ABD173EACF2722A18A9D3199C7CB9E760130F7041BAED0EF1E14C6C09AEB89C5C4223893767E9AABFAC8DAB2537D3DADDC845849AC0B0AE341F38442ECA142224997DA2B2EBF6132FD0EA2EC2824D834132B4754AFB29240A6A93F930EDF63069AA8A74827F3D18E8B5B5673F22F885C4C2A4872394009D082CC8ED8AC679A2B972791DE9F5E564110A7AD3482CB0F5C47E23345A89DCBBE4DD87371ED6364BC20135EF90F39A94F01587236F8ED0DEC40003A70BA8ED187A10411E2DF3CAEC5AFAF37303760DB7732F72B82809BABEE8775641B419E53CC8E52B9F5FC6DA3F7797ABE1B24B6FD4AC46932BCE2E5287FCA5F897B752F7A8F19540EE40CF0C6F352417A9F394F864CFDA85479DE4809EED6106715C22DFCE3D6CBF6FBEDD899C5581B7ECFDC96653B503A80CB8EBB1DE4E9460CBCBA85B9695C7A83CAE9802DABAA1CC82EDB5F702DCE6A2ACA4D1D615D2BC2C5814D9AB5A891C45A3C8792832EC0F61F544F76FC7E345DA1249F8648556ED52F9290094E94CEF9CA5A5CC339F98E53D04E402156A106EFCD5761A5263D5CD01C96037E208B45F7D77C5B6DC918DD47221991AB6294BC67AC8DB419E5B749529947470626BBE98FA838E2B646EBE21D2F18CDCA1B4A2C9856D10CD4989F694FED9047065BF075FEAE744F48B0C452374D1D0B72931C583977C8B74D681C72D7CD0904FC0A3D28CE6F494B11AB65DC73450D76EA6390B156CE0AB3BD047F4555EDE817A4EA907084D300D53D9AEE40E312E7C177458693405BAB27FC256319626A2A0B26D5A30D34054A31E1A29618A4DE2799CF28F802925DC4570BD9D"
scanning hidden files ...
scan completed successfully
hidden services: 0
hidden files: 0
KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (
http://www.security.org.sg)
Process list by traversal of KiWaitListHead
4 - System
140 - svchost.exe
192 - tcpsvcs.exe
316 - snmp.exe
384 - svchost.exe
404 - csrss.exe
432 - winlogon.exe
476 - services.exe
488 - lsass.exe
672 - ati2evxx.exe
684 - svchost.exe
768 - svchost.exe
776 - devldr32.exe
812 - svchost.exe
920 - svchost.exe
1172 - avguard.exe
1264 - winvnc4.exe
1352 - hpqste08.exe
1508 - ati2evxx.exe
1540 - explorer.exe
1768 - PhotoshopElemen
1820 - sched.exe
1832 - AppleMobileDevi
1924 - svchost.exe
1952 - svchost.exe
1980 - svchost.exe
2012 - oodag.exe
2080 - alg.exe
2324 - CLI.exe
2332 - avgnt.exe
2384 - hpwuSchd2.exe
2412 - oodtray.exe
2420 - Application Lau
2480 - WN311T.exe
2516 - apdproxy.exe
2564 - CapabilityManag
2876 - realsched.exe
2972 - TeaTimer.exe
2984 - msnmsgr.exe
2992 - ctfmon.exe
3068 - hpqtra08.exe
3588 - cmd.exe
3600 - Generic.exe
Total number of processes = 43
NOTE: Under WinXP, this will not show all processes.
KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (
http://www.security.org.sg)
Driver/Module list by traversal of PsLoadedModuleList
804D7000 - \WINDOWS\system32\ntoskrnl.exe
806EC000 - \WINDOWS\system32\hal.dll
F8C75000 - \WINDOWS\system32\KDCOM.DLL
F8B85000 - \WINDOWS\system32\BOOTVID.dll
F8725000 - ACPI.sys
F8C77000 - \WINDOWS\System32\DRIVERS\WMILIB.SYS
F8714000 - pci.sys
F8775000 - isapnp.sys
F8C79000 - intelide.sys
F89F5000 - \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
F8785000 - MountMgr.sys
F86F5000 - ftdisk.sys
F89FD000 - PartMgr.sys
F8B89000 - IdeBusDr.sys
F8795000 - VolSnap.sys
F86DD000 - atapi.sys
F86C5000 - IdeChnDr.sys
F87A5000 - disk.sys
F87B5000 - \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
F86A5000 - fltmgr.sys
F8693000 - sr.sys
F87C5000 - PxHelp20.sys
F867C000 - KSecDD.sys
F85EF000 - Ntfs.sys
F85C2000 - NDIS.sys
F85A7000 - Mup.sys
F87D5000 - agp440.sys
F89B5000 - \SystemRoot\System32\DRIVERS\processr.sys
F7D8B000 - \SystemRoot\system32\DRIVERS\ati2mtag.sys
F7D77000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
F8A75000 - \SystemRoot\System32\DRIVERS\usbohci.sys
F7D54000 - \SystemRoot\System32\DRIVERS\USBPORT.SYS
F8A7D000 - \SystemRoot\System32\DRIVERS\usbehci.sys
F7C96000 - \SystemRoot\system32\drivers\emu10k1f.sys
F7C72000 - \SystemRoot\system32\drivers\portcls.sys
F89C5000 - \SystemRoot\system32\drivers\drmk.sys
F7863000 - \SystemRoot\system32\drivers\ks.sys
F8199000 - \SystemRoot\system32\drivers\sfman.sys
F8CDB000 - \SystemRoot\system32\drivers\ctlface.sys
F8E10000 - \SystemRoot\System32\DRIVERS\ctljystk.sys
F8C09000 - \SystemRoot\System32\DRIVERS\gameenum.sys
F5DEB000 - \SystemRoot\system32\DRIVERS\NETMW145.sys
F8A05000 - \SystemRoot\system32\DRIVERS\RTL8139.SYS
F8A0D000 - \SystemRoot\System32\DRIVERS\fdc.sys
F5DD7000 - \SystemRoot\System32\DRIVERS\parport.sys
F5DC6000 - \SystemRoot\System32\DRIVERS\serial.sys
F8C0D000 - \SystemRoot\System32\DRIVERS\serenum.sys
F72B7000 - \SystemRoot\System32\DRIVERS\i8042prt.sys
F8A15000 - \SystemRoot\System32\DRIVERS\kbdclass.sys
F72A7000 - \SystemRoot\System32\DRIVERS\imapi.sys
F7297000 - \SystemRoot\System32\DRIVERS\cdrom.sys
F7287000 - \SystemRoot\System32\DRIVERS\redbook.sys
F8A1D000 - \SystemRoot\SYSTEM32\DRIVERS\GEARAspiWDM.sys
F8A25000 - \SystemRoot\System32\DRIVERS\usbuhci.sys
F8CDD000 - \SystemRoot\System32\DRIVERS\serscan.sys
F8E11000 - \SystemRoot\System32\DRIVERS\audstub.sys
F7277000 - \SystemRoot\System32\DRIVERS\rasl2tp.sys
F8C1D000 - \SystemRoot\System32\DRIVERS\ndistapi.sys
F5D37000 - \SystemRoot\System32\DRIVERS\ndiswan.sys
F7267000 - \SystemRoot\System32\DRIVERS\raspppoe.sys
F7257000 - \SystemRoot\System32\DRIVERS\raspptp.sys
F8A2D000 - \SystemRoot\System32\DRIVERS\TDI.SYS
F5D26000 - \SystemRoot\System32\DRIVERS\psched.sys
F702F000 - \SystemRoot\System32\DRIVERS\msgpc.sys
F8A4D000 - \SystemRoot\System32\DRIVERS\ptilink.sys
F8A55000 - \SystemRoot\System32\DRIVERS\raspti.sys
F701F000 - \SystemRoot\System32\DRIVERS\termdd.sys
F8A5D000 - \SystemRoot\System32\DRIVERS\mouclass.sys
F8CDF000 - \SystemRoot\System32\DRIVERS\swenum.sys
F5BC3000 - \SystemRoot\System32\DRIVERS\update.sys
F8C31000 - \SystemRoot\System32\DRIVERS\mssmbios.sys
F700F000 - \SystemRoot\System32\DRIVERS\usbhub.sys
F8CE1000 - \SystemRoot\System32\DRIVERS\USBD.SYS
F6FFF000 - \SystemRoot\System32\Drivers\NDProxy.SYS
F8C8F000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS
F8D87000 - \SystemRoot\System32\Drivers\Null.SYS
F8C91000 - \SystemRoot\System32\Drivers\Beep.SYS
B83B6000 - \SystemRoot\System32\DRIVERS\HIDPARSE.SYS
B83AE000 - \SystemRoot\System32\drivers\vga.sys
F8C93000 - \SystemRoot\System32\Drivers\mnmdd.SYS
F8C95000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys
B83A6000 - \SystemRoot\System32\Drivers\Msfs.SYS
B839E000 - \SystemRoot\System32\Drivers\Npfs.SYS
B81FE000 - \SystemRoot\System32\DRIVERS\rasacd.sys
B79C7000 - \SystemRoot\System32\DRIVERS\ipsec.sys
B796F000 - \SystemRoot\System32\DRIVERS\tcpip.sys
B7947000 - \SystemRoot\System32\DRIVERS\netbt.sys
B7925000 - \SystemRoot\System32\drivers\afd.sys
B8AF5000 - \SystemRoot\System32\DRIVERS\netbios.sys
B811A000 - \SystemRoot\system32\DRIVERS\ssmdrv.sys
B78FA000 - \SystemRoot\System32\DRIVERS\rdbss.sys
B788B000 - \SystemRoot\System32\DRIVERS\mrxsmb.sys
B8AE5000 - \SystemRoot\System32\Drivers\Fips.SYS
B786A000 - \SystemRoot\System32\DRIVERS\ipnat.sys
B8AD5000 - \SystemRoot\System32\DRIVERS\wanarp.sys
B7AB8000 - \SystemRoot\System32\DRIVERS\hidusb.sys
B8AC5000 - \SystemRoot\System32\DRIVERS\HIDCLASS.SYS
F5CAC000 - \SystemRoot\system32\DRIVERS\avipbb.sys
F8CCF000 - \??\D:\AntiVir PersonalEdition Classic\avgio.sys
BAF19000 - \SystemRoot\System32\DRIVERS\usbccgp.sys
B4E89000 - \SystemRoot\System32\DRIVERS\mouhid.sys
B3458000 - \SystemRoot\System32\Drivers\ov519vid.sys
B964E000 - \SystemRoot\System32\Drivers\STREAM.SYS
BAF11000 - \SystemRoot\System32\Drivers\ov519cmd.sys
B8CB6000 - \SystemRoot\system32\drivers\usbaudio.sys
B8CA6000 - \SystemRoot\System32\Drivers\Cdfs.SYS
BF800000 - \SystemRoot\System32\win32k.sys
B4928000 - \SystemRoot\System32\drivers\Dxapi.sys
B9269000 - \SystemRoot\System32\watchdog.sys
BF9C3000 - \SystemRoot\System32\drivers\dxg.sys
F8DDD000 - \SystemRoot\System32\drivers\dxgthk.sys
BF9D5000 - \SystemRoot\System32\ati2dvag.dll
BFA0C000 - \SystemRoot\System32\ati2cqag.dll
BFA40000 - \SystemRoot\System32\atikvmag.dll
BFA75000 - \SystemRoot\System32\ati3duag.dll
BFCB7000 - \SystemRoot\System32\ativvaxx.dll
F8C65000 - \SystemRoot\System32\DRIVERS\ndisuio.sys
B142B000 - \SystemRoot\System32\DRIVERS\mrxdav.sys
B13EE000 - \SystemRoot\system32\drivers\wdmaud.sys
F741C000 - \SystemRoot\system32\drivers\sysaudio.sys
B126B000 - \??\D:\AntiVir PersonalEdition Classic\avgntflt.sys
F8D39000 - \SystemRoot\System32\Drivers\ParVdm.SYS
F8CD7000 - \??\C:\WINDOWS\System32\PfModNT.sys
B1151000 - \SystemRoot\System32\DRIVERS\srv.sys
B84F2000 - \SystemRoot\System32\DRIVERS\secdrv.sys
B0CB0000 - \SystemRoot\System32\Drivers\HTTP.sys
F8DBF000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys
Total number of drivers = 127
Liste des programmes installes
32 Bit HP CIO Components Installer
Adobe Flash Player 9 ActiveX
Adobe Help Center 2.1
Adobe Photoshop Elements 5.0
Adobe Photoshop Elements 5.0
AIO_Scan
Apple Mobile Device Support
Apple Software Update
ArcSoft Panorama Maker 3
ArcSoft PhotoImpression
Asynx Planetarium Version 1.31
ATI - Utilitaire de dsinstallation du logiciel
ATI Catalyst Control Center
ATI Display Driver
ATI HYDRAVISION
AusLogics Registry Defrag
Avira AntiVir PersonalEdition Classic
Beneton Movie GIF 1.1.1
BufferChm
C4380
C4380_doccd
C4380_Help
CCleaner (remove only)
Copy
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
DocProc
DocProcQFolder
Encyclopdie Microsoft Encarta 97
eSupportQFolder
Fax
Foxit Reader
Google Earth
HijackThis 2.0.2
Hotfix for Windows XP (KB915865)
HP Imaging Device Functions 9.0
HP OCR Software 9.0
HP Photosmart All-In-One Software 9.0
HP Photosmart Essential 2.01
HP Photosmart Essential2.01
HP Solution Center 9.0
HP Update
HPProductAssistant
Intel Application Accelerator
iPod for Windows 2005-02-07
iPod for Windows 2005-02-07
iTunes
J2SE Runtime Environment 5.0 Update 3
Java 2 Runtime Environment, SE v1.4.2_05
jv16 PowerTools 1.3
Kaspersky Online Scanner
Lecteur Windows Media10
Les Sims 2
LimeWire 4.14.10
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 SR-1 Premium
Microsoft Office PowerPoint Viewer 2003
Microsoft Plus! pour Windows XP
Microsoft Zoo Tycoon
Mise jour de scurit pour Windows XP (KB941644)
Mise jour de scurit pour Windows XP (KB943485)
Mise jour pour Windows XP (KB946627)
Mozilla Firefox (2.0.0.11)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML4 Parser
Navilog1 3.4.0
Nero 7 Essentials
neroxml
NetDeviceManager
NETGEAR WN311T Wireless PCI Adapter
Nikon Message Center
O&O Defrag Professional Edition
PanoStandAlone
Photorcit 3 pour Windows
PS_AIO_02_ProductContext
PS_AIO_02_Software
PS_AIO_02_Software_min
PSSWCORE
QuickTime
R-Wipe&Clean 4.0
RealOne Player
RollerCoaster Tycoon 2
Sauvegarde des Dossiers personnels Microsoft Outlook
Scan
SolutionCenter
Sony Ericsson PC Suite
Sound Blaster Live!
Spybot - Search & Destroy
Status
Stellarium 0.8.0
SUPER Version 2007.bld.23 (July 4, 2007)
Toolbox
TrayApp
Trust 320 SpaceCam
TuneXP 1.5
Tweakui Powertoy for Windows XP
UnloadSupport
VideoLAN VLC media player 0.8.6c
VideoToolkit01
VNC Free Edition 4.1.1
WebFldrs XP
WebReg
Windows Internet Explorer 7
Windows Live installer
Windows Live Messenger
Windows Media Format Runtime
Le volume dans le lecteur C n'a pas de nom.
Le numro de srie du volume est 000A-25A3
Rpertoire de C:\Program Files
14.01.2008 22:00 <REP> .
14.01.2008 22:00 <REP> ..
15.11.2007 15:32 <REP> Adobe
05.08.2007 10:45 <REP> Apple Software Update
31.03.2006 12:29 <REP> ArcSoft
27.12.2005 13:01 <REP> ATI Technologies
15.10.2007 19:00 <REP> AviSynth 2.5
18.03.2006 16:19 <REP> BeInSync
23.12.2004 14:50 <REP> Common Files
23.12.2004 14:50 <REP> Creative
23.12.2004 14:50 <REP> Dictionnaire
04.02.2007 19:06 <REP> DivX
13.01.2008 17:34 <REP> EPSON
12.01.2008 16:30 <REP> Fichiers communs
12.01.2008 15:53 <REP> Google
17.01.2005 17:32 <REP> Hasbro Interactive
13.01.2008 20:13 <REP> Hewlett-Packard
18.12.2007 18:20 <REP> HP
19.03.2006 17:21 <REP> Infogrames
14.01.2008 22:16 <REP> Internet Explorer
05.08.2007 10:49 <REP> iPod
05.08.2007 10:49 <REP> iTunes
21.03.2006 20:14 <REP> Java
12.02.2005 23:19 <REP> Messenger
13.01.2008 17:39 <REP> Messenger Plus! 3
31.07.2007 18:47 <REP> Messenger Plus! Live
23.11.2004 14:59 <REP> microsoft frontpage
09.03.2006 15:56 <REP> Microsoft Office
28.12.2004 12:10 <REP> Microsoft Plus!
26.08.2004 07:45 <REP> Microsoft Visual Studio
12.11.2007 19:44 <REP> Movie Maker
25.08.2004 22:46 <REP> MSN Gaming Zone
14.01.2008 21:56 <REP> MSN Messenger
14.01.2008 19:49 <REP> Navilog1
07.09.2004 15:14 <REP> NetMeeting
13.06.2007 20:39 <REP> Outlook Express
16.11.2006 20:13 <REP> Photo Story 3 for Windows
02.09.2005 11:47 <REP> Planetarium0131
05.08.2007 10:48 <REP> QuickTime
23.11.2004 16:17 <REP> Snapshot Viewer
22.04.2007 10:57 <REP> Sony Ericsson
28.06.2006 16:32 <REP> Stellarium
28.12.2004 12:09 <REP> Visualizations
13.01.2008 19:02 <REP> Windows Live
16.02.2006 21:27 <REP> Windows Media Player
07.09.2004 15:13 <REP> Windows NT
25.08.2004 22:50 <REP> xerox
0 fichier(s) 0 octets
47 Rp(s) 8'196'734'976 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numro de srie du volume est 000A-25A3
Rpertoire de C:\Program Files\fichiers communs
12.01.2008 16:30 <REP> .
12.01.2008 16:30 <REP> ..
15.11.2007 15:30 <REP> Adobe
15.11.2007 14:50 <REP> Ahead
05.08.2007 10:44 <REP> Apple
26.08.2004 07:45 <REP> Designer
26.08.2004 07:26 <REP> EPSON
18.12.2007 18:19 <REP> Hewlett-Packard
18.12.2007 18:19 <REP> HP
31.03.2006 12:30 <REP> InstallShield
06.04.1999 13:27 99'840 IRAABOUT.DLL
09.12.1998 03:53 48'640 IRALPTTR.DLL
09.12.1998 03:53 70'144 IRAMDMTR.DLL
09.12.1998 03:53 186'368 IRAREG.DLL
09.12.1998 03:53 17'920 IRASRIAL.DLL
09.12.1998 03:53 31'744 IRAWEBTR.DLL
26.08.2004 22:47 <REP> Java
13.01.2008 19:02 <REP> Microsoft Shared
25.08.2004 22:48 <REP> MSSoap
15.11.2007 15:21 <REP> Nikon
08.07.2005 12:11 <REP> Nullsoft
28.08.2004 15:17 <REP> Real
25.08.2004 22:48 <REP> Services
25.08.2004 23:39 <REP> SpeechEngines
26.12.2006 18:31 <REP> SWF Studio
13.06.2007 20:39 <REP> System
22.04.2007 10:58 <REP> Teleca Shared
28.08.2004 15:17 <REP> xing shared
6 fichier(s) 454'656 octets
22 Rp(s) 8'196'730'880 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numro de srie du volume est 000A-25A3
Rpertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders
27.08.2004 14:21 <REP> .
27.08.2004 14:21 <REP> ..
26.08.2004 09:40 <REP> 1033
26.08.2004 09:40 <REP> 1036
26.03.2003 03:38 1'327'104 MSONSEXT.DLL
13.02.2001 07:23 58'784 MSOSV.DLL
03.06.1999 13:09 122'937 MSOWS409.DLL
07.03.2001 08:00 127'033 MSOWS40c.DLL
06.08.2000 08:04 401'462 MSVCP60.DLL
22.01.2001 02:25 69'632 PKMAXCTL.DLL
22.01.2001 02:25 872'448 PKMCDO.DLL
22.01.2001 02:25 159'744 PKMCORE.DLL
07.02.2001 08:59 106'496 PKMFORMS.DLL
12.02.2001 03:03 684'032 PKMRES.DLL
22.01.2001 02:25 28'672 PKMSSTLB.DLL
22.01.2001 02:25 40'960 PKMTEMPL.DLL
22.01.2001 02:25 24'576 PKMTRACE.DLL
22.01.2001 02:25 86'016 PKMWS.DLL
22.01.2001 02:25 237'568 PROMDEMO.DLL
18.03.1999 05:37 593'977 RAGENT.DLL
22.01.2001 02:25 184'320 SECMGR.DLL
22.01.2001 02:25 323'584 VAIDDMGR.DLL
22.01.2001 02:25 32'768 VAIMEM.DLL
19 fichier(s) 5'482'113 octets
4 Rp(s) 8'196'730'880 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numro de srie du volume est 000A-25A3
Rpertoire de C:\Program Files\common files
23.12.2004 14:50 <REP> .
23.12.2004 14:50 <REP> ..
26.08.2004 09:44 <REP> Microsoft Shared
0 fichier(s) 0 octets
3 Rp(s) 8'196'730'880 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numro de srie du volume est 000A-25A3
Rpertoire de C:\
14.01.2008 21:16 252'928 RHosts.exe
14.01.2008 21:05 1'129'580 SmitfraudFix.exe
24.05.2001 12:59 162'304 UNWISE.EXE
3 fichier(s) 1'544'812 octets
0 Rp(s) 8'196'730'880 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numro de srie du volume est 000A-25A3
Rpertoire de C:\
c:\Documents and Settings\All Users\Application Data\Adobe\Photoshop Elements\5.0\Flash Galleries\Dynamic\flashplayer\windows\SAFlashPlayer.exe
c:\Documents and Settings\All Users\Application Data\Adobe\Photoshop Elements\5.0\Flash Galleries\GeoWeb Gallery\gallery\resources\AuthSWF.exe
c:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.3.2.6\iTunesSetupAdmin.exe
c:\Documents and Settings\All Users\Documents\RegSeeker\RegSeeker.exe
c:\Documents and Settings\Aurlie\.limewire\.NetworkShare\LimeWireWin4.16.2.exe
c:\Documents and Settings\Aurlie\Application Data\Mozilla\Firefox\Profiles\0t2d83lx.default\FlashGot.exe
c:\Documents and Settings\Aurlie\Bureau\Navilog1.exe
c:\Documents and Settings\Aurlie\Bureau\clean\gzip.exe
c:\Documents and Settings\Aurlie\Bureau\clean\LFiles.exe
c:\Documents and Settings\Aurlie\Bureau\clean\pskill.exe
c:\Documents and Settings\Aurlie\Bureau\clean\tar.exe
c:\Documents and Settings\Aurlie\Bureau\DiagHelp\DiagHelp\catchme.exe
c:\Documents and Settings\Aurlie\Bureau\DiagHelp\DiagHelp\diff.exe
c:\Documents and Settings\Aurlie\Bureau\DiagHelp\DiagHelp\dumphive.exe
c:\Documents and Settings\Aurlie\Bureau\DiagHelp\DiagHelp\FilesInfoCmd.exe
c:\Documents and Settings\Aurlie\Bureau\DiagHelp\DiagHelp\find2.exe
c:\Documents and Settings\Aurlie\Bureau\DiagHelp\DiagHelp\Fport.exe
c:\Documents and Settings\Aurlie\Bureau\DiagHelp\DiagHelp\grep.exe
c:\Documents and Settings\Aurlie\Bureau\DiagHelp\DiagHelp\gzip.exe
c:\Documents and Settings\Aurlie\Bureau\DiagHelp\DiagHelp\KProcCheck.exe
c:\Documents and Settings\Aurlie\Bureau\DiagHelp\DiagHelp\LFiles.exe
c:\Documents and Settings\Aurlie\Bureau\DiagHelp\DiagHelp\LISTDLLS.exe
c:\Documents and Settings\Aurlie\Bureau\DiagHelp\DiagHelp\md5sums.exe
c:\Documents and Settings\Aurlie\Bureau\DiagHelp\DiagHelp\pslist.exe
c:\Documents and Settings\Aurlie\Bureau\DiagHelp\DiagHelp\sigcheck.exe
c:\Documents and Settings\Aurlie\Bureau\DiagHelp\DiagHelp\streams.exe
c:\Documents and Settings\Aurlie\Bureau\DiagHelp\DiagHelp\swreg.exe
c:\Documents and Settings\Aurlie\Bureau\DiagHelp\DiagHelp\tar.exe
c:\Documents and Settings\Aurlie\Bureau\MSNFix\MSNFix\incl\MD5File.exe
c:\Documents and Settings\Aurlie\Bureau\MSNFix\MSNFix\incl\msnchk.exe
c:\Documents and Settings\Aurlie\Bureau\MSNFix\MSNFix\incl\Process.exe
c:\Documents and Settings\Aurlie\Bureau\MSNFix\MSNFix\incl\swreg.exe
c:\Documents and Settings\Aurlie\Bureau\MSNFix\MSNFix\incl\zip.exe
c:\Documents and Settings\Aurlie\Local Settings\Temp\{E36DB292-0D68-4E43-91CD-F2651A72332A}\RemoveInf.exe
c:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\avewin32.dll
c:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\TEMP\AVUPDATE_4777e25c\UPDENGVDFTEST\avewin32.dll
c:\Documents and Settings\All Users\Application Data\BeInSync Settings\mfc71u.dll
c:\Documents and Settings\All Users\Application Data\BeInSync Settings\msvcr71.dll
c:\Documents and Settings\All Users\Application Data\HP\Digital Imaging\Data\hpqd_cul_s.dll
c:\Documents and Settings\All Users\Application Data\HP\Digital Imaging\Data\Destination\aiopfl.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll
c:\Documents and Settings\All Users\Application Data\Nero\DrWeb\Drweb32.dll
c:\Documents and Settings\Aurlie\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
c:\Documents and Settings\Aurlie\Application Data\Mozilla\Firefox\Profiles\0t2d83lx.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\components\FoxyTunes.dll
c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
****** Fin du rapport DiagHelp
-------------------
voyons ce qu'il en ressort...
au fait, si cela peut aider... lorsque je connecte avec WLM cela ne fonctionne naturellement pas et j'utilise le petit programme de diagnostique intégré qui me signale que le fichier hosts est corrompu, je l'ai pourtant déjà réparé avec un petit programme qui se nomme
hoster (sauf erreur), mais que dalle !