voila je pense que c'est bon :
DiagHelp version v1.4 -
http://www.malekal.comexcute le 16/02/2008 à 1:23:47,92
Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
C:\WINDOWS\prefetch\NOTEPAD.EXE-336351A9.pf -->16/02/2008 01:23:29
C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf -->16/02/2008 01:22:30
C:\WINDOWS\prefetch\WLANCFG.EXE-0AC835F2.pf -->16/02/2008 01:15:17
C:\WINDOWS\prefetch\IEXPLORE.EXE-27122324.pf -->16/02/2008 01:14:59
C:\WINDOWS\prefetch\IMAPI.EXE-0BF740A4.pf -->16/02/2008 01:14:52
C:\WINDOWS\prefetch\RUNDLL32.EXE-4A5A9D78.pf -->16/02/2008 01:14:51
C:\WINDOWS\prefetch\RUNDLL32.EXE-451FC2C0.pf -->16/02/2008 00:36:34
C:\WINDOWS\prefetch\WUAUCLT.EXE-399A8E72.pf -->16/02/2008 00:33:50
C:\WINDOWS\prefetch\BTTRAY.EXE-16EEC97F.pf -->16/02/2008 00:33:44
C:\WINDOWS\prefetch\GOOGLETOOLBARNOTIFIER.EXE-3629C61D.pf -->16/02/2008 00:33:41
C:\WINDOWS\System32\drivers\kcom.sys -->10/12/2007 14:53:30
C:\WINDOWS\System32\drivers\iksyssec.sys -->10/12/2007 14:53:28
C:\WINDOWS\System32\drivers\iksysflt.sys -->10/12/2007 14:53:28
C:\WINDOWS\System32\drivers\ikfilesec.sys -->10/12/2007 14:53:28
C:\WINDOWS\System32\drivers\AWRTRD.sys -->07/08/2007 12:58:08
C:\WINDOWS\System32\drivers\NSDriver.sys -->07/08/2007 12:56:58
C:\WINDOWS\System32\drivers\AWRTPD.sys -->11/07/2007 13:37:26
C:\WINDOWS\System32\winfrun32.bin -->16/02/2008 00:08:15
C:\WINDOWS\System32\msole32.exe -->15/02/2008 01:31:54
C:\WINDOWS\System32\ace16win.dll -->15/02/2008 01:31:53
C:\WINDOWS\System32\tmp.txt -->15/02/2008 01:30:27
C:\WINDOWS\System32\tmp.reg -->15/02/2008 01:30:27
C:\WINDOWS\System32\23739fd7caa3bb354ef382f9312f6f78.TMP -->15/02/2008 00:13:11
C:\WINDOWS\System32\afea5f0cb381b53fcc5eeabd4a7e22e0.TMP -->15/02/2008 00:12:18
C:\WINDOWS\System32\23f2df1f0d638cb9b0b2427c22a94919.TMP -->15/02/2008 00:12:18
C:\WINDOWS\System32\MSCOMCTL.OCX -->14/02/2008 21:45:54
C:\WINDOWS\System32\edecddc.dll -->14/02/2008 20:51:01
C:\WINDOWS\System32\ESHOPEE.exe -->13/02/2008 21:04:45
C:\WINDOWS\System32\wml.exe -->13/02/2008 21:04:31
C:\WINDOWS\System32\vxddsk.exe -->13/02/2008 21:04:31
C:\WINDOWS\System32\vhngekay.exe -->13/02/2008 20:49:23
C:\WINDOWS\System32\rxjddnvj.exe.exe -->13/02/2008 20:49:15
C:\WINDOWS\System32\rxjddnvj.exe -->13/02/2008 20:49:15
C:\WINDOWS\System32\cznxauwj.exe -->13/02/2008 20:49:15
C:\WINDOWS\System32\wpa.dbl -->10/02/2008 20:47:33
C:\WINDOWS\System32\VACFix.exe -->08/02/2008 23:55:49
C:\WINDOWS\System32\IEDFix.exe -->08/02/2008 10:37:47
C:\WINDOWS\System32\lsdelete.exe -->14/12/2007 11:32:52
C:\WINDOWS\System32\PerfStringBackup.INI -->31/10/2007 20:07:51
C:\WINDOWS\System32\perfh00C.dat -->31/10/2007 20:07:51
C:\WINDOWS\System32\perfh009.dat -->31/10/2007 20:07:51
C:\WINDOWS\System32\perfc00C.dat -->31/10/2007 20:07:51
C:\WINDOWS\default.htm -->16/02/2008 01:23:34
C:\WINDOWS\6-wlancfg.log -->16/02/2008 01:15:35
C:\WINDOWS\0.log -->16/02/2008 01:14:43
C:\WINDOWS\win.ini -->16/02/2008 01:14:25
C:\WINDOWS\system.ini -->16/02/2008 01:14:25
C:\WINDOWS\wiadebug.log -->16/02/2008 01:13:21
C:\WINDOWS\wiaservc.log -->16/02/2008 01:12:50
C:\WINDOWS\bootstat.dat -->16/02/2008 01:11:27
C:\WINDOWS\SchedLgU.Txt -->16/02/2008 01:10:25
C:\WINDOWS\5-wlancfg.log -->16/02/2008 00:10:44
C:\WINDOWS\setupact.log -->15/02/2008 01:31:08
C:\WINDOWS\setuperr.log -->15/02/2008 01:07:44
C:\WINDOWS\setupapi.log -->15/02/2008 00:51:54
C:\WINDOWS\Sti_Trace.log -->15/02/2008 00:46:27
C:\WINDOWS\aconti.log -->15/02/2008 00:18:35
winlogon.exe
Verified: Signed
svchost.exe
Verified: Signed
ws2_32.dll
Verified: Signed
user32.dll
Verified: Signed
tcpip.sys
Verified: Signed
ndis.sys
Verified: Signed
null.sys
Verified: Signed
ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals -
http://www.sysinternals.com------------------------------------------------------------------------------
explorer.exe pid: 1996
Command line: C:\WINDOWS\Explorer.EXE
Base Size Version Path
0x01000000 0xf8000 6.00.2600.0000 C:\WINDOWS\Explorer.EXE
0x77be0000 0x53000 7.00.2600.0000 C:\WINDOWS\system32\msvcrt.dll
0x77290000 0x63000 6.00.2600.0000 C:\WINDOWS\system32\SHLWAPI.dll
0x77390000 0x802000 6.00.2600.0000 C:\WINDOWS\system32\SHELL32.dll
0x770e0000 0x8b000 3.50.5014.0000 C:\WINDOWS\system32\OLEAUT32.dll
0x75f10000 0xfc000 6.00.2600.0000 C:\WINDOWS\System32\BROWSEUI.dll
0x76960000 0x149000 6.00.2600.0000 C:\WINDOWS\System32\SHDOCVW.dll
0x5b090000 0x34000 6.00.2600.0000 C:\WINDOWS\System32\UxTheme.dll
0x71950000 0xe4000 6.00.2600.0000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
0x77300000 0x8b000 5.82.2600.0000 C:\WINDOWS\system32\comctl32.dll
0x76f80000 0x78000 2001.12.4414.0042 C:\WINDOWS\System32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0042 C:\WINDOWS\System32\COMRes.dll
0x5b950000 0x71000 6.00.2600.0000 C:\WINDOWS\System32\themeui.dll
0x71ca0000 0x1b000 6.00.2600.0000 C:\WINDOWS\System32\actxprxy.dll
0x01300000 0x2c6000 3.01.4000.2435 C:\WINDOWS\System32\msi.dll
0x5ce30000 0x69000 6.00.2600.0000 C:\WINDOWS\System32\shimgvw.dll
0x71e40000 0x1a3000 5.01.3092.0000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13\gdiplus.dll
0x76080000 0x78000 6.00.2600.0000 C:\WINDOWS\system32\urlmon.dll
0x746e0000 0x8f000 6.00.2600.0000 C:\WINDOWS\System32\mlang.dll
0x74780000 0x2ad000 6.00.2600.0000 C:\WINDOWS\System32\mshtml.dll
0x76190000 0x98000 6.00.2600.0000 C:\WINDOWS\system32\WININET.DLL
0x76250000 0x8c000 5.131.2600.0000 C:\WINDOWS\system32\CRYPT32.dll
0x76ac0000 0x15000 3.00.9238.0000 C:\WINDOWS\System32\ATL.DLL
0x76100000 0x8e000 6.00.2600.0000 C:\WINDOWS\System32\shdoclc.dll
0x74630000 0x27000 3.10.0349.0000 C:\WINDOWS\System32\MSLS31.DLL
0x74aa0000 0x43000 6.00.2600.0000 C:\WINDOWS\System32\webcheck.dll
0x74a60000 0x9000 6.00.2600.0000 C:\WINDOWS\System32\BatMeter.dll
0x74a40000 0x7000 6.00.2600.0000 C:\WINDOWS\System32\POWRPROF.dll
0x66900000 0x1b000 1.00.0000.0125 C:\Program Files\McAfee\Common Framework\JrMac.dll
0x636e0000 0x28000 5.05.0000.0050 C:\Program Files\Spyware Doctor\smumhook.dll
0x5a000000 0x1f000 5.05.0000.0001 C:\Program Files\Spyware Doctor\klg.dat
0x723a0000 0x13000 6.00.2600.0000 C:\WINDOWS\System32\browselc.dll
0x14490000 0x14000 13.03.0001.0100 C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
0x75be0000 0x91000 5.06.0000.6626 C:\WINDOWS\System32\JScript.dll
0x73250000 0x75000 5.06.0000.6626 C:\WINDOWS\System32\VBScript.dll
0x76be0000 0x2b000 5.131.2600.0000 C:\WINDOWS\System32\WINTRUST.dll
0x0ffd0000 0x22000 5.01.2518.0000 C:\WINDOWS\System32\rsaenh.dll
0x76340000 0x46000 6.00.2600.0000 C:\WINDOWS\system32\comdlg32.dll
0x1f7b0000 0x31000 3.520.7713.0000 C:\WINDOWS\System32\ODBC32.dll
0x1f850000 0x18000 3.520.7713.0000 C:\WINDOWS\System32\odbcint.dll
0x15c20000 0xc000 8.05.0000.0781 C:\Program Files\McAfee\VirusScan Enterprise\shext.dll
0x03b30000 0x11000 3.00.0001.0912 C:\WINDOWS\System32\btncopy.dll
0x72380000 0x19000 6.00.2600.0000 C:\WINDOWS\System32\mydocs.dll
0x10000000 0x13000 7.05.0001.0036 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals -
http://www.sysinternals.com------------------------------------------------------------------------------
winlogon.exe pid: 756
Command line: winlogon.exe
Base Size Version Path
0x01000000 0x6f000 \??\C:\WINDOWS\system32\winlogon.exe
0x77be0000 0x53000 7.00.2600.0000 C:\WINDOWS\system32\msvcrt.dll
0x76250000 0x8c000 5.131.2600.0000 C:\WINDOWS\system32\CRYPT32.dll
0x76be0000 0x2b000 5.131.2600.0000 C:\WINDOWS\system32\WINTRUST.dll
0x77390000 0x802000 6.00.2600.0000 C:\WINDOWS\system32\SHELL32.dll
0x77290000 0x63000 6.00.2600.0000 C:\WINDOWS\system32\SHLWAPI.dll
0x77300000 0x8b000 5.82.2600.0000 C:\WINDOWS\system32\COMCTL32.dll
0x1f7b0000 0x31000 3.520.7713.0000 C:\WINDOWS\system32\ODBC32.dll
0x76340000 0x46000 6.00.2600.0000 C:\WINDOWS\system32\comdlg32.dll
0x008f0000 0xe4000 6.00.2600.0000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
0x1f850000 0x18000 3.520.7713.0000 C:\WINDOWS\system32\odbcint.dll
0x76b70000 0x1f000 6.00.2600.0000 C:\WINDOWS\system32\SHSVCS.dll
0x5b090000 0x34000 6.00.2600.0000 C:\WINDOWS\system32\uxtheme.dll
0x10000000 0x21000 C:\WINDOWS\System32\edecddc.dll
0x76010000 0x61000 6.00.8972.0000 C:\WINDOWS\system32\MSVCP60.dll
0x76190000 0x98000 6.00.2600.0000 C:\WINDOWS\system32\WININET.dll
0x770e0000 0x8b000 3.50.5014.0000 C:\WINDOWS\system32\OLEAUT32.dll
0x0ffd0000 0x22000 5.01.2518.0000 C:\WINDOWS\System32\rsaenh.dll
0x77000000 0xd4000 2001.12.4414.0042 C:\WINDOWS\system32\COMRes.dll
0x76f80000 0x78000 2001.12.4414.0042 C:\WINDOWS\system32\CLBCATQ.DLL
0x636e0000 0x28000 5.05.0000.0050 C:\Program Files\Spyware Doctor\smumhook.dll
0x5a000000 0x1f000 5.05.0000.0001 C:\Program Files\Spyware Doctor\klg.dat
0x76080000 0x78000 6.00.2600.0000 C:\WINDOWS\system32\urlmon.dll
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 8C5E-6C94
Répertoire de C:\WINDOWS\system
17/02/2004 09:51 1 458 176 SmWizard.exe
1 fichier(s) 1 458 176 octets
0 Rép(s) 46 653 108 224 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 8C5E-6C94
Répertoire de C:\WINDOWS\system32
28/08/2001 13:00 4 096 csrss.exe
1 fichier(s) 4 096 octets
0 Rép(s) 46 653 108 224 octets libres
Contenu de Downloaded Program Files
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 8C5E-6C94
Répertoire de C:\WINDOWS\Downloaded Program Files
15/02/2008 01:47 <REP> .
15/02/2008 01:47 <REP> ..
21/08/2007 14:25 395 ascstubie.inf
23/08/2007 18:21 65 desktop.ini
11/04/2007 14:55 1 292 erma.inf
3 fichier(s) 1 752 octets
Total des fichiers listés :
3 fichier(s) 1 752 octets
2 Rép(s) 46 653 108 224 octets libres
Recherche de rootkit! (Merci S!Ri)
Recherche d'infections connues
Export des clefs sensibles..
Liste des fichiers en exception sur le pare-feu XP SP2
Export de la clef SharedTaskScheduler
[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
exports des policies
REGEDIT4
[system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
Export des clefs sensibles..
Rechercher adresses sensibles dans le fichier HOSTS...
catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-02-16 01:26:15
Windows 5.1.2600 NTFS
detected NTDLL code modification:
ZwClose
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden services: 0
hidden files: 0
KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (
http://www.security.org.sg)
Process list by traversal of KiWaitListHead
4 - System
260 - pctsAuxs.exe
348 - pctsSvc.exe
696 - avgas.exe
708 - UdaterUI.exe
732 - csrss.exe
756 - winlogon.exe
800 - services.exe
812 - lsass.exe
988 - svchost.exe
1012 - svchost.exe
1116 - svchost.exe
1136 - svchost.exe
1236 - GoogleToolbarNo
1292 - BTTray.exe
1320 - pctsTray.exe
1340 - aawservice.exe
1548 - guard.exe
1560 - btwdins.exe
1600 - FrameworkServic
1620 - Mcshield.exe
1680 - VsTskMgr.exe
1836 - nvsvc32.exe
1960 - rxjddnvj.exe
1996 - explorer.exe
2508 - WLANCFG.EXE
3120 - cmd.exe
3792 - wuauclt.exe
4056 - IEXPLORE.EXE
Total number of processes = 29
NOTE: Under WinXP, this will not show all processes.
KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (
http://www.security.org.sg)
Driver/Module list by traversal of PsLoadedModuleList
804D0000 - \WINDOWS\system32\ntoskrnl.exe
806B5000 - \WINDOWS\system32\hal.dll
F8A36000 - \WINDOWS\system32\KDCOM.DLL
F8946000 - \WINDOWS\system32\BOOTVID.dll
F84E9000 - ACPI.sys
F8A38000 - \WINDOWS\System32\DRIVERS\WMILIB.SYS
F8536000 - pci.sys
F8546000 - isapnp.sys
F8AFE000 - pciide.sys
F87B6000 - \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
F8556000 - MountMgr.sys
F84CA000 - ftdisk.sys
F8A3A000 - dmload.sys
F84A6000 - dmio.sys
F87BE000 - PartMgr.sys
F8566000 - VolSnap.sys
F8490000 - atapi.sys
F8576000 - disk.sys
F8586000 - \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
F847E000 - sr.sys
F846A000 - KSecDD.sys
F83E7000 - Ntfs.sys
F83BF000 - NDIS.sys
F83A5000 - Mup.sys
F8279000 - btkrnl.sys
F86A6000 - \SystemRoot\System32\DRIVERS\processr.sys
F80CB000 - \SystemRoot\System32\DRIVERS\nv4_mini.sys
F86B6000 - \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
F86C6000 - \SystemRoot\System32\DRIVERS\cdrom.sys
F86D6000 - \SystemRoot\System32\DRIVERS\redbook.sys
F80AB000 - \SystemRoot\System32\DRIVERS\ks.sys
F86E6000 - \SystemRoot\System32\Drivers\Imapi.SYS
F7F4C000 - \SystemRoot\system32\drivers\cmuda.sys
F7F2B000 - \SystemRoot\system32\drivers\portcls.sys
F86F6000 - \SystemRoot\system32\drivers\drmk.sys
F89DE000 - \SystemRoot\System32\DRIVERS\usbohci.sys
F7F0C000 - \SystemRoot\System32\DRIVERS\USBPORT.SYS
F881E000 - \SystemRoot\System32\DRIVERS\sisnic.sys
F8826000 - \SystemRoot\System32\DRIVERS\fdc.sys
F8706000 - \SystemRoot\System32\DRIVERS\serial.sys
F89E2000 - \SystemRoot\System32\DRIVERS\serenum.sys
F7EF9000 - \SystemRoot\System32\DRIVERS\parport.sys
F89E6000 - \SystemRoot\System32\DRIVERS\gameenum.sys
F882E000 - \SystemRoot\system32\drivers\btaudio.sys
F8B9D000 - \SystemRoot\System32\DRIVERS\audstub.sys
F8716000 - \SystemRoot\System32\DRIVERS\rasl2tp.sys
F89EA000 - \SystemRoot\System32\DRIVERS\ndistapi.sys
F7EE3000 - \SystemRoot\System32\DRIVERS\ndiswan.sys
F8726000 - \SystemRoot\System32\DRIVERS\raspppoe.sys
F8736000 - \SystemRoot\System32\DRIVERS\raspptp.sys
F89EE000 - \SystemRoot\System32\DRIVERS\TDI.SYS
F7ED2000 - \SystemRoot\System32\DRIVERS\psched.sys
F8746000 - \SystemRoot\System32\DRIVERS\msgpc.sys
F883E000 - \SystemRoot\System32\DRIVERS\ptilink.sys
F8846000 - \SystemRoot\System32\DRIVERS\raspti.sys
F7E40000 - \SystemRoot\System32\DRIVERS\btwdndis.sys
F884E000 - \SystemRoot\System32\DRIVERS\btport.sys
F7E13000 - \SystemRoot\System32\DRIVERS\rdpdr.sys
F8756000 - \SystemRoot\System32\DRIVERS\termdd.sys
F8856000 - \SystemRoot\System32\DRIVERS\kbdclass.sys
F885E000 - \SystemRoot\System32\DRIVERS\mouclass.sys
F8BAB000 - \SystemRoot\System32\DRIVERS\swenum.sys
F7DF1000 - \SystemRoot\System32\DRIVERS\update.sys
F8776000 - \SystemRoot\System32\Drivers\NDProxy.SYS
F8786000 - \SystemRoot\System32\DRIVERS\usbhub.sys
F8A5C000 - \SystemRoot\System32\DRIVERS\USBD.SYS
F887E000 - \SystemRoot\System32\DRIVERS\usbccgp.sys
F8886000 - \SystemRoot\System32\DRIVERS\USBSTOR.SYS
F8255000 - \SystemRoot\System32\DRIVERS\hidusb.sys
F8796000 - \SystemRoot\System32\DRIVERS\HIDCLASS.SYS
F888E000 - \SystemRoot\System32\DRIVERS\HIDPARSE.SYS
F6BE6000 - \SystemRoot\System32\Drivers\ov519vid.sys
F87A6000 - \SystemRoot\System32\Drivers\STREAM.SYS
F8896000 - \SystemRoot\System32\Drivers\ov519cmd.sys
F85B6000 - \SystemRoot\system32\drivers\usbaudio.sys
F6B8A000 - \SystemRoot\System32\DRIVERS\PRISMA02.sys
F8251000 - \SystemRoot\System32\DRIVERS\kbdhid.sys
F824D000 - \SystemRoot\System32\DRIVERS\mouhid.sys
F8A62000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS
F8B38000 - \SystemRoot\System32\Drivers\Null.SYS
F8A64000 - \SystemRoot\System32\Drivers\Beep.SYS
F8B39000 - \SystemRoot\System32\DRIVERS\AvgAsCln.sys
F88EE000 - \SystemRoot\System32\drivers\vga.sys
F8A66000 - \SystemRoot\System32\Drivers\mnmdd.SYS
F8A68000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys
F88F6000 - \SystemRoot\System32\Drivers\Msfs.SYS
F88FE000 - \SystemRoot\System32\Drivers\Npfs.SYS
F8245000 - \SystemRoot\System32\DRIVERS\rasacd.sys
F8646000 - \SystemRoot\System32\DRIVERS\ipsec.sys
F630D000 - \SystemRoot\System32\DRIVERS\tcpip.sys
F8656000 - \SystemRoot\system32\drivers\mfetdik.sys
F62E8000 - \SystemRoot\System32\DRIVERS\netbt.sys
F8666000 - \SystemRoot\System32\DRIVERS\netbios.sys
F62C0000 - \SystemRoot\System32\DRIVERS\rdbss.sys
F6234000 - \SystemRoot\System32\DRIVERS\mrxsmb.sys
F8906000 - \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys
F8676000 - \SystemRoot\System32\Drivers\Fips.SYS
F8686000 - \SystemRoot\System32\DRIVERS\wanarp.sys
F8B57000 - \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
F5939000 - \SystemRoot\System32\Drivers\Fastfat.SYS
F5923000 - \SystemRoot\System32\Drivers\dump_atapi.sys
F8AAE000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS
BF800000 - \??\C:\WINDOWS\system32\win32k.sys
F6C2B000 - \??\C:\WINDOWS\system32\watchdog.sys
BFF80000 - \SystemRoot\System32\drivers\dxg.sys
F8C12000 - \SystemRoot\System32\drivers\dxgthk.sys
BF9B8000 - \SystemRoot\System32\nv4_disp.dll
F47B8000 - \SystemRoot\System32\drivers\afd.sys
F4848000 - \SystemRoot\System32\DRIVERS\ndisuio.sys
F3D85000 - \SystemRoot\System32\DRIVERS\mrxdav.sys
F8AC8000 - \SystemRoot\System32\Drivers\ParVdm.SYS
F88DE000 - \??\C:\WINDOWS\System32\drivers\btserial.sys
F3D2B000 - \??\C:\WINDOWS\System32\drivers\btslbcsp.sys
F3C8A000 - \SystemRoot\System32\DRIVERS\srv.sys
F3A96000 - \SystemRoot\system32\drivers\wdmaud.sys
F3B32000 - \SystemRoot\system32\drivers\sysaudio.sys
F377B000 - \SystemRoot\system32\drivers\mfehidk.sys
F620C000 - \SystemRoot\system32\drivers\mfebopk.sys
F3E00000 - \SystemRoot\system32\drivers\mfeapfk.sys
F39DA000 - \SystemRoot\system32\drivers\mfeavfk.sys
F36FB000 - \SystemRoot\System32\Drivers\Cdfs.SYS
F8C1E000 - \??\C:\WINDOWS\System32\Drivers\mchInjDrv.sys
F299C000 - \??\C:\WINDOWS\System32\PCANDIS5.SYS
F27FD000 - \SystemRoot\system32\drivers\kmixer.sys
F8BE9000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys
Total number of drivers = 125
Liste des programmes installes
Ad-Aware 2007
Adobe Flash Player ActiveX
AVG Anti-Spyware 7.5
C-Media WDM Audio Driver
CCleaner (remove only)
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Java(TM) 6 Update 2
LimeWire 4.14.8
McAfee VirusScan Enterprise
Microsoft Word 2000 SR-1
Multimedia Combo Set Driver
NVIDIA Display Driver
Panda TotalScan
Spyware Doctor 5.5
VGA USB Camera
WebFldrs XP
WIDCOMM Bluetooth Software
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 8C5E-6C94
Répertoire de C:\Program Files
16/02/2008 00:05 <REP> .
16/02/2008 00:05 <REP> ..
16/02/2008 00:03 <REP> 3721
16/02/2008 00:05 <REP> Accoona
13/02/2008 21:04 <REP> akl
13/02/2008 21:04 <REP> amsys
15/02/2008 00:02 <REP> CCleaner
23/08/2007 18:19 <REP> ComPlus Applications
06/11/2007 14:37 <REP> Electronic Arts
13/02/2008 21:04 <REP> e-zshopper
14/02/2008 21:30 <REP> Fichiers communs
05/02/2008 20:36 <REP> Google
15/02/2008 00:27 <REP> Grisoft
23/08/2007 18:21 <REP> Internet Explorer
23/08/2007 19:55 <REP> Inventel
23/08/2007 22:54 <REP> Java
14/02/2008 21:30 <REP> Lavasoft
24/08/2007 13:04 <REP> LimeWire
23/08/2007 21:59 <REP> McAfee
23/08/2007 18:31 <REP> Messenger
23/08/2007 18:22 <REP> microsoft frontpage
23/08/2007 19:40 <REP> Microsoft Office
23/08/2007 18:20 <REP> Movie Maker
23/08/2007 18:18 <REP> MSN
23/08/2007 18:18 <REP> MSN Gaming Zone
23/08/2007 22:38 <REP> MSN Messenger
29/08/2007 08:53 <REP> Multimedia Combo Set
23/08/2007 18:19 <REP> NetMeeting
23/08/2007 18:19 <REP> Outlook Express
13/02/2008 21:04 <REP> p2pnetworks
13/02/2008 22:03 <REP> Panda Security
23/08/2007 18:20 <REP> Services en ligne
15/02/2008 23:03 <REP> SpyAway
15/02/2008 01:15 <REP> Spybot - Search & Destroy
15/02/2008 23:34 <REP> Spyware Doctor
06/09/2007 16:55 <REP> WIDCOMM
06/10/2007 14:32 <REP> Windows Media Player
23/08/2007 18:18 <REP> Windows NT
23/08/2007 18:22 <REP> xerox
12/02/2008 19:26 <REP> YesMessenger
0 fichier(s) 0 octets
40 Rép(s) 46 654 013 440 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 8C5E-6C94
Répertoire de C:\Program Files\fichiers communs
14/02/2008 21:30 <REP> .
14/02/2008 21:30 <REP> ..
23/08/2007 21:59 <REP> Cisco Systems
23/08/2007 19:41 <REP> Designer
23/08/2007 19:56 278 528 FDEUnInstaller.exe
15/02/2008 00:27 <REP> InstallShield
23/08/2007 22:52 <REP> Java
23/08/2007 21:58 <REP> McAfee
23/08/2007 22:38 <REP> Microsoft Shared
23/08/2007 18:19 <REP> MSSoap
24/08/2007 01:00 <REP> ODBC
06/10/2007 14:34 <REP> Roxio Shared
23/08/2007 18:19 <REP> Services
24/08/2007 01:00 <REP> SpeechEngines
23/08/2007 18:19 <REP> System
14/02/2008 21:30 <REP> Wise Installation Wizard
1 fichier(s) 278 528 octets
15 Rép(s) 46 654 013 440 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 8C5E-6C94
Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders
23/08/2007 18:31 <REP> .
23/08/2007 18:31 <REP> ..
18/05/2001 16:57 561 209 MSONSEXT.DLL
03/06/1999 13:09 122 937 MSOWS409.DLL
07/03/2001 08:00 127 033 MSOWS40c.DLL
17/03/1999 22:37 593 977 RAGENT.DLL
4 fichier(s) 1 405 156 octets
2 Rép(s) 46 654 013 440 octets libres
c:\Documents and Settings\Administrateur\Bureau\ccsetup204.exe
c:\Documents and Settings\Administrateur\Bureau\Zeb-Restore\ZR_1.0.0.37\Zeb-Restore.exe
c:\Documents and Settings\tef\AutoRun.exe
c:\Documents and Settings\tef\EASetup.exe
c:\Documents and Settings\tef\nfsdemo.exe
c:\Documents and Settings\tef\Application Data\LimeWire\.NetworkShare\LimeWireWin4.16.6.exe
c:\Documents and Settings\tef\Bureau\antivir_workstation_win7u_en_h.exe
c:\Documents and Settings\tef\Bureau\avgas-setup-7.5.1.43.exe
c:\Documents and Settings\tef\Bureau\ccsetup204.exe
c:\Documents and Settings\tef\Bureau\dss.exe
c:\Documents and Settings\tef\Bureau\EClea2_0.exe
c:\Documents and Settings\tef\Bureau\Lavasoft_Adaware2007_fr.exe
c:\Documents and Settings\tef\Bureau\scan.exe.exe
c:\Documents and Settings\tef\Bureau\sdsetup.exe
c:\Documents and Settings\tef\Bureau\SmitfraudFix.exe
c:\Documents and Settings\tef\Bureau\DiagHelp\catchme.exe
c:\Documents and Settings\tef\Bureau\DiagHelp\diff.exe
c:\Documents and Settings\tef\Bureau\DiagHelp\dumphive.exe
c:\Documents and Settings\tef\Bureau\DiagHelp\FilesInfoCmd.exe
c:\Documents and Settings\tef\Bureau\DiagHelp\find2.exe
c:\Documents and Settings\tef\Bureau\DiagHelp\Fport.exe
c:\Documents and Settings\tef\Bureau\DiagHelp\grep.exe
c:\Documents and Settings\tef\Bureau\DiagHelp\gzip.exe
c:\Documents and Settings\tef\Bureau\DiagHelp\KProcCheck.exe
c:\Documents and Settings\tef\Bureau\DiagHelp\LFiles.exe
c:\Documents and Settings\tef\Bureau\DiagHelp\LISTDLLS.exe
c:\Documents and Settings\tef\Bureau\DiagHelp\md5sums.exe
c:\Documents and Settings\tef\Bureau\DiagHelp\pslist.exe
c:\Documents and Settings\tef\Bureau\DiagHelp\sigcheck.exe
c:\Documents and Settings\tef\Bureau\DiagHelp\streams.exe
c:\Documents and Settings\tef\Bureau\DiagHelp\swreg.exe
c:\Documents and Settings\tef\Bureau\DiagHelp\tar.exe
c:\Documents and Settings\tef\Bureau\SmitfraudFix\dumphive.exe
c:\Documents and Settings\tef\Bureau\SmitfraudFix\exit.exe
c:\Documents and Settings\tef\Bureau\SmitfraudFix\GenericRenosFix.exe
c:\Documents and Settings\tef\Bureau\SmitfraudFix\HostsChk.exe
c:\Documents and Settings\tef\Bureau\SmitfraudFix\IEDFix.exe
c:\Documents and Settings\tef\Bureau\SmitfraudFix\Process.exe
c:\Documents and Settings\tef\Bureau\SmitfraudFix\Reboot.exe
c:\Documents and Settings\tef\Bureau\SmitfraudFix\restart.exe
c:\Documents and Settings\tef\Bureau\SmitfraudFix\SmiUpdate.exe
c:\Documents and Settings\tef\Bureau\SmitfraudFix\SrchSTS.exe
c:\Documents and Settings\tef\Bureau\SmitfraudFix\swreg.exe
c:\Documents and Settings\tef\Bureau\SmitfraudFix\swsc.exe
c:\Documents and Settings\tef\Bureau\SmitfraudFix\swxcacls.exe
c:\Documents and Settings\tef\Bureau\SmitfraudFix\unzip.exe
c:\Documents and Settings\tef\Bureau\SmitfraudFix\VACFix.exe
c:\Documents and Settings\tef\Bureau\SmitfraudFix\VCCLSID.exe
c:\Documents and Settings\tef\Bureau\SmitfraudFix\WS2Fix.exe
c:\Documents and Settings\tef\DirectX\DXSETUP.exe
c:\Documents and Settings\tef\Local Settings\Temp\~fephfbq.tmp\md5deep.exe
c:\Documents and Settings\tef\Local Settings\Temp\~fephfbq.tmp\sed.exe
c:\Documents and Settings\tef\Local Settings\Temp\~fephfbq.tmp\swreg.exe
c:\Documents and Settings\tef\Local Settings\Temp\~geasijg.tmp\md5deep.exe
c:\Documents and Settings\tef\Local Settings\Temp\~geasijg.tmp\sed.exe
c:\Documents and Settings\tef\Local Settings\Temp\~geasijg.tmp\swreg.exe
c:\Documents and Settings\tef\Local Settings\Temp\~kiifvrf.tmp\md5deep.exe
c:\Documents and Settings\tef\Local Settings\Temp\~kiifvrf.tmp\sed.exe
c:\Documents and Settings\tef\Local Settings\Temp\~kiifvrf.tmp\swreg.exe
c:\Documents and Settings\tef\Local Settings\Temp\~sknepbl.tmp\md5deep.exe
c:\Documents and Settings\tef\Local Settings\Temp\~sknepbl.tmp\sed.exe
c:\Documents and Settings\tef\Local Settings\Temp\~sknepbl.tmp\swreg.exe
c:\Documents and Settings\tef\Local Settings\Temporary Internet Files\Content.IE5\23EB2LUB\HiJackThis[1].exe
c:\Documents and Settings\tef\Local Settings\Temporary Internet Files\Content.IE5\41M34HIF\HiJackThis[1].exe
c:\Documents and Settings\tef\Local Settings\Temporary Internet Files\Content.IE5\E0TXNFRJ\HiJackThis[1].exe
c:\Documents and Settings\tef\Local Settings\Temporary Internet Files\Content.IE5\Z41TRD0L\bitdefender_internetsecurity_2008_tlr1762[1].exe
c:\Documents and Settings\tef\Support\Need for Speed ProStreet_code.exe
c:\Documents and Settings\tef\Support\Need for Speed ProStreet_uninst.exe
c:\Documents and Settings\All Users\Application Data\Grisoft\AVG Anti-Spyware 7.5\Downloads\help.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll
c:\Documents and Settings\tef\Application Data\Microsoft\IdentityCRL\PROD\ppcrlconfig.dll
****** Fin du rapport DiagHelp