Merci pour la rapidité de la réponse. Voila le résultat de l'analyse.
DiagHelp version v1.4 -
http://www.malekal.com
excute le 10.12.2007 à 22:48:17.21
Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
C:\WINDOWS\prefetch\CHCP.COM-18156052.pf -->10.12.2007 22:48:03
C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf -->10.12.2007 22:47:51
C:\WINDOWS\prefetch\ACRORD32INFO.EXE-24548733.pf -->10.12.2007 22:47:05
C:\WINDOWS\prefetch\EXPLORER.EXE-082F38A9.pf -->10.12.2007 22:46:53
C:\WINDOWS\prefetch\VERCLSID.EXE-3667BD89.pf -->10.12.2007 22:45:47
C:\WINDOWS\prefetch\IKERNEL.EXE-078AA887.pf -->10.12.2007 22:45:37
C:\WINDOWS\prefetch\REGSVR32.EXE-25EEFE2F.pf -->10.12.2007 22:45:33
C:\WINDOWS\prefetch\NOTEPAD.EXE-336351A9.pf -->10.12.2007 22:45:32
C:\WINDOWS\prefetch\SET3B.TMP-11D7C9CB.pf -->10.12.2007 22:44:52
C:\WINDOWS\prefetch\RUNDLL32.EXE-15D64103.pf -->10.12.2007 22:44:52
C:\WINDOWS\System32\drivers\aswmon.sys -->06.09.2007 11:05:25
C:\WINDOWS\System32\drivers\aswmon2.sys -->06.09.2007 11:05:10
C:\WINDOWS\System32\drivers\aswRdr.sys -->06.09.2007 11:03:02
C:\WINDOWS\System32\drivers\aswTdi.sys -->06.09.2007 11:02:20
C:\WINDOWS\System32\drivers\aavmker4.sys -->06.09.2007 11:00:53
C:\WINDOWS\System32\drivers\IBM_2374_7JG.MRK -->08.06.2007 22:37:13
C:\WINDOWS\System32\drivers\IBM_2374_7JG_TP.MRK -->08.06.2007 22:06:46
C:\WINDOWS\System32\118290.54 -->10.12.2007 22:01:24
C:\WINDOWS\System32\wpa.dbl -->10.12.2007 21:03:23
C:\WINDOWS\System32\rmoc3260.dll -->24.11.2007 11:30:12
C:\WINDOWS\System32\pndx5032.dll -->24.11.2007 11:29:59
C:\WINDOWS\System32\pndx5016.dll -->24.11.2007 11:29:59
C:\WINDOWS\System32\pncrt.dll -->24.11.2007 11:29:57
C:\WINDOWS\System32\MRT.exe -->02.11.2007 08:12:57
C:\WINDOWS\System32\xpsp3res.dll -->29.10.2007 11:26:53
C:\WINDOWS\System32\PerfStringBackup.INI -->28.10.2007 22:22:55
C:\WINDOWS\System32\perfh009.dat -->28.10.2007 22:22:55
C:\WINDOWS\System32\perfc009.dat -->28.10.2007 22:22:55
C:\WINDOWS\System32\shell32.dll -->26.10.2007 04:36:51
C:\WINDOWS\System32\jupdate-1.6.0_03-b05.log -->23.10.2007 18:34:15
C:\WINDOWS\System32\GDIPFONTCACHEV1.DAT -->22.10.2007 12:50:36
C:\WINDOWS\System32\client.sid -->04.10.2007 22:34:31
C:\WINDOWS\System32\javaws.exe -->24.09.2007 22:31:42
C:\WINDOWS\System32\javacpl.cpl -->24.09.2007 22:31:42
C:\WINDOWS\System32\javaw.exe -->24.09.2007 21:30:30
C:\WINDOWS\System32\java.exe -->24.09.2007 21:30:28
C:\WINDOWS\System32\CONFIG.NT -->14.09.2007 18:19:27
C:\WINDOWS\System32\aswBoot.exe -->06.09.2007 11:09:49
C:\WINDOWS\System32\AvastSS.scr -->06.09.2007 11:00:07
C:\WINDOWS\System32\TZLog.log -->30.08.2007 10:12:37
C:\WINDOWS\System32\wininet.dll -->22.08.2007 14:12:18
C:\WINDOWS\System32\urlmon.dll -->22.08.2007 14:12:18
C:\WINDOWS\WindowsUpdate.log -->10.12.2007 22:20:23
C:\WINDOWS\118294.78 -->10.12.2007 22:01:24
C:\WINDOWS\IBMVPD.INI -->10.12.2007 21:03:19
C:\WINDOWS\0.log -->10.12.2007 21:02:42
C:\WINDOWS\bootstat.dat -->10.12.2007 21:02:38
C:\WINDOWS\SchedLgU.Txt -->08.12.2007 14:06:50
C:\WINDOWS\setupapi.log -->27.11.2007 09:26:05
C:\WINDOWS\wmsetup.log -->24.11.2007 11:23:32
C:\WINDOWS\setupact.log -->22.11.2007 21:09:10
C:\WINDOWS\tsoc.log -->17.11.2007 01:09:00
C:\WINDOWS\tabletoc.log -->17.11.2007 01:09:00
C:\WINDOWS\ocmsn.log -->17.11.2007 01:09:00
C:\WINDOWS\ocgen.log -->17.11.2007 01:09:00
C:\WINDOWS\ntdtcsetup.log -->17.11.2007 01:09:00
C:\WINDOWS\netfxocm.log -->17.11.2007 01:09:00
winlogon.exe
Verified: Signed
svchost.exe
Verified: Signed
ws2_32.dll
Verified: Signed
user32.dll
Verified: Signed
tcpip.sys
Verified: Signed
ndis.sys
Verified: Signed
null.sys
Verified: Signed
ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals -
http://www.sysinternals.com
------------------------------------------------------------------------------
explorer.exe pid: 2020
Command line: C:\WINDOWS\Explorer.EXE
Base Size Version Path
0x5d090000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll
0x76fd0000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
0x77050000 0xc5000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x13420000 0x1a000 11.00.5721.5145 C:\Program Files\Windows Media Player\wmpband.dll
0x7d1e0000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll
0x76b20000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll
0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll
0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll
0x10000000 0x18000 1.00.0000.0001 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll
0x73dd0000 0xfe000 6.02.4131.0000 C:\WINDOWS\system32\MFC42.DLL
0x63000000 0x14000 7.05.0017.0006 C:\WINDOWS\system32\SynTPFcs.dll
0x020e0000 0x10000 8.00.0000.0456 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
0x78130000 0x9b000 8.00.50727.0163 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll
0x02540000 0x1b000 1.04.0007.0000 C:\WINDOWS\system32\dla\tfswshx.dll
0x02560000 0xf000 1.04.0007.0000 C:\WINDOWS\system32\tfswapi.dll
0x02570000 0x3b000 1.04.0007.0000 C:\WINDOWS\system32\dla\tfswcres.dll
0x029b0000 0x4c000 8.00.0000.0000 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.FRA
0x32520000 0x12000 10.00.2609.0000 C:\Program Files\Microsoft Office\Office10\msohev.dll
0x03130000 0x5b000 8.01.0000.0000 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
0x02c80000 0x7000 1.00.0000.0001 C:\Program Files\Adobe\Reader 8.0\Reader\viewerps.dll
0x64f00000 0x12000 4.07.1043.0000 C:\Program Files\Alwil Software\Avast4\ashShell.dll
0x74320000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
0x03640000 0x17000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals -
http://www.sysinternals.com
------------------------------------------------------------------------------
winlogon.exe pid: 772
Command line: winlogon.exe
Base Size Version Path
0x01000000 0x80000 \??\C:\WINDOWS\system32\winlogon.exe
0x5d090000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll
0x74320000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
0x20000000 0x17000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x10000000 0x17000 6.14.0010.4083 C:\WINDOWS\system32\Ati2evxx.dll
0x013a0000 0x3b000 1.07.0018.0005 C:\WINDOWS\system32\WgaLogon.dll
0x76fd0000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
0x77050000 0xc5000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x76080000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
Volume in drive C is IBM_PRELOAD
Volume Serial Number is 9093-7F19
Directory of C:\WINDOWS\system
10.09.1999 12:06 4'672 wowpost.exe
1 File(s) 4'672 bytes
0 Dir(s) 22'781'665'280 bytes free
Volume in drive C is IBM_PRELOAD
Volume Serial Number is 9093-7F19
Directory of C:\WINDOWS\system32
04.08.2004 08:56 6'144 csrss.exe
1 File(s) 6'144 bytes
0 Dir(s) 22'781'665'280 bytes free
Contenu de Downloaded Program Files
Volume in drive C is IBM_PRELOAD
Volume Serial Number is 9093-7F19
Directory of C:\WINDOWS\Downloaded Program Files
28.11.2007 15:25 <DIR> .
28.11.2007 15:25 <DIR> ..
20.02.2003 17:11 65 desktop.ini
29.06.2006 16:11 11'712 egathdrv.sys
29.06.2006 16:11 5'759 egathvxd.vxd
16.05.2007 07:22 399 gp.inf
29.06.2006 16:22 180'224 IbmEgath.dll
29.06.2006 16:13 445 IbmEgath.inf
13.04.2007 14:27 367 LegitCheckControl.inf
01.02.2005 18:51 1'162 NeoterisSetup.INF
28.11.2007 15:25 48'421 NeoterisSetup.log
01.02.2005 18:52 57'344 NeoterisSetup.ocx
01.02.2005 18:51 61'440 NeoterisSetupDll.dll
01.02.2005 18:51 28'672 setupResource_de.dll
01.02.2005 18:51 28'672 setupResource_en.dll
01.02.2005 18:51 28'672 setupResource_fr.dll
01.02.2005 18:51 24'576 setupResource_ja.dll
01.02.2005 18:51 24'576 setupResource_zh.dll
01.02.2005 18:51 24'576 setupResource_zh_cn.dll
03.02.2006 09:47 286'720 VersionManager.dll
03.02.2006 15:37 339 VersionManager.inf
26.05.2005 03:19 291 wuweb.inf
20 File(s) 814'432 bytes
Total Files Listed:
20 File(s) 814'432 bytes
2 Dir(s) 22'781'661'184 bytes free
Recherche de rootkit! (Merci S!Ri)
Recherche d'infections connues
Export des clefs sensibles..
Liste des fichiers en exception sur le pare-feu XP SP2
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Support.com\\Bin\\tgcmd.exe"="C:\\Program Files\\Support.com\\Bin\\tgcmd.exe:*:Disabled:Support.com Scheduler and Command Dispatcher"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"="C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe:*:Enabled:tvprunner"
"C:\\Program Files\\realplay.exe"="C:\\Program Files\\realplay.exe:*:Enabled:RealPlayer"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
Export de la clef SharedTaskScheduler
[SharedTaskScheduler]
exports des policies
REGEDIT4
[system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
Export des clefs sensibles..
Rechercher adresses sensibles dans le fichier HOSTS...
catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-12-10 22:49:37
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden services: 0
hidden files: 0
KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (
http://www.security.org.sg)
Process list by traversal of KiWaitListHead
4 - System
416 - ashMaiSv.exe
444 - skypePM.exe
448 - Ubsshell.exe
720 - TPONSCR.exe
744 - csrss.exe
772 - winlogon.exe
816 - services.exe
828 - lsass.exe
1004 - ibmpmsvc.exe
1032 - Skype.exe
1060 - TpShocks.exe
1068 - ati2evxx.exe
1076 - QCWLICON.EXE
1084 - svchost.exe
1144 - svchost.exe
1236 - cmd.exe
1280 - SynTPLpr.exe
1284 - svchost.exe
1348 - SynTPEnh.exe
1360 - rundll32.exe
1436 - TPHKMGR.exe
1484 - EzEjMnAp.Exe
1492 - AGRSMMSG.exe
1512 - PCRecSA.exe
1540 - ibmmessages.exe
1588 - tfswctrl.exe
1636 - svchost.exe
1644 - QCTRAY.EXE
1768 - ashDisp.exe
1836 - realsched.exe
1860 - notepad.exe
1932 - ashServ.exe
1956 - ati2evxx.exe
1972 - TpScrex.exe
1996 - ctfmon.exe
2020 - explorer.exe
2132 - HiJackThis.exe
2336 - ashWebSv.exe
2796 - snmp.exe
3232 - Xpclient.exe
3316 - alg.exe
3420 - javaw.exe
3600 - firefox.exe
3628 - taskmgr.exe
3732 - thunderbird.exe
Total number of processes = 46
NOTE: Under WinXP, this will not show all processes.
KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (
http://www.security.org.sg)
Driver/Module list by traversal of PsLoadedModuleList
804D7000 - \WINDOWS\system32\ntoskrnl.exe
806EC000 - \WINDOWS\system32\hal.dll
F7C60000 - \WINDOWS\system32\KDCOM.DLL
F7B70000 - \WINDOWS\system32\BOOTVID.dll
F7711000 - ACPI.sys
F7C62000 - \WINDOWS\System32\DRIVERS\WMILIB.SYS
F7700000 - pci.sys
F7760000 - isapnp.sys
F7B74000 - compbatt.sys
F7B78000 - \WINDOWS\System32\DRIVERS\BATTC.SYS
F7D28000 - pciide.sys
F79E0000 - \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
F76E2000 - pcmcia.sys
F7770000 - MountMgr.sys
F76C3000 - ftdisk.sys
F7B7C000 - ACPIEC.sys
F7D29000 - \WINDOWS\System32\DRIVERS\OPRGHDLR.SYS
F79E8000 - PartMgr.sys
F7780000 - Shockprf.sys
F7790000 - VolSnap.sys
F76AB000 - atapi.sys
F77A0000 - disk.sys
F77B0000 - \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
F768B000 - fltmgr.sys
F7679000 - sr.sys
F77C0000 - PxHelp20.sys
F7664000 - drvmcdb.sys
F764D000 - KSecDD.sys
F75C0000 - Ntfs.sys
F7593000 - NDIS.sys
F7578000 - Mup.sys
F77D0000 - agp440.sys
F7980000 - \SystemRoot\System32\DRIVERS\intelppm.sys
F6DF0000 - \SystemRoot\System32\DRIVERS\ati2mtag.sys
F6DDC000 - \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
F7A68000 - \SystemRoot\System32\DRIVERS\usbuhci.sys
F6DB9000 - \SystemRoot\System32\DRIVERS\USBPORT.SYS
F7A70000 - \SystemRoot\System32\DRIVERS\usbehci.sys
F6D9F000 - \SystemRoot\System32\DRIVERS\e1000325.sys
F6D87000 - \SystemRoot\System32\DRIVERS\PCX504.sys
F7990000 - \SystemRoot\System32\DRIVERS\i8042prt.sys
F7A78000 - \SystemRoot\System32\DRIVERS\kbdclass.sys
F6D45000 - \SystemRoot\System32\DRIVERS\SynTP.sys
F7C7E000 - \SystemRoot\System32\DRIVERS\USBD.SYS
F7A80000 - \SystemRoot\System32\DRIVERS\mouclass.sys
F7A88000 - \SystemRoot\System32\DRIVERS\fdc.sys
F79A0000 - \SystemRoot\System32\DRIVERS\serial.sys
F7C28000 - \SystemRoot\System32\DRIVERS\serenum.sys
F6D31000 - \SystemRoot\System32\DRIVERS\parport.sys
F7A90000 - \SystemRoot\System32\DRIVERS\nscirda.sys
F7C2C000 - \SystemRoot\System32\DRIVERS\irenum.sys
F7C34000 - \SystemRoot\System32\DRIVERS\CmBatt.sys
F7A98000 - \SystemRoot\System32\DRIVERS\ibmpmdrv.sys
F79B0000 - \SystemRoot\System32\DRIVERS\imapi.sys
F7C80000 - \SystemRoot\system32\drivers\sscdbhk5.sys
F79C0000 - \SystemRoot\System32\DRIVERS\cdrom.sys
F79D0000 - \SystemRoot\System32\DRIVERS\redbook.sys
F6D0E000 - \SystemRoot\System32\DRIVERS\ks.sys
F6C80000 - \SystemRoot\system32\drivers\smwdm.sys
F6C5C000 - \SystemRoot\system32\drivers\portcls.sys
F7800000 - \SystemRoot\system32\drivers\drmk.sys
F6C44000 - \SystemRoot\system32\drivers\aeaudio.sys
F6B1F000 - \SystemRoot\System32\DRIVERS\AGRSM.sys
F7AA0000 - \SystemRoot\System32\Drivers\Modem.SYS
F7D6B000 - \SystemRoot\System32\DRIVERS\audstub.sys
F7AA8000 - \SystemRoot\System32\DRIVERS\rasirda.sys
F7AB0000 - \SystemRoot\System32\DRIVERS\TDI.SYS
F7810000 - \SystemRoot\System32\DRIVERS\rasl2tp.sys
F7C4C000 - \SystemRoot\System32\DRIVERS\ndistapi.sys
F6AE0000 - \SystemRoot\System32\DRIVERS\ndiswan.sys
F7820000 - \SystemRoot\System32\DRIVERS\raspppoe.sys
F7830000 - \SystemRoot\System32\DRIVERS\raspptp.sys
F6ACF000 - \SystemRoot\System32\DRIVERS\psched.sys
F7840000 - \SystemRoot\System32\DRIVERS\msgpc.sys
F7AC0000 - \SystemRoot\System32\DRIVERS\ptilink.sys
F7AC8000 - \SystemRoot\System32\DRIVERS\raspti.sys
F6A9E000 - \SystemRoot\System32\DRIVERS\rdpdr.sys
F7850000 - \SystemRoot\System32\DRIVERS\termdd.sys
F7C82000 - \SystemRoot\System32\DRIVERS\swenum.sys
F6A45000 - \SystemRoot\System32\DRIVERS\update.sys
F753F000 - \SystemRoot\System32\DRIVERS\mssmbios.sys
F6F0C000 - \SystemRoot\System32\Drivers\NDProxy.SYS
F6EDC000 - \SystemRoot\System32\DRIVERS\usbhub.sys
F7C86000 - \SystemRoot\System32\Drivers\i2omgmt.SYS
F7C18000 - \SystemRoot\System32\DRIVERS\hidusb.sys
F6EAC000 - \SystemRoot\System32\DRIVERS\HIDCLASS.SYS
F7AE8000 - \SystemRoot\System32\DRIVERS\HIDPARSE.SYS
F7C88000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS
F7D93000 - \SystemRoot\System32\Drivers\Null.SYS
F7C8A000 - \SystemRoot\System32\Drivers\Beep.SYS
F7AF8000 - \SystemRoot\system32\drivers\ssrtln.sys
F7B00000 - \SystemRoot\System32\drivers\vga.sys
F7C8C000 - \SystemRoot\System32\Drivers\mnmdd.SYS
F7C8E000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys
F7B08000 - \SystemRoot\System32\Drivers\Msfs.SYS
F7B10000 - \SystemRoot\System32\Drivers\Npfs.SYS
F7C1C000 - \SystemRoot\System32\DRIVERS\rasacd.sys
AAF45000 - \SystemRoot\System32\DRIVERS\ipsec.sys
AAEED000 - \SystemRoot\System32\DRIVERS\tcpip.sys
F6E9C000 - \SystemRoot\System32\Drivers\aswTdi.SYS
AAE25000 - \SystemRoot\System32\DRIVERS\netbt.sys
AAE03000 - \SystemRoot\System32\drivers\afd.sys
F6E8C000 - \SystemRoot\System32\DRIVERS\netbios.sys
F7B18000 - \SystemRoot\System32\drivers\TSMAPIP.SYS
F7B20000 - \SystemRoot\System32\drivers\Tppwr.sys
F7C20000 - \SystemRoot\System32\Drivers\TPHKDRV.SYS
F7B28000 - \SystemRoot\System32\drivers\TDSMAPI.SYS
F7B30000 - \SystemRoot\System32\drivers\Smapint.sys
AADB8000 - \SystemRoot\System32\DRIVERS\rdbss.sys
AAD49000 - \SystemRoot\System32\DRIVERS\mrxsmb.sys
F7E10000 - \SystemRoot\System32\drivers\IBMBLDID.SYS
F7870000 - \SystemRoot\System32\Drivers\Fips.SYS
AAD08000 - \SystemRoot\System32\DRIVERS\ipnat.sys
F7880000 - \SystemRoot\System32\DRIVERS\wanarp.sys
F6B13000 - \SystemRoot\System32\drivers\ANC.SYS
F7B38000 - \SystemRoot\System32\Drivers\Aavmker4.SYS
F6B0F000 - \SystemRoot\System32\DRIVERS\mouhid.sys
AACBD000 - \SystemRoot\System32\Drivers\Fastfat.SYS
AACA5000 - \SystemRoot\System32\Drivers\dump_atapi.sys
F7CA2000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS
BF800000 - \SystemRoot\System32\win32k.sys
F7527000 - \SystemRoot\System32\drivers\Dxapi.sys
F7B68000 - \SystemRoot\System32\watchdog.sys
BF9C3000 - \SystemRoot\System32\drivers\dxg.sys
F7E91000 - \SystemRoot\System32\drivers\dxgthk.sys
BF9D5000 - \SystemRoot\System32\ati2dvag.dll
BFA34000 - \SystemRoot\System32\ati3d1ag.dll
AAE5D000 - \SystemRoot\system32\drivers\drvnddm.sys
F7DE2000 - \SystemRoot\system32\dla\tfsndres.sys
AAB50000 - \SystemRoot\system32\dla\tfsnifs.sys
AAC85000 - \SystemRoot\system32\dla\tfsnopio.sys
F7CD4000 - \SystemRoot\system32\dla\tfsnpool.sys
F7AB8000 - \SystemRoot\system32\dla\tfsnboio.sys
F78C0000 - \SystemRoot\system32\dla\tfsncofs.sys
F7E20000 - \SystemRoot\system32\dla\tfsndrct.sys
AAB10000 - \SystemRoot\system32\dla\tfsnudf.sys
AAAF7000 - \SystemRoot\system32\dla\tfsnudfa.sys
AA9F1000 - \SystemRoot\System32\DRIVERS\irda.sys
AAB38000 - \SystemRoot\System32\DRIVERS\ndisuio.sys
AA89B000 - \SystemRoot\System32\Drivers\aswMon2.SYS
AA6DB000 - \SystemRoot\System32\Drivers\Cdfs.SYS
AA58E000 - \SystemRoot\system32\drivers\wdmaud.sys
F78D0000 - \SystemRoot\system32\drivers\sysaudio.sys
AA123000 - \SystemRoot\System32\DRIVERS\mrxdav.sys
F7CF8000 - \SystemRoot\System32\Drivers\ParVdm.SYS
AA164000 - \SystemRoot\System32\drivers\aspi32.sys
F7CFA000 - \??\C:\WINDOWS\system32\EGATHDRV.SYS
F7D00000 - \??\C:\WINDOWS\system32\drivers\PMEMNT.SYS
AA031000 - \SystemRoot\System32\DRIVERS\srv.sys
F7E84000 - \SystemRoot\System32\Drivers\ShockMgr.SYS
A9F54000 - \SystemRoot\system32\drivers\srntflt.sys
A9A8B000 - \SystemRoot\System32\Drivers\HTTP.sys
A9BC4000 - \SystemRoot\System32\Drivers\aswRdr.SYS
A98C0000 - \SystemRoot\system32\drivers\kmixer.sys
F7E04000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys
Total number of drivers = 155
Liste des programmes installes
Access IBM
Access IBM Cleanup Utility
Access IBM Message Center
Access IBM Tools
Adobe Reader 8.1.1 - Français
ATI Control Panel
ATI Display Driver
ATI HYDRAVISION
avast! Antivirus
Cache Cleaner
GeTax2005
GeTax2006
Google Earth
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB926239)
IBM 32-bit SDK for Java 2, v1.4.1
IBM 32-bit SDK for Java 2, v1.4.1
IBM Access Connections
IBM DLA
IBM Hard Drive Active Protection System
IBM RecordNow!
IBM Themes
IBM ThinkPad Battery MaxiMiser and Power Management Features
IBM ThinkPad Configuration
IBM ThinkPad EasyEject Utility
IBM ThinkPad Keyboard Customizer Utility
IBM ThinkPad Power Management Driver
IBM ThinkPad Presentation Director
IBM ThinkPad UltraNav Driver
IBM ThinkPad UltraNav Wizard
IBM TrackPoint Accessibility Features
IBM Update Connector
Intel(R) PRO Network Adapters and Drivers
InterVideo WinDVD
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Lecteur Windows Media 11
MaxTV
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office XP Professional with FrontPage
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mozilla Firefox (2.0.0.11)
Mozilla Thunderbird (2.0.0.9)
PC-Doctor for Windows
PDFCreator
Picasa 2
RealPlayer
RedEye (remove only)
RegCure 1.5.0.0
Reuters Desktop - Version 2.01
Reuters Trader
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926247)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB943460)
Skype™ 3.2
Sonic Update Manager
ThinkPad FullScreen Magnifier
ThinkPad Software Installer
UBSPay
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Wallpapers
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
Volume in drive C is IBM_PRELOAD
Volume Serial Number is 9093-7F19
Directory of C:\Program Files
10.12.2007 22:45 <DIR> .
10.12.2007 22:45 <DIR> ..
17.06.2007 18:42 <DIR> Adobe
09.06.2007 12:43 <DIR> Alwil Software
08.06.2007 22:06 <DIR> ATI Technologies
24.11.2007 11:30 1'001 autoplaylist.dat
24.11.2007 11:30 <DIR> browserrecord
24.11.2007 11:30 1'026 browserrecord.swf
24.11.2007 11:30 <DIR> CDBurning
24.11.2007 11:30 2'851 cdroms.cfg
24.11.2007 11:30 <DIR> Common Files
20.02.2003 17:09 <DIR> ComPlus Applications
24.11.2007 11:30 <DIR> DataCache
24.11.2007 11:30 719'360 dbghelp.dll
24.11.2007 11:30 <DIR> Devices
04.10.2007 22:33 <DIR> DMV
24.11.2007 11:30 692'224 dtdr3260.dll
24.11.2007 11:30 139'264 DUNZIP32.dll
24.11.2007 11:30 6'656 fixrjb.exe
24.11.2007 11:30 1'209 flvplay.swf
24.11.2007 11:30 568 fpsectbl
24.11.2007 11:29 23'558 freeoffers.ico
24.11.2007 11:30 177 freeoffers.rnx
24.11.2007 11:30 11'444 frw.bmp
17.06.2007 17:51 <DIR> GeTax2005
10.06.2007 16:14 <DIR> GeTax2006
23.08.2007 21:34 <DIR> Google
24.11.2007 11:30 57'762 howto.chm
24.11.2007 11:30 102'400 HXAudioDeviceHook.dll
08.06.2007 22:13 <DIR> IBM
08.06.2007 22:15 <DIR> IBM DLA
08.06.2007 22:15 <DIR> IBM RecordNow!
24.11.2007 11:30 36'352 ierjplug.dll
10.10.2007 14:23 <DIR> Internet Explorer
08.06.2007 22:14 <DIR> InterVideo
23.10.2007 18:34 <DIR> Java
24.11.2007 11:30 480 keys.dat
24.11.2007 11:30 <DIR> lang
24.11.2007 11:51 <DIR> library
08.06.2007 22:06 <DIR> ltmoh
09.06.2007 18:11 <DIR> Messenger
09.06.2007 17:10 <DIR> Microsoft ActiveSync
20.02.2003 17:14 <DIR> microsoft frontpage
09.06.2007 17:10 <DIR> Microsoft Office
24.11.2007 11:30 41'472 mmcdda32.dll
09.06.2007 11:49 <DIR> Movie Maker
10.12.2007 21:16 <DIR> Mozilla Firefox
10.12.2007 21:52 <DIR> Mozilla Thunderbird
20.02.2003 17:09 <DIR> MSN Gaming Zone
27.11.2007 09:26 <DIR> Neoteris
09.06.2007 11:45 <DIR> NetMeeting
24.11.2007 11:30 <DIR> Netscape6
24.11.2007 11:30 669'950 normal.vs
20.02.2003 17:09 <DIR> Online Services
16.06.2007 10:37 <DIR> Outlook Express
08.06.2007 22:19 <DIR> PC-Doctor for Windows
17.06.2007 17:57 <DIR> PDFCreator
29.10.2007 21:55 <DIR> Picasa2
24.11.2007 11:30 60'064 playrlic.html
24.11.2007 11:30 58'280 playrlic.txt
24.11.2007 11:30 <DIR> plugins
24.11.2007 11:30 53'098 presets.rnx
24.11.2007 11:30 <DIR> producer
24.11.2007 11:30 95'816 rdsf3260.dll
24.11.2007 11:29 7'168 realjbox.exe
24.11.2007 11:30 60'064 RealNetworks License.html
24.11.2007 11:30 58'280 RealNetworks License.txt
24.11.2007 11:30 40'154 realplay.chm
24.11.2007 11:29 214'560 realplay.exe
24.11.2007 11:29 682 realplay.exe.manifest
24.11.2007 11:30 16'296 realtfon.fon
24.11.2007 11:30 153'176 RecordingManager.exe
24.11.2007 11:30 685 RecordingManager.exe.manifest
10.06.2007 14:36 <DIR> RedEye
07.08.2007 11:34 <DIR> RegCure
03.10.2007 22:19 <DIR> RegistryFix
15.08.2007 17:17 <DIR> Reuters
24.11.2007 11:30 655'360 rjbres.dll
24.11.2007 11:30 339'968 rjdlg.dll
24.11.2007 11:30 19'456 rjprog.dll
24.11.2007 11:30 65'536 rjwmapln.dll
24.11.2007 11:30 53'248 rpau3260.dll
24.11.2007 11:30 370'296 rpbrowserrecordplugin.dll
24.11.2007 11:30 94'208 rpbrowserrecordupdate.dll
24.11.2007 11:29 9'216 rphelperapp.exe
24.11.2007 11:30 <DIR> rpplugins
24.11.2007 11:30 86'016 rpplugprot.dll
24.11.2007 11:30 63'040 rpshell.dll
24.11.2007 11:30 98'304 rpshellextension.dll
24.11.2007 11:30 43'088 rpshellsearch.dll
24.11.2007 11:30 32'768 rpwa3260.dll
08.06.2007 22:11 <DIR> SBApps
24.11.2007 11:30 <DIR> Setup
10.06.2007 19:38 <DIR> Skype
08.06.2007 22:15 <DIR> Sonic
24.11.2007 11:30 61'495 ssimages.vs
24.11.2007 11:30 71 strs23.dat
24.11.2007 11:30 15 strs26.dat
24.11.2007 11:29 221 subscription.rnx
06.08.2007 12:30 <DIR> Support.com
08.06.2007 21:30 <DIR> Synaptics
24.11.2007 11:30 <DIR> templates
08.06.2007 22:03 <DIR> ThinkPad
24.11.2007 11:30 19'456 tnetdtct.dll
24.11.2007 11:30 57'344 tpasdk.dll
24.11.2007 11:30 81'920 tsasdk.dll
18.08.2007 11:26 <DIR> UBS e-banking
24.11.2007 11:29 17'846 videotest.rm
24.11.2007 11:30 119'808 waiting.avi
10.06.2007 16:37 <DIR> Windows Media Connect 2
10.06.2007 16:39 <DIR> Windows Media Player
09.06.2007 11:44 <DIR> Windows NT
24.11.2007 11:30 14'336 wmdmhelper.dll
20.02.2003 17:14 <DIR> xerox
05.08.2007 17:36 <DIR> Xpoint
54 File(s) 5'629'093 bytes
61 Dir(s) 22'767'407'104 bytes free
Volume in drive C is IBM_PRELOAD
Volume Serial Number is 9093-7F19
Directory of C:\Program Files\common files
24.11.2007 11:30 <DIR> .
24.11.2007 11:30 <DIR> ..
17.06.2007 18:43 <DIR> Adobe
09.06.2007 17:10 <DIR> Designer
10.12.2007 22:45 <DIR> InstallShield
06.08.2007 15:44 <DIR> Java
09.06.2007 17:10 <DIR> Microsoft Shared
20.02.2003 17:10 <DIR> MSSoap
20.02.2003 17:03 <DIR> ODBC
24.11.2007 11:30 <DIR> Real
15.08.2007 17:18 <DIR> Reuters Shared
20.02.2003 17:10 <DIR> Services
10.06.2007 19:38 <DIR> Skype
08.06.2007 22:15 <DIR> Sonic
20.02.2003 17:03 <DIR> SpeechEngines
08.06.2007 22:15 <DIR> SureThing Shared
16.06.2007 10:37 <DIR> System
24.11.2007 11:30 <DIR> xing shared
0 File(s) 0 bytes
18 Dir(s) 22'767'403'008 bytes free
c:\Documents and Settings\user\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr709_fr_FR.exe
c:\Documents and Settings\user\Desktop\HiJackThis.exe
c:\Documents and Settings\user\Desktop\systemupdate301-2007-6-14.exe
c:\Documents and Settings\user\Local Settings\Temp\mun19.exe
c:\Documents and Settings\user\Local Settings\Temp\PicasaCD.exe
c:\Documents and Settings\user\Local Settings\Temp\SkypeSetup.exe
c:\Documents and Settings\user\Local Settings\Temp\Adobe Reader 8\Setup.exe
c:\Documents and Settings\user\Local Settings\Temp\Adobe Reader 8_\Setup.exe
c:\Documents and Settings\user\Local Settings\Temp\_ISTMP1.DIR\_ISTMP0.DIR\ShFolder.Exe
c:\Documents and Settings\user\Local Settings\Temp\_ISTMP2.DIR\_ISTMP0.DIR\ShFolder.Exe
c:\Documents and Settings\user\Local Settings\Temp\_ISTMP3.DIR\_ISTMP0.DIR\ShFolder.Exe
c:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\QFS5UJQ9\picasa2-setup-3732[1].exe
c:\Documents and Settings\user\My Documents\DiagHelp\catchme.exe
c:\Documents and Settings\user\My Documents\DiagHelp\diff.exe
c:\Documents and Settings\user\My Documents\DiagHelp\dumphive.exe
c:\Documents and Settings\user\My Documents\DiagHelp\FilesInfoCmd.exe
c:\Documents and Settings\user\My Documents\DiagHelp\find2.exe
c:\Documents and Settings\user\My Documents\DiagHelp\Fport.exe
c:\Documents and Settings\user\My Documents\DiagHelp\grep.exe
c:\Documents and Settings\user\My Documents\DiagHelp\gzip.exe
c:\Documents and Settings\user\My Documents\DiagHelp\KProcCheck.exe
c:\Documents and Settings\user\My Documents\DiagHelp\LFiles.exe
c:\Documents and Settings\user\My Documents\DiagHelp\LISTDLLS.exe
c:\Documents and Settings\user\My Documents\DiagHelp\md5sums.exe
c:\Documents and Settings\user\My Documents\DiagHelp\pslist.exe
c:\Documents and Settings\user\My Documents\DiagHelp\sigcheck.exe
c:\Documents and Settings\user\My Documents\DiagHelp\streams.exe
c:\Documents and Settings\user\My Documents\DiagHelp\swreg.exe
c:\Documents and Settings\user\My Documents\DiagHelp\tar.exe
c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
****** Fin du rapport DiagHelp
Veuillez svp envoyer le fichier C:\upload_moi_IBM-BED883E44DB.tar.gz a l'adresse
http://upload.malekal.com