Les désinfections sont prises en charge par un groupe spécifique, tout le monde ne peut pas intervenir pour désinfecter les machines (
---------------------------------------------
DiagHelp version v1.3 - http://www.malekal.com
excute le 08/11/2007 à 20:29:58,74
Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
C:\WINDOWS\prefetch\MSNAPPAU.EXE-17A3A6E5.pf -->08/11/2007 20:20:20
C:\WINDOWS\prefetch\IEXPLORE.EXE-2D97EBE6.pf -->08/11/2007 20:19:50
C:\WINDOWS\prefetch\AVAST.SETUP-295443AF.pf -->08/11/2007 20:13:52
C:\WINDOWS\prefetch\FIREFOX.EXE-06188867.pf -->08/11/2007 19:59:02
C:\WINDOWS\prefetch\NOTEPAD.EXE-2F2D61E1.pf -->08/11/2007 19:53:42
C:\WINDOWS\prefetch\MSIEXEC.EXE-330626DC.pf -->08/11/2007 19:49:40
C:\WINDOWS\prefetch\WINRAR.EXE-0AA31BB9.pf -->08/11/2007 18:19:37
C:\WINDOWS\prefetch\SETUP.OVR-1ABDA79A.pf -->08/11/2007 18:00:52
C:\WINDOWS\prefetch\SLLIGHTS.EXE-2652C9D1.pf -->08/11/2007 17:53:21
C:\WINDOWS\prefetch\WATCH.EXE-27B8EEDC.pf -->08/11/2007 17:53:06
C:\WINDOWS\System32\drivers\avipbb.sys -->06/11/2007 23:22:52
C:\WINDOWS\System32\drivers\avgntdd.sys -->09/08/2007 13:04:11
C:\WINDOWS\System32\drivers\avgntmgr.sys -->18/07/2007 14:22:19
C:\WINDOWS\System32\drivers\ssmdrv.sys -->01/03/2007 10:34:36
C:\WINDOWS\System32\drivers\ZDPSp50a64.sys -->18/01/2006 14:09:40
C:\WINDOWS\System32\drivers\ZDPSp50.sys -->18/01/2006 14:09:40
C:\WINDOWS\System32\drivers\BRGSp50a64.sys -->18/01/2006 14:09:40
C:\WINDOWS\System32\CONFIG.NT -->08/11/2007 20:14:49
C:\WINDOWS\System32\Status.MPF -->08/11/2007 19:48:41
C:\WINDOWS\System32\PerfStringBackup.INI -->28/10/2007 12:47:18
C:\WINDOWS\System32\perfh00C.dat -->28/10/2007 12:47:18
C:\WINDOWS\System32\perfh009.dat -->28/10/2007 12:47:18
C:\WINDOWS\System32\perfc00C.dat -->28/10/2007 12:47:18
C:\WINDOWS\System32\perfc009.dat -->28/10/2007 12:47:18
C:\WINDOWS\System32\jupdate-1.6.0_03-b05.log -->24/10/2007 18:06:31
C:\WINDOWS\System32\wpa.dbl -->30/09/2007 16:07:04
C:\WINDOWS\System32\javaws.exe -->24/09/2007 22:31:42
C:\WINDOWS\System32\javacpl.cpl -->24/09/2007 22:31:42
C:\WINDOWS\System32\javaw.exe -->24/09/2007 21:30:30
C:\WINDOWS\System32\java.exe -->24/09/2007 21:30:28
C:\WINDOWS\System32\FNTCACHE.DAT -->08/09/2007 09:41:30
C:\WINDOWS\System32\CmdLineExt03.dll -->22/02/2007 17:24:34
C:\WINDOWS\System32\nscompat.tlb -->09/02/2007 23:07:49
C:\WINDOWS\System32\amcompat.tlb -->09/02/2007 23:07:49
C:\WINDOWS\System32\CmdLineExt.dll -->29/01/2007 20:23:44
C:\WINDOWS\System32\sirenacm.dll -->19/01/2007 12:53:04
C:\WINDOWS\System32\SIntfNT.dll -->18/01/2007 18:08:02
C:\WINDOWS\System32\SIntf32.dll -->18/01/2007 18:08:02
C:\WINDOWS\System32\SIntf16.dll -->18/01/2007 18:08:01
C:\WINDOWS\System32\lvcoinst.log -->02/01/2007 12:17:40
C:\WINDOWS\System32\jupdate-1.5.0_09-b03.log -->30/12/2006 10:53:36
C:\WINDOWS\System32\LegitCheckControl.DLL -->12/12/2006 10:45:04
C:\WINDOWS\0.log -->08/11/2007 17:41:12
C:\WINDOWS\wiadebug.log -->08/11/2007 17:40:42
C:\WINDOWS\wiaservc.log -->08/11/2007 17:40:35
C:\WINDOWS\bootstat.dat -->08/11/2007 17:39:18
C:\WINDOWS\SchedLgU.Txt -->07/11/2007 22:03:27
C:\WINDOWS\DPINST.LOG -->07/11/2007 14:52:32
C:\WINDOWS\wmsetup.log -->06/11/2007 17:35:09
C:\WINDOWS\setupapi.log -->05/11/2007 19:57:24
C:\WINDOWS\mozver.dat -->04/11/2007 10:42:46
C:\WINDOWS\nsreg.dat -->01/11/2007 22:46:54
C:\WINDOWS\win.ini -->01/11/2007 22:05:24
C:\WINDOWS\WindowsUpdate.log -->01/11/2007 20:34:57
C:\WINDOWS\tsoc.log -->13/08/2007 10:32:43
C:\WINDOWS\Q321178.log -->13/08/2007 10:32:43
C:\WINDOWS\ntdtcsetup.log -->13/08/2007 10:32:43
MD5 des fichiers sensibles
tcpip.sys e7774698bb0d14b0710a9a31e209f9b6
ndis.sys 3efd4f59ba0a340de0a3ab984001dbf7
null.sys 73c1e1f395918bc2c6dd67af7591a3ad
svchost.exe 333a4db8410d8e24db06d6aebecdc7c2
ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - http://www.sysinternals.com
------------------------------------------------------------------------------
explorer.exe pid: 192
Command line: C:\WINDOWS\Explorer.EXE
Base Size Version Path
0x01000000 0xf8000 6.00.2600.0000 C:\WINDOWS\Explorer.EXE
0x77be0000 0x53000 7.00.2600.0000 C:\WINDOWS\system32\msvcrt.dll
0x77290000 0x64000 6.00.2750.0167 C:\WINDOWS\system32\SHLWAPI.dll
0x77390000 0x802000 6.00.2600.0000 C:\WINDOWS\system32\SHELL32.dll
0x770e0000 0x8b000 3.50.5014.0000 C:\WINDOWS\system32\OLEAUT32.dll
0x71500000 0xfd000 6.00.2737.1600 C:\WINDOWS\System32\BROWSEUI.dll
0x71700000 0x148000 6.00.2750.0167 C:\WINDOWS\System32\SHDOCVW.dll
0x5b090000 0x34000 6.00.2600.0000 C:\WINDOWS\System32\UxTheme.dll
0x71950000 0xe4000 6.00.2600.0000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
0x77300000 0x8b000 5.82.2600.0000 C:\WINDOWS\system32\comctl32.dll
0x7c620000 0x81000 2001.12.4414.0053 C:\WINDOWS\System32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0042 C:\WINDOWS\System32\COMRes.dll
0x00e20000 0x17000 9.05.0000.1098 C:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcInj.dll
0x5b950000 0x71000 6.00.2600.0000 C:\WINDOWS\System32\themeui.dll
0x71ca0000 0x1b000 6.00.2600.0000 C:\WINDOWS\System32\ACTXPRXY.DLL
0x76ac0000 0x15000 3.00.9238.0000 C:\WINDOWS\System32\ATL.DLL
0x746e0000 0x8f000 6.00.2600.0000 C:\WINDOWS\System32\MLANG.dll
0x74aa0000 0x43000 6.00.2600.0000 C:\WINDOWS\System32\webcheck.dll
0x74a60000 0x9000 6.00.2600.0000 C:\WINDOWS\System32\BatMeter.dll
0x74a40000 0x7000 6.00.2600.0000 C:\WINDOWS\System32\POWRPROF.dll
0x76250000 0x8a000 5.131.2600.1123 C:\WINDOWS\system32\CRYPT32.dll
0x10000000 0x13000 4.00.0000.0000 C:\Program Files\Trust\MI-4500X WIRELESS OPTICAL MOUSE\MOUDL32A.DLL
0x01110000 0x8000 9.40.0000.0000 C:\PROGRA~1\MOUSEW~1\SYSTEM\LgMousHk.dll
0x015d0000 0x2c6000 3.01.4000.2435 C:\WINDOWS\System32\msi.dll
0x63000000 0x96000 6.00.2737.0800 C:\WINDOWS\system32\WININET.dll
0x00d80000 0x7000 1.00.0000.0001 C:\PROGRA~1\Wanadoo\Inactivity.dll
0x723a0000 0x13000 6.00.2600.0000 C:\WINDOWS\System32\browselc.dll
0x1a400000 0x7b000 6.00.2745.2300 C:\WINDOWS\system32\urlmon.dll
0x01b80000 0x11000 5.00.0001.1200 C:\WINDOWS\System32\btncopy.dll
0x72380000 0x19000 6.00.2600.0000 C:\WINDOWS\System32\mydocs.dll
0x01be0000 0x8e000 6.00.2715.0400 C:\WINDOWS\System32\shdoclc.dll
0x76be0000 0x2b000 5.131.2600.0000 C:\WINDOWS\System32\WINTRUST.dll
0x0ffd0000 0x22000 5.01.2518.0000 C:\WINDOWS\System32\rsaenh.dll
0x1f7b0000 0x31000 3.520.7713.0000 C:\WINDOWS\System32\ODBC32.dll
0x76340000 0x46000 6.00.2600.0000 C:\WINDOWS\system32\comdlg32.dll
0x1f850000 0x18000 3.520.7713.0000 C:\WINDOWS\System32\odbcint.dll
0x70d00000 0x1a0000 5.01.3097.0000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13\gdiplus.dll
0x01ab0000 0x2d000 C:\Program Files\WinRAR\rarext.dll
0x01540000 0x11000 7.00.0000.0010 C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll
0x7c250000 0x102000 7.10.3077.0000 C:\Program Files\Avira\AntiVir PersonalEdition Classic\MFC71U.DLL
0x01ae0000 0x56000 7.10.3052.0004 C:\Program Files\Avira\AntiVir PersonalEdition Classic\MSVCR71.dll
0x64f00000 0x12000 4.07.1043.0000 C:\Program Files\Alwil Software\Avast4\ashShell.dll
0x01d80000 0x1a000 C:\WINDOWS\System32\CmdLineExt03.dll
0x70ee0000 0x7000 1.01.0000.3917 C:\WINDOWS\System32\asfsipc.dll
0x60980000 0x7000 3.01.4000.1823 C:\WINDOWS\System32\MSISIP.DLL
0x74e10000 0x10000 5.06.0000.6626 C:\WINDOWS\System32\wshext.dll
0x59000000 0xe000 5.06.0000.6626 C:\WINDOWS\System32\wshFR.DLL
ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - http://www.sysinternals.com
------------------------------------------------------------------------------
winlogon.exe pid: 620
Command line: winlogon.exe
Base Size Version Path
0x01000000 0x6f000 \??\C:\WINDOWS\system32\winlogon.exe
0x77be0000 0x53000 7.00.2600.0000 C:\WINDOWS\system32\msvcrt.dll
0x76250000 0x8a000 5.131.2600.1123 C:\WINDOWS\system32\CRYPT32.dll
0x76be0000 0x2b000 5.131.2600.0000 C:\WINDOWS\system32\WINTRUST.dll
0x77390000 0x802000 6.00.2600.0000 C:\WINDOWS\system32\SHELL32.dll
0x77290000 0x64000 6.00.2750.0167 C:\WINDOWS\system32\SHLWAPI.dll
0x77300000 0x8b000 5.82.2600.0000 C:\WINDOWS\system32\COMCTL32.dll
0x1f7b0000 0x31000 3.520.7713.0000 C:\WINDOWS\system32\ODBC32.dll
0x76340000 0x46000 6.00.2600.0000 C:\WINDOWS\system32\comdlg32.dll
0x008f0000 0xe4000 6.00.2600.0000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
0x1f850000 0x18000 3.520.7713.0000 C:\WINDOWS\system32\odbcint.dll
0x76b70000 0x1f000 6.00.2600.0000 C:\WINDOWS\system32\SHSVCS.dll
0x5b090000 0x34000 6.00.2600.0000 C:\WINDOWS\system32\uxtheme.dll
0x0ffd0000 0x22000 5.01.2518.0000 C:\WINDOWS\System32\rsaenh.dll
0x77000000 0xd4000 2001.12.4414.0042 C:\WINDOWS\system32\COMRes.dll
0x770e0000 0x8b000 3.50.5014.0000 C:\WINDOWS\system32\OLEAUT32.dll
0x7c620000 0x81000 2001.12.4414.0053 C:\WINDOWS\System32\CLBCATQ.DLL
Le volume dans le lecteur C s'appelle HDD
Le numéro de série du volume est 04F0-DE04
Répertoire de C:\WINDOWS\system32
28/08/2001 11:00 4 096 csrss.exe
1 fichier(s) 4 096 octets
0 Rép(s) 8 943 206 400 octets libres
Contenu de Downloaded Program Files
Le volume dans le lecteur C s'appelle HDD
Le numéro de série du volume est 04F0-DE04
Répertoire de C:\WINDOWS\Downloaded Program Files
30/10/2007 20:27 <REP> .
30/10/2007 20:27 <REP> ..
07/09/2004 12:27 65 desktop.ini
13/04/2007 02:14 382 344 GAME_UNO1.dll
17/01/2007 15:44 316 GAME_UNO1.INF
22/02/2007 23:41 304 544 MessengerStatsPAClient.dll
20/01/2000 15:25 1 162 Microsoft XML Parser for Java.osd
16/11/2006 12:35 63 056 MusicManagerUnInstaller.exe
09/11/2006 14:36 5 019 swflash.inf
30/06/2003 22:41 1 689 WMV9VCM.inf
8 fichier(s) 758 195 octets
Total des fichiers listés :
8 fichier(s) 758 195 octets
2 Rép(s) 8 943 206 400 octets libres
Recherche de rootkit! (Merci S!Ri)
Recherche d'infections connues
Export des clefs sensibles..
Liste des fichiers en exception sur le pare-feu XP SP2
Export de la clef SharedTaskScheduler
[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
exports des policies
REGEDIT4
[system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
Export des clefs sensibles..
Rechercher adresses sensibles dans le fichier HOSTS...
KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (http://www.security.org.sg)
Process list by traversal of KiWaitListHead
4 - System
192 - explorer.exe
596 - csrss.exe
664 - services.exe
684 - lsass.exe
860 - svchost.exe
884 - svchost.exe
944 - svchost.exe
952 - EM_EXEC.EXE
956 - svchost.exe
1032 - ashServ.exe
1084 - MpfTray.exe
1192 - Toaster.exe
1332 - LVPrcSrv.exe
1352 - avguard.exe
1408 - Inactivity.exe
1624 - incdsrv.exe
1664 - InCD.exe
1668 - slserv.exe
2072 - mouse32a.exe
2100 - PollingModule.e
2352 - avgnt.exe
2424 - BTTray.exe
2444 - ALERTM~1.EXE
3196 - Watch.exe
3840 - GestionnaireInt
4092 - ComComp.exe
15084 - IEXPLORE.EXE
19612 - cmd.exe
Total number of processes = 29
NOTE: Under WinXP, this will not show all processes.
KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (http://www.security.org.sg)
Driver/Module list by traversal of PsLoadedModuleList
804D0000 - \WINDOWS\system32\ntoskrnl.exe
806B5000 - \WINDOWS\system32\hal.dll
FCA21000 - \WINDOWS\system32\KDCOM.DLL
FC931000 - \WINDOWS\system32\BOOTVID.dll
FC4D4000 - ACPI.sys
FCA23000 - \WINDOWS\System32\DRIVERS\WMILIB.SYS
FC521000 - pci.sys
FC531000 - isapnp.sys
FCA25000 - intelide.sys
FC7A1000 - \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
FC541000 - MountMgr.sys
FC4B5000 - ftdisk.sys
FC7A9000 - PartMgr.sys
FC551000 - VolSnap.sys
FC49F000 - atapi.sys
FC561000 - disk.sys
FC571000 - \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
FC48D000 - sr.sys
FC581000 - avgntmgr.sys
FC479000 - KSecDD.sys
FC3F6000 - Ntfs.sys
FC3CE000 - NDIS.sys
FC3B4000 - Mup.sys
FC5B1000 - \SystemRoot\System32\DRIVERS\p3.sys
FC345000 - \SystemRoot\System32\DRIVERS\i81xnt5.sys
FC5C1000 - \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
FC5D1000 - \SystemRoot\System32\DRIVERS\i8042prt.sys
FC5E1000 - \SystemRoot\System32\DRIVERS\L8042Pr2.sys
FC5F1000 - \SystemRoot\System32\DRIVERS\LMouFlt2.sys
FC7E9000 - \SystemRoot\System32\DRIVERS\mouclass.sys
FCA31000 - \SystemRoot\System32\DRIVERS\LKbdFlt2.sys
FC7F1000 - \SystemRoot\System32\DRIVERS\kbdclass.sys
FC801000 - \SystemRoot\System32\DRIVERS\fdc.sys
FC601000 - \SystemRoot\System32\DRIVERS\serial.sys
FC9B9000 - \SystemRoot\System32\DRIVERS\serenum.sys
FC332000 - \SystemRoot\System32\DRIVERS\parport.sys
FC9C1000 - \SystemRoot\System32\DRIVERS\gameenum.sys
FCB90000 - \SystemRoot\system32\drivers\msmpu401.sys
FC311000 - \SystemRoot\system32\drivers\portcls.sys
FC631000 - \SystemRoot\system32\drivers\drmk.sys
FC2F1000 - \SystemRoot\system32\drivers\ks.sys
FC641000 - \SystemRoot\System32\Drivers\Imapi.SYS
FC651000 - \SystemRoot\System32\DRIVERS\cdrom.sys
FC661000 - \SystemRoot\System32\DRIVERS\redbook.sys
FC821000 - \SystemRoot\System32\DRIVERS\InCDPass.sys
FC829000 - \SystemRoot\System32\DRIVERS\usbuhci.sys
FC2D2000 - \SystemRoot\System32\DRIVERS\USBPORT.SYS
FC2BA000 - \SystemRoot\system32\drivers\ac97intc.sys
FC28D000 - \SystemRoot\System32\DRIVERS\slntamr.sys
FC9CD000 - \SystemRoot\System32\DRIVERS\SlWdmSup.sys
FC278000 - \SystemRoot\System32\DRIVERS\Mtlmnt5.sys
FC849000 - \SystemRoot\System32\Drivers\Modem.SYS
FC1AB000 - \SystemRoot\System32\DRIVERS\btkrnl.sys
FCBA4000 - \SystemRoot\System32\DRIVERS\audstub.sys
FC6D1000 - \SystemRoot\System32\DRIVERS\rasl2tp.sys
FC9E1000 - \SystemRoot\System32\DRIVERS\ndistapi.sys
FC195000 - \SystemRoot\System32\DRIVERS\ndiswan.sys
FC6E1000 - \SystemRoot\System32\DRIVERS\raspppoe.sys
FC6F1000 - \SystemRoot\System32\DRIVERS\raspptp.sys
FC9F1000 - \SystemRoot\System32\DRIVERS\TDI.SYS
FC0E4000 - \SystemRoot\System32\DRIVERS\psched.sys
FC701000 - \SystemRoot\System32\DRIVERS\msgpc.sys
FC861000 - \SystemRoot\System32\DRIVERS\ptilink.sys
FC871000 - \SystemRoot\System32\DRIVERS\raspti.sys
FC881000 - \SystemRoot\System32\DRIVERS\wanatw4.sys
FC711000 - \SystemRoot\System32\DRIVERS\termdd.sys
FCBAC000 - \SystemRoot\System32\DRIVERS\swenum.sys
FC0C2000 - \SystemRoot\System32\DRIVERS\update.sys
FC721000 - \SystemRoot\System32\Drivers\NDProxy.SYS
FC8D9000 - \SystemRoot\System32\DRIVERS\flpydisk.sys
FC781000 - \SystemRoot\System32\DRIVERS\usbhub.sys
FCA5F000 - \SystemRoot\System32\DRIVERS\USBD.SYS
FC8E9000 - \SystemRoot\System32\DRIVERS\usbccgp.sys
F7EEF000 - \SystemRoot\System32\DRIVERS\WlanBZXP.sys
FC611000 - \SystemRoot\system32\drivers\lvusbsta.sys
F7BC5000 - \SystemRoot\System32\DRIVERS\LV302AV.SYS
FC621000 - \SystemRoot\System32\DRIVERS\STREAM.SYS
FCA63000 - \SystemRoot\System32\DRIVERS\lv302af.sys
FC671000 - \SystemRoot\system32\drivers\usbaudio.sys
F79B2000 - \??\C:\WINDOWS\system32\drivers\Lvckap.sys
FC691000 - \SystemRoot\SYSTEM32\DRIVERS\avgntdd.sys
FCA6B000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS
FCBC1000 - \SystemRoot\System32\Drivers\Null.SYS
FCA6F000 - \SystemRoot\System32\Drivers\Beep.SYS
FC921000 - \SystemRoot\System32\drivers\vga.sys
FCA73000 - \SystemRoot\System32\Drivers\mnmdd.SYS
FCA77000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys
FCA7B000 - \SystemRoot\System32\Drivers\InCDrec.SYS
F7939000 - \SystemRoot\System32\Drivers\InCDfs.SYS
FC7D1000 - \SystemRoot\System32\Drivers\Msfs.SYS
FC7E1000 - \SystemRoot\System32\Drivers\Npfs.SYS
FC0AA000 - \SystemRoot\System32\DRIVERS\rasacd.sys
FC6C1000 * --[Hidden]--
F78C2000 * --[Hidden]--
FC185000 - \SystemRoot\System32\Drivers\MpFirewall.sys
FC175000 - \SystemRoot\System32\DRIVERS\wanarp.sys
FC155000 - \SystemRoot\System32\Drivers\aswTdi.SYS
F77FD000 - \SystemRoot\System32\DRIVERS\netbt.sys
FC145000 - \SystemRoot\System32\DRIVERS\netbios.sys
FC831000 - \SystemRoot\System32\DRIVERS\ssmdrv.sys
F77D5000 - \SystemRoot\System32\DRIVERS\rdbss.sys
F7775000 - \SystemRoot\System32\DRIVERS\mrxsmb.sys
FC135000 - \SystemRoot\System32\Drivers\Fips.SYS
FC125000 - \SystemRoot\System32\DRIVERS\avipbb.sys
FC859000 - \SystemRoot\System32\Drivers\Aavmker4.SYS
FC105000 - \SystemRoot\System32\Drivers\Cdfs.SYS
F7737000 - \SystemRoot\System32\Drivers\dump_atapi.sys
FCA85000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS
BF800000 - \??\C:\WINDOWS\system32\win32k.sys
F7FF2000 - \??\C:\WINDOWS\system32\watchdog.sys
BFF80000 - \SystemRoot\System32\drivers\dxg.sys
FCC6E000 - \SystemRoot\System32\drivers\dxgthk.sys
BF9B8000 - \SystemRoot\System32\i81xdnt5.dll
F75B7000 - \SystemRoot\System32\drivers\afd.sys
F74D9000 - \SystemRoot\System32\Drivers\aswMon2.SYS
F727E000 - \SystemRoot\System32\DRIVERS\mrxdav.sys
FCA75000 - \SystemRoot\System32\Drivers\ParVdm.SYS
FC839000 - \??\C:\WINDOWS\System32\drivers\btserial.sys
F735D000 - \SystemRoot\System32\DRIVERS\secdrv.sys
F709F000 - \SystemRoot\System32\DRIVERS\srv.sys
F6F4B000 - \SystemRoot\system32\drivers\wdmaud.sys
F706F000 - \SystemRoot\system32\drivers\sysaudio.sys
FC8A9000 - \??\C:\WINDOWS\system32\drivers\LVPrcMon.sys
F6FFB000 - \SystemRoot\System32\Drivers\aswRdr.SYS
FC929000 - \SystemRoot\System32\Drivers\ZDPSp50.sys
FC38C000 - \??\C:\WINDOWS\System32\PCANDIS5.SYS
FCC4A000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys
F669A000 - \SystemRoot\system32\drivers\kmixer.sys
Total number of drivers = 128
Liste des programmes installes
ABBYY FineReader 5.0 Sprint
Adobe Flash Player 9 ActiveX
Adobe Shockwave Player
Ahead InCD
Ahead NeroMediaPlayer
Ahead NeroVision Express
AOL France
Audacity 1.2.6
Avira AntiVir PersonalEdition Classic
Barre d'outils MSN
CDex extraction audio
Correctif Windows XP - Article Base de Connaissances 834707
Correctif Windows XP - KB823559
Correctif Windows XP - KB828741
Correctif Windows XP - KB835732
Correctif Windows XP - KB842773
EA.com Update
ESD U10039_00 V2
Gestionnaire Internet
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
J2SE Runtime Environment 5.0 Update 9
Java(TM) 6 Update 3
Le Maître de l'Olympe - Zeus.
Lecteur Windows Media 10
Lexmark X1100 Series
livebox
McAfee Personal Firewall Plus
MediaBar
MFCDLL Shared Library - Retail Version
Micrografx Picture Publisher 7
Microsoft (R) C Runtime Library
Microsoft (R) C++ Runtime Library
Microsoft .NET Framework (French) v1.0.3705
Microsoft .NET Framework (French) v1.0.3705
Microsoft Office 2000 Premium
Mozilla Firefox (2.0.0.9)
MSXML 3.0
MSXML4 Parser
Nero - Burning Rom
Package du correctif Windows XP [voir Q329115 pour plus de détails]
Programme de gestion Camera de Logitech®
Réussir ses CV et Lettres de Motivation
Sagem Wi-Fi 11g USB adapter (driver)
Sagem Wi-Fi 11g USB adapter (utility)
TextBridge Classic
TRUST MI-4500X WIRELESS OPTICAL MOUSE
Viewpoint Media Player (Remove Only)
WarBreeds
WebFldrs XP
WIDCOMM Bluetooth Software
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format Runtime
Windows XP Hotfix (SP1) [See Q321178 for more information]
Windows XP Hotfix (SP1) [See Q329048 for more information]
Windows XP Hotfix (SP1) [See Q329390 for more information]
Windows XP Hotfix (SP1) [See Q329441 for more information]
Windows XP Hotfix (SP1) [See Q329834 for more information]
Windows XP Hotfix (SP1) Q329170
Windows XP Hotfix (SP1) Q810577
Windows XP Hotfix (SP1) Q810833
Windows XP Hotfix (SP1) Q815021
Windows XP Hotfix (SP1) Q817606
WinRAR archiver
Yahoo! Toolbar
Le volume dans le lecteur C s'appelle HDD
Le numéro de série du volume est 04F0-DE04
Répertoire de C:\Program Files
08/11/2007 20:20 <REP> .
08/11/2007 20:20 <REP> ..
03/12/2006 18:19 <REP> ABBYY FineReader 5.0 Sprint
03/12/2006 18:18 <REP> ABBYY FineReader 6.0
07/09/2004 20:37 <REP> Ahead
05/11/2007 23:24 <REP> Alwil Software
31/03/2007 22:01 <REP> asc
07/11/2007 18:53 <REP> Avira
01/11/2007 21:54 <REP> Bayo
07/09/2004 12:26 <REP> ComPlus Applications
05/11/2007 23:16 <REP> Diablo II
05/11/2007 23:57 <REP> DivX
11/09/2004 09:45 <REP> EACOM
26/10/2007 15:42 <REP> Fichiers communs
01/01/2007 14:44 <REP> Freeciv-2.0.8-gtk2
08/11/2007 19:50 <REP> Google
25/03/2007 15:59 <REP> Ihsv
07/09/2004 12:26 <REP> Internet Explorer
24/10/2007 18:06 <REP> Java
27/09/2006 10:23 <REP> LHSP
07/09/2004 19:19 <REP> McAfee.com
06/10/2006 12:17 <REP> Micro Application
05/02/2005 11:31 <REP> Micrografx
09/09/2004 14:45 <REP> microsoft frontpage
13/08/2007 10:34 <REP> Microsoft Games
09/09/2004 14:46 <REP> Microsoft Office
09/09/2004 14:49 <REP> Microsoft Visual Studio
07/09/2004 12:36 <REP> MouseWare
07/09/2004 12:27 <REP> Movie Maker
08/11/2007 19:59 <REP> Mozilla Firefox
07/09/2004 12:24 <REP> MSN
15/06/2005 14:01 <REP> MSN Apps
07/09/2004 12:24 <REP> MSN Gaming Zone
07/11/2007 14:51 <REP> MSN Messenger
08/01/2007 19:55 <REP> NetMeeting
28/07/2007 14:09 <REP> Network Associates
07/09/2004 12:26 <REP> Outlook Express
02/01/2007 17:44 <REP> RndLabs
29/12/2006 21:45 <REP> SAGEM
29/12/2006 21:45 <REP> SAGEM WiFi manager
29/12/2006 21:41 <REP> Securitoo
07/09/2004 12:25 <REP> Services en ligne
12/01/2007 21:24 <REP> SuperMarioPac
05/02/2005 11:38 <REP> TextBridge Classic
29/12/2006 17:35 <REP> Trust
07/09/2004 19:25 <REP> Viewpoint
08/11/2007 20:24 <REP> Wanadoo
13/02/2007 11:17 <REP> WIDCOMM
06/11/2007 17:37 <REP> Windows Media Player
07/09/2004 12:24 <REP> Windows NT
23/02/2007 14:32 <REP> WinRAR
07/09/2004 12:30 <REP> xerox
04/12/2004 10:59 <REP> Yahoo!
0 fichier(s) 0 octets
53 Rép(s) 8 943 198 208 octets libres
Le volume dans le lecteur C s'appelle HDD
Le numéro de série du volume est 04F0-DE04
Répertoire de C:\Program Files\fichiers communs
26/10/2007 15:42 <REP> .
26/10/2007 15:42 <REP> ..
07/09/2007 22:11 <REP> Adobe
09/08/2007 15:51 <REP> Adobe Systems Shared
07/09/2004 20:37 <REP> Ahead
07/09/2004 19:25 <REP> aolshare
26/10/2007 15:42 <REP> BOONTY Shared
09/09/2004 14:49 <REP> Designer
30/12/2006 11:24 <REP> InstallShield
30/12/2006 10:49 <REP> Java
02/01/2007 12:13 <REP> Logitech
12/09/2007 12:27 <REP> Microsoft Shared
07/09/2004 12:26 <REP> MSSoap
07/09/2004 19:14 <REP> Network Associates
30/05/2005 08:28 <REP> NSV
30/05/2005 08:25 <REP> Nullsoft
07/09/2004 12:19 <REP> ODBC
27/01/2007 17:01 <REP> Real
07/09/2004 12:26 <REP> Services
07/09/2004 12:19 <REP> SpeechEngines
09/09/2004 14:48 <REP> System
0 fichier(s) 0 octets
21 Rép(s) 8 943 194 112 octets libres
Le volume dans le lecteur C s'appelle HDD
Le numéro de série du volume est 04F0-DE04
Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders
07/09/2004 12:35 <REP> .
07/09/2004 12:35 <REP> ..
18/05/2001 16:57 561 209 MSONSEXT.DLL
03/06/1999 13:09 122 937 MSOWS409.DLL
07/03/2001 08:00 127 033 MSOWS40c.DLL
18/03/1999 05:37 593 977 RAGENT.DLL
4 fichier(s) 1 405 156 octets
2 Rép(s) 8 943 194 112 octets libres
c:\Documents and Settings\Fabien\Local Settings\Temp\d2l_Install.exe
c:\Documents and Settings\Jean-François\Bureau\Jean-françois\esd12version98NTXP2000\_ISDEL.EXE
c:\Documents and Settings\Jean-François\Bureau\Jean-françois\esd12version98NTXP2000\SETUP.EXE
c:\Documents and Settings\Muriel\Bureau\msnmsgr.exe
c:\Documents and Settings\Muriel\Bureau\yoann\DiagHelp\catchme.exe
c:\Documents and Settings\Muriel\Bureau\yoann\DiagHelp\diff.exe
c:\Documents and Settings\Muriel\Bureau\yoann\DiagHelp\dumphive.exe
c:\Documents and Settings\Muriel\Bureau\yoann\DiagHelp\FilesInfoCmd.exe
c:\Documents and Settings\Muriel\Bureau\yoann\DiagHelp\find2.exe
c:\Documents and Settings\Muriel\Bureau\yoann\DiagHelp\Fport.exe
c:\Documents and Settings\Muriel\Bureau\yoann\DiagHelp\grep.exe
c:\Documents and Settings\Muriel\Bureau\yoann\DiagHelp\gzip.exe
c:\Documents and Settings\Muriel\Bureau\yoann\DiagHelp\KProcCheck.exe
c:\Documents and Settings\Muriel\Bureau\yoann\DiagHelp\LFiles.exe
c:\Documents and Settings\Muriel\Bureau\yoann\DiagHelp\LISTDLLS.exe
c:\Documents and Settings\Muriel\Bureau\yoann\DiagHelp\md5sums.exe
c:\Documents and Settings\Muriel\Bureau\yoann\DiagHelp\pslist.exe
c:\Documents and Settings\Muriel\Bureau\yoann\DiagHelp\streams.exe
c:\Documents and Settings\Muriel\Bureau\yoann\DiagHelp\swreg.exe
c:\Documents and Settings\Muriel\Bureau\yoann\DiagHelp\tar.exe
c:\Documents and Settings\Muriel\Bureau\yoann\install messenger v.6\Install_Messenger.exe
c:\Documents and Settings\Muriel\Bureau\yoann\reparateur de fichier infecter par des rootkits\SafeBootKeyRepair.exe
c:\Documents and Settings\Muriel\Local Settings\Temp\swreg.exe
c:\Documents and Settings\Muriel\Local Settings\Temp\swxcacls.exe
c:\Documents and Settings\Yoann\Bureau\muriel\Divers\Install_Messenger.exe
c:\Documents and Settings\Yoann\Bureau\muriel\Divers\Ad-Aware SE Personal\Ad-Aware.exe
c:\Documents and Settings\Yoann\Bureau\muriel\Divers\Ad-Aware SE Personal\unregaaw.exe
c:\Documents and Settings\Yoann\Bureau\muriel\Divers\Ad-Aware SE Personal\UNWISE.EXE
c:\Documents and Settings\Yoann\Bureau\muriel\Divers\Ad-Aware SE Personal\Lang\pllangs.exe
c:\Documents and Settings\Yoann\Bureau\muriel\Divers\Ad-Aware SE Personal\Lang\Plugins\Langs\UNWISE.EXE
c:\Documents and Settings\Yoann\Bureau\muriel\dossier muriel\audacity\audacity-win-1.2.6.exe
c:\Documents and Settings\Yoann\Bureau\muriel\dossier muriel\audacity\Audacity\audacity.exe
c:\Documents and Settings\Yoann\Bureau\muriel\dossier muriel\audacity\Audacity\unins000.exe
c:\Documents and Settings\Yoann\Bureau\muriel\dossier muriel\cdex\cdex_170b2_enu_nonunicode.exe
c:\Documents and Settings\Yoann\Bureau\muriel\dossier muriel\cdex\CDex_170b2\CDex.exe
c:\Documents and Settings\Yoann\Bureau\muriel\dossier muriel\cdex\CDex_170b2\uninstall.exe
c:\Documents and Settings\Yoann\Local Settings\Application Data\Mozilla\Firefox\Mozilla Firefox\updates\0\updater.exe
c:\Documents and Settings\Yoann\Local Settings\Application Data\Shareaza\Incomplete\ARSENAL Taste The Power.exe
c:\Documents and Settings\Yoann\Local Settings\Temp\12116.exe
c:\Documents and Settings\Yoann\Local Settings\Temp\6839.exe
c:\Documents and Settings\Yoann\Local Settings\Temp\AutoRun.exe
c:\Documents and Settings\Yoann\Local Settings\Temp\d2l_Install.exe
c:\Documents and Settings\Yoann\Local Settings\Temp\d2l_PlayD2.exe
c:\Documents and Settings\Yoann\Local Settings\Temp\eauninstall.exe
c:\Documents and Settings\Yoann\Local Settings\Temp\EBU33.exe
c:\Documents and Settings\Yoann\Local Settings\Temp\First15.exe
c:\Documents and Settings\Yoann\Local Settings\Temp\i4j23113.exe
c:\Documents and Settings\Yoann\Local Settings\Temp\i4j27128.exe
c:\Documents and Settings\Yoann\Local Settings\Temp\i4j29541.exe
c:\Documents and Settings\Yoann\Local Settings\Temp\i4j61133.exe
c:\Documents and Settings\Yoann\Local Settings\Temp\irsetup.exe
c:\Documents and Settings\Yoann\Local Settings\Temp\msgr0.exe
c:\Documents and Settings\Yoann\Local Settings\Temp\msnsearch.exe
c:\Documents and Settings\Yoann\Local Settings\Temp\SFUninst.exe
c:\Documents and Settings\Yoann\Local Settings\Temp\The Sims 2_uninst.exe
c:\Documents and Settings\Yoann\Local Settings\Temp\VP6Install.exe
c:\Documents and Settings\Yoann\Local Settings\Temp\Répertoire temporaire 1 pour marioforever.zip\MarioForever.exe
c:\Documents and Settings\Yoann\Local Settings\Temp\SLF1CD7.tmp\Fairy_Godmother_Tycoon_Telecharger{259420}.exe
c:\Documents and Settings\Yoann\Local Settings\Temp\SLF5D8F.tmp\Commandos_3_Telecharger(fr_509){32042}.exe
c:\Documents and Settings\Yoann\Local Settings\Temp\SLF5E9D.tmp\Fairy_Godmother_Tycoon_Telecharger{259420}.exe
c:\Documents and Settings\Yoann\Local Settings\Temp\_ISTMP1.DIR\_ISTMP0.DIR\IsUninst.exe
c:\Documents and Settings\Yoann\Local Settings\Temp\~vis0000\rebootnt.exe
c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\avewin32.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll
c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
****** Fin du rapport DiagHelp
Veuillez svp envoyer le fichier C:\upload_moi_YOANN.tar.gz a l'adresse http://upload.malekal.com
---------------------------------------
PS: Je tient a remercier tout particulierement Falkra (meme si je l'ai deja fait ^^) qui ma enormement aider et conseiller afin d'avoir toute les cartes en main contre " l'idossie humaine" créant des virus plus c** les uns que les autres ...
je c'est meme pas comment tu fait pour te reperer la dedans 