Hello,
Voici le rapport Diaghelp:
DiagHelp version v1.4 -
http://www.malekal.com
excute le mer. 01.01.1997 à 3:31:20.87
Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
C:\WINNT\System32\drivers\SYMEVENT.SYS -->18.10.2007 20:19:00
C:\WINNT\System32\drivers\wstcodec.sys -->17.02.2003 10:14:36
C:\WINNT\System32\drivers\nabtsfec.sys -->17.02.2003 10:14:34
C:\WINNT\System32\drivers\slip.sys -->17.02.2003 10:14:34
C:\WINNT\System32\drivers\ndisip.sys -->17.02.2003 10:14:34
C:\WINNT\System32\drivers\streamip.sys -->17.02.2003 10:14:34
C:\WINNT\System32\drivers\msdv.sys -->17.02.2003 10:14:32
C:\WINNT\System32\FNTCACHE.DAT -->28.10.2007 12:40:40
C:\WINNT\System32\S32EVNT1.DLL -->18.10.2007 20:19:00
C:\WINNT\System32\SYMEVNT.386 -->18.10.2007 20:19:00
C:\WINNT\System32\wmpscheme.xml -->14.10.2007 21:40:28
C:\WINNT\System32\reg.exe -->15.09.2007 01:24:56
C:\WINNT\System32\d3d8caps.dat -->08.05.2006 21:21:40
C:\WINNT\System32\sporder.dll -->08.05.2006 20:13:02
C:\WINNT\System32\PerfStringBackup.INI -->09.04.2006 18:37:46
C:\WINNT\System32\perfh009.dat -->09.04.2006 18:37:46
C:\WINNT\System32\perfc009.dat -->09.04.2006 18:37:46
C:\WINNT\System32\PCRVersion.ini -->02.03.2006 20:17:54
C:\WINNT\System32\qtplugin.log -->22.01.2006 12:06:06
C:\WINNT\System32\CNCU150.DLL -->04.08.2005 05:12:02
C:\WINNT\System32\SOUNDENGINEX.OCX -->26.06.2005 08:59:06
C:\WINNT\System32\CNCL150.DLL -->30.05.2005 11:45:44
C:\WINNT\System32\103.ico -->18.05.2005 08:08:38
C:\WINNT\System32\102.ico -->18.05.2005 08:08:38
C:\WINNT\System32\101.ico -->18.05.2005 08:08:38
C:\WINNT\System32\100.ico -->18.05.2005 08:08:38
C:\WINNT\System32\CNMVS7K.DLL -->06.05.2005 21:00:00
C:\WINNT\System32\CNMLM7K.DLL -->06.05.2005 21:00:00
C:\WINNT\System32\FM20.DLL -->17.03.2005 14:39:58
C:\WINNT\System32\wmvadvd.dll -->04.03.2005 12:11:04
C:\WINNT\System32\vbalColumnTreeView6.ocx -->12.02.2005 15:43:40
C:\WINNT\System32\python23.dll -->08.02.2005 16:23:10
winlogon.exe
Verified: Signed
svchost.exe
Verified: Signed
ws2_32.dll
Verified: Signed
user32.dll
Verified: Signed
tcpip.sys
Verified: Signed
ndis.sys
Verified: Signed
null.sys
Verified: Signed
ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals -
http://www.sysinternals.com
------------------------------------------------------------------------------
Explorer.EXE pid: 888
Command line: C:\WINNT\Explorer.EXE
Base Size Version Path
0x00400000 0x3e000 5.00.3502.5321 C:\WINNT\Explorer.EXE
0x77f80000 0x7a000 5.00.2195.6685 C:\WINNT\system32\ntdll.dll
0x77db0000 0x5d000 5.00.2195.5385 C:\WINNT\system32\ADVAPI32.DLL
0x7c570000 0xb3000 5.00.2195.6794 C:\WINNT\system32\KERNEL32.DLL
0x77d30000 0x6e000 5.00.2195.6802 C:\WINNT\system32\RPCRT4.DLL
0x77f40000 0x39000 5.00.2195.6762 C:\WINNT\system32\GDI32.DLL
0x77e10000 0x5f000 5.00.2195.6799 C:\WINNT\system32\USER32.dll
0x70bd0000 0x64000 6.00.2600.0000 C:\WINNT\system32\SHLWAPI.DLL
0x78000000 0x46000 6.01.9359.0000 C:\WINNT\system32\msvcrt.dll
0x71780000 0x8a000 5.81.4704.1100 C:\WINNT\system32\COMCTL32.DLL
0x732e0000 0x25000 5.00.2195.5308 C:\WINNT\system32\shim.dll
0x23000000 0x56000 5.00.2195.5308 C:\WINNT\AppPatch\AcLayers.DLL
0x782f0000 0x246000 5.00.3502.5436 C:\WINNT\system32\SHELL32.dll
0x77a50000 0xec000 5.00.2195.6810 C:\WINNT\system32\OLE32.DLL
0x775a0000 0x85000 2000.02.3497.0000 C:\WINNT\system32\CLBCATQ.DLL
0x779b0000 0x9b000 2.40.4518.0000 C:\WINNT\system32\OLEAUT32.dll
0x77840000 0x3d000 5.00.2195.4104 C:\WINNT\system32\cscui.dll
0x770c0000 0x23000 5.00.2195.5434 C:\WINNT\system32\CSCDLL.DLL
0x10000000 0x81000 8.00.0008.0032 C:\Program Files\NewDotNet\nncore.dll
0x70200000 0x94000 6.00.2600.0000 C:\WINNT\system32\WININET.dll
0x77440000 0x77000 5.131.2195.4558 C:\WINNT\system32\CRYPT32.dll
0x77430000 0x10000 5.00.2195.4067 C:\WINNT\system32\MSASN1.DLL
0x75030000 0x13000 5.00.2195.4874 C:\WINNT\system32\WS2_32.dll
0x75020000 0x8000 5.00.2134.0001 C:\WINNT\system32\WS2HELP.DLL
0x76620000 0x10000 5.00.2195.3649 C:\WINNT\system32\MPR.dll
0x76930000 0x2b000 5.131.2195.3775 C:\WINNT\system32\WINTRUST.dll
0x77920000 0x23000 5.00.2195.5242 C:\WINNT\system32\IMAGEHLP.dll
0x77880000 0x8d000 5.00.2195.5400 C:\WINNT\system32\SETUPAPI.dll
0x7c0f0000 0x61000 5.00.2195.6794 C:\WINNT\system32\USERENV.DLL
0x702b0000 0x78000 6.00.2600.0000 C:\WINNT\system32\urlmon.dll
0x77820000 0x7000 5.00.2134.0001 C:\WINNT\system32\VERSION.dll
0x759b0000 0x6000 5.00.2134.0001 C:\WINNT\system32\LZ32.DLL
0x770f0000 0x1fd000 2.00.2600.0002 C:\WINNT\system32\MSI.DLL
0x71000000 0x148000 6.00.2600.0000 C:\WINNT\system32\SHDOCVW.DLL
0x71160000 0xfd000 6.00.2600.0000 C:\WINNT\System32\browseui.dll
0x70440000 0x8f000 6.00.2600.0000 C:\WINNT\system32\mlang.dll
0x70c50000 0x2a3000 6.00.2600.0000 C:\WINNT\System32\mshtml.dll
0x774e0000 0x32000 5.00.2195.5438 C:\WINNT\system32\RASAPI32.DLL
0x774c0000 0x11000 5.00.2195.5292 C:\WINNT\system32\RASMAN.DLL
0x77530000 0x22000 5.00.2182.0001 C:\WINNT\system32\TAPI32.DLL
0x77830000 0xe000 5.00.2168.0001 C:\WINNT\system32\RTUTILS.DLL
0x75ab0000 0x5000 5.00.2163.0001 C:\WINNT\system32\sensapi.dll
0x75170000 0x4f000 5.00.2195.5427 C:\WINNT\system32\netapi32.dll
0x77be0000 0xf000 5.00.2195.4587 C:\WINNT\system32\SECUR32.DLL
0x751c0000 0x6000 5.00.2134.0001 C:\WINNT\system32\NETRAP.DLL
0x75150000 0x10000 5.00.2195.4827 C:\WINNT\system32\SAMLIB.DLL
0x77950000 0x2a000 5.00.2195.5400 C:\WINNT\system32\WLDAP32.DLL
0x77980000 0x24000 5.00.2195.5354 C:\WINNT\system32\DNSAPI.DLL
0x75050000 0x8000 5.00.2195.4874 C:\WINNT\system32\WSOCK32.DLL
0x7ca00000 0x22000 5.00.2195.3839 C:\WINNT\system32\rsabase.dll
0x76df0000 0x11000 5.00.3315.4065 C:\WINNT\system32\mydocs.dll
0x76fa0000 0xf000 5.00.2134.0001 C:\WINNT\system32\ntshrui.dll
0x773e0000 0x15000 3.00.9435.0000 C:\WINNT\system32\ATL.DLL
0x71930000 0x88000 6.00.2600.0000 C:\WINNT\System32\shdoclc.dll
0x75ac0000 0x28000 3.10.0337.0000 C:\WINNT\system32\MSLS31.DLL
0x75e60000 0x1a000 5.00.2195.4314 C:\WINNT\system32\IMM32.DLL
0x75160000 0xc000 5.00.2195.5428 C:\WINNT\System32\ntlanman.dll
0x75210000 0x15000 5.00.2195.4874 C:\WINNT\System32\NETUI0.DLL
0x751d0000 0x38000 5.00.2134.0001 C:\WINNT\System32\NETUI1.DLL
0x76f20000 0x75000 5.00.2195.5431 C:\WINNT\system32\NETSHELL.dll
0x70340000 0x41000 6.00.2600.0000 C:\WINNT\System32\webcheck.dll
0x766d0000 0x18000 5.00.2195.4455 C:\WINNT\system32\stobject.dll
0x76740000 0x8000 5.00.3502.5305 C:\WINNT\system32\BATMETER.DLL
0x766f0000 0x7000 5.00.3502.5305 C:\WINNT\system32\POWRPROF.DLL
0x77570000 0x30000 5.00.2161.0001 C:\WINNT\system32\WINMM.DLL
0x681a0000 0x7000 5.00.2134.0001 C:\WINNT\system32\serwvdrv.dll
0x66740000 0x7000 5.00.2134.0001 C:\WINNT\system32\umdmxfrm.dll
0x77560000 0x9000 5.00.2195.3649 C:\WINNT\system32\wdmaud.drv
0x77400000 0x8000 5.00.2134.0001 C:\WINNT\system32\msacm32.drv
0x77410000 0x13000 5.00.2134.0001 C:\WINNT\system32\MSACM32.dll
0x76290000 0x3b000 2000.02.3497.0000 C:\WINNT\System32\es.dll
0x6de80000 0x63000 2000.02.3497.0000 C:\WINNT\System32\TXFAUX.DLL
0x01d20000 0x29000 12.00.0000.0001 C:\Program Files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
0x6e420000 0x6000 5.00.2920.0000 C:\WINNT\system32\INDICDLL.dll
0x679e0000 0x10000 5.00.0000.0001 D:\Program Files\MacOpener\MacName.dll
0x76710000 0x9000 5.00.2134.0001 C:\WINNT\system32\LINKINFO.DLL
0x71f00000 0x4d000 5.00.2178.0001 C:\WINNT\System32\docprop2.dll
0x6a8f0000 0x20000 5.00.2134.0001 C:\WINNT\System32\MSVFW32.DLL
0x74870000 0x16000 5.00.2134.0001 C:\WINNT\System32\AVIFIL32.DLL
0x02850000 0x174000 1.01.0001.0001 C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll
0x029d0000 0x103000 7.10.3077.0000 C:\Program Files\Common Files\Ahead\Lib\MFC71.DLL
0x7c340000 0x56000 7.10.3052.0004 C:\Program Files\Common Files\Ahead\Lib\MSVCR71.dll
0x7c3a0000 0x7b000 7.10.3077.0000 C:\Program Files\Common Files\Ahead\Lib\MSVCP71.dll
0x5d360000 0xe000 7.10.3077.0000 C:\WINNT\system32\MFC71ENU.DLL
0x70020000 0x5000 5.00.2134.0001 C:\WINNT\system32\faxshell.dll
0x719d0000 0x12000 6.00.2600.0000 C:\WINNT\System32\browselc.dll
0x03170000 0xb000 6.00.0000.0878 D:\Program Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
0x325c0000 0x12000 11.00.5510.0000 D:\Program Files\Microsoft Office\OFFICE11\msohev.dll
0x658f0000 0x114000 5.00.2920.0000 C:\WINNT\System32\webvw.dll
0x70510000 0xa000 6.00.2600.0000 C:\WINNT\system32\imgutil.dll
0x703d0000 0x1b000 6.00.2600.0000 C:\WINNT\System32\actxprxy.dll
0x66650000 0x54000 1.325.2195.4506 C:\WINNT\system32\USP10.DLL
ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals -
http://www.sysinternals.com
------------------------------------------------------------------------------
winlogon.exe pid: 184
Command line: winlogon.exe
Base Size Version Path
0x01000000 0x2f000 \??\C:\WINNT\system32\winlogon.exe
0x77f80000 0x7a000 5.00.2195.6685 C:\WINNT\system32\ntdll.dll
0x78000000 0x46000 6.01.9359.0000 C:\WINNT\system32\MSVCRT.dll
0x7c570000 0xb3000 5.00.2195.6794 C:\WINNT\system32\KERNEL32.dll
0x77db0000 0x5d000 5.00.2195.5385 C:\WINNT\system32\ADVAPI32.dll
0x77d30000 0x6e000 5.00.2195.6802 C:\WINNT\system32\RPCRT4.DLL
0x77f40000 0x39000 5.00.2195.6762 C:\WINNT\system32\GDI32.dll
0x77e10000 0x5f000 5.00.2195.6799 C:\WINNT\system32\USER32.dll
0x7c0f0000 0x61000 5.00.2195.6794 C:\WINNT\system32\USERENV.dll
0x769a0000 0x7000 5.00.2195.4509 C:\WINNT\system32\NDdeApi.dll
0x76980000 0x1b000 5.00.2195.3649 C:\WINNT\system32\sfc.dll
0x68010000 0xf1000 5.00.2195.5426 C:\WINNT\system32\sfcfiles.dll
0x77be0000 0xf000 5.00.2195.4587 C:\WINNT\system32\Secur32.dll
0x690f0000 0xb000 5.00.2181.0001 C:\WINNT\system32\PROFMAP.dll
0x75170000 0x4f000 5.00.2195.5427 C:\WINNT\system32\NETAPI32.dll
0x751c0000 0x6000 5.00.2134.0001 C:\WINNT\system32\NETRAP.DLL
0x75150000 0x10000 5.00.2195.4827 C:\WINNT\system32\SAMLIB.DLL
0x75030000 0x13000 5.00.2195.4874 C:\WINNT\system32\WS2_32.DLL
0x75020000 0x8000 5.00.2134.0001 C:\WINNT\system32\WS2HELP.DLL
0x77950000 0x2a000 5.00.2195.5400 C:\WINNT\system32\WLDAP32.DLL
0x77980000 0x24000 5.00.2195.5354 C:\WINNT\system32\DNSAPI.DLL
0x75050000 0x8000 5.00.2195.4874 C:\WINNT\system32\WSOCK32.DLL
0x76b90000 0x54000 5.00.2195.6789 C:\WINNT\system32\msgina.dll
0x782f0000 0x246000 5.00.3502.5436 C:\WINNT\system32\SHELL32.dll
0x70bd0000 0x64000 6.00.2600.0000 C:\WINNT\system32\SHLWAPI.DLL
0x71780000 0x8a000 5.81.4704.1100 C:\WINNT\system32\COMCTL32.DLL
0x65780000 0xc000 5.00.2195.4655 C:\WINNT\system32\WINSTA.dll
0x77570000 0x30000 5.00.2161.0001 C:\WINNT\system32\WINMM.dll
0x681a0000 0x7000 5.00.2134.0001 C:\WINNT\system32\serwvdrv.dll
0x66740000 0x7000 5.00.2134.0001 C:\WINNT\system32\umdmxfrm.dll
0x77880000 0x8d000 5.00.2195.5400 C:\WINNT\system32\setupapi.dll
0x77560000 0x9000 5.00.2195.3649 C:\WINNT\system32\wdmaud.drv
0x76930000 0x2b000 5.131.2195.3775 C:\WINNT\system32\wintrust.dll
0x77440000 0x77000 5.131.2195.4558 C:\WINNT\system32\CRYPT32.dll
0x77430000 0x10000 5.00.2195.4067 C:\WINNT\system32\MSASN1.DLL
0x77920000 0x23000 5.00.2195.5242 C:\WINNT\system32\IMAGEHLP.dll
0x77a50000 0xec000 5.00.2195.6810 C:\WINNT\system32\ole32.dll
0x76a00000 0x5000 5.131.2134.0001 C:\WINNT\system32\mscat32.dll
0x7ca00000 0x23000 5.00.2195.3839 C:\WINNT\system32\rsaenh.dll
0x77820000 0x7000 5.00.2134.0001 C:\WINNT\system32\VERSION.dll
0x759b0000 0x6000 5.00.2134.0001 C:\WINNT\system32\LZ32.DLL
0x770c0000 0x23000 5.00.2195.5434 C:\WINNT\system32\cscdll.dll
0x76920000 0xf000 5.00.2195.5377 C:\WINNT\system32\WlNotify.dll
0x76960000 0x17000 5.00.2134.0001 C:\WINNT\system32\WINSCARD.DLL
0x77800000 0x1e000 5.00.2195.5225 C:\WINNT\system32\WINSPOOL.DRV
0x76620000 0x10000 5.00.2195.3649 C:\WINNT\system32\MPR.DLL
0x77840000 0x3d000 5.00.2195.4104 C:\WINNT\system32\cscui.dll
0x51690000 0xc000 C:\WINNT\system32\NavLogon.dll
0x779b0000 0x9b000 2.40.4518.0000 C:\WINNT\system32\OLEAUT32.DLL
0x775a0000 0x85000 2000.02.3497.0000 C:\WINNT\system32\CLBCATQ.DLL
0x77400000 0x8000 5.00.2134.0001 C:\WINNT\system32\msacm32.drv
0x77410000 0x13000 5.00.2134.0001 C:\WINNT\system32\MSACM32.dll
0x782d0000 0x1e000 5.00.2195.4745 C:\WINNT\system32\msv1_0.dll
Volume in drive C has no label.
Volume Serial Number is 2F33-1EE6
Directory of C:\WINNT\system
23.12.1997 02:23 4'672 wowpost.exe
1 File(s) 4'672 bytes
0 Dir(s) 594'075'648 bytes free
Volume in drive C has no label.
Volume Serial Number is 2F33-1EE6
Directory of C:\WINNT\system32
22.07.2002 12:05 5'392 CSRSS.EXE
1 File(s) 5'392 bytes
0 Dir(s) 594'075'648 bytes free
Contenu de Downloaded Program Files
Volume in drive C has no label.
Volume Serial Number is 2F33-1EE6
Directory of C:\WINNT\Downloaded Program Files
14.12.2001 22:44 <DIR> .
14.12.2001 22:44 <DIR> ..
18.11.2003 20:08 65 desktop.ini
14.10.1997 18:52 697 DirectAnimation Java Classes.osd
20.01.2000 15:25 1'162 Microsoft XML Parser for Java.osd
02.03.2001 13:43 2'132 wmv8ax.inf
08.12.2003 13:58 3'759 swflash.inf
01.05.2000 19:06 1'988 wmvax.inf
30.06.2003 22:41 1'689 WMV9VCM.inf
23.03.2007 12:17 1'292 erma.inf
04.03.2005 12:11 2'371 wmvadvd.inf
9 File(s) 15'155 bytes
Total Files Listed:
9 File(s) 15'155 bytes
2 Dir(s) 594'075'648 bytes free
Recherche de rootkit! (Merci S!Ri)
Recherche d'infections connues
Export des clefs sensibles..
Liste des fichiers en exception sur le pare-feu XP SP2
Export de la clef SharedTaskScheduler
[SharedTaskScheduler]
exports des policies
REGEDIT4
[system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
Export des clefs sensibles..
Rechercher adresses sensibles dans le fichier HOSTS...
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 1997-01-01 03:32:38
Windows 5.0.2195 Service Pack 3 FAT NTAPI
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden services: 0
hidden files: 0
KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (
http://www.security.org.sg)
Process list by traversal of KiWaitInListHead and KiWaitOutListHead
8 - System
132 - smss.exe
164 - csrss.exe
184 - winlogon.exe
212 - services.exe
224 - lsass.exe
404 - svchost.exe
428 - spoolsv.exe
456 - DefWatch.exe
476 - svchost.exe
500 - FormatM.exe
536 - nnrun.exe
608 - Rtvscan.exe
624 - nnrun.exe
656 - regsvc.exe
668 - MSTask.exe
696 - slserv.exe
724 - stisvc.exe
784 - WinMgmt.exe
812 - mspmspsv.exe
836 - svchost.exe
872 - qttask.exe
888 - Explorer.EXE
928 - NOTEPAD.EXE
976 - sprtcmd.exe
1040 - RealPlay.exe
1048 - HiJackThis.exe
1208 - OpwareSE2.exe
1248 - vptray.exe
1256 - internat.exe
1280 - MacName.exe
1324 - acrotray.exe
1388 - OUTLOOK.EXE
1396 - svchost.exe
1416 - iexplore.exe
1552 - OctoshapeClient
1608 - WINWORD.EXE
1664 - cmd.exe
Total number of processes = 38
KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (
http://www.security.org.sg)
Driver/Module list by traversal of PsLoadedModuleList
80400000 - \WINNT\System32\ntoskrnl.exe
80062000 - \WINNT\System32\hal.dll
F4010000 - \WINNT\System32\BOOTVID.DLL
F3C00000 - pci.sys
F3C10000 - isapnp.sys
F4100000 - intelide.sys
F3E80000 - \WINNT\System32\DRIVERS\PCIIDEX.SYS
F3E88000 - MountMgr.sys
BFFE3000 - ftdisk.sys
F4102000 - Diskperf.sys
F41C8000 - \WINNT\System32\Drivers\WMILIB.SYS
F4104000 - dmload.sys
BFFC1000 - dmio.sys
F4014000 - PartMgr.sys
BFFAB000 - atapi.sys
F4018000 - amsint.sys
BFF99000 - \WINNT\System32\DRIVERS\SCSIPORT.SYS
BFF6C000 - MacOpen.sys
F3E90000 - disk.sys
F3C20000 - \WINNT\System32\DRIVERS\CLASSPNP.SYS
BFF49000 - Fastfat.sys
BFF37000 - KSecDD.sys
BFF0E000 - NDIS.sys
BFEF8000 - Mup.sys
F3E98000 - agp440.sys
F41CA000 - \SystemRoot\System32\DRIVERS\audstub.sys
F4108000 - \SystemRoot\System32\Drivers\RootMdm.sys
F3EB0000 - \SystemRoot\System32\Drivers\Modem.SYS
F3C50000 - \SystemRoot\System32\DRIVERS\rasl2tp.sys
F4074000 - \SystemRoot\System32\DRIVERS\ndistapi.sys
BFEC1000 - \SystemRoot\System32\DRIVERS\ndiswan.sys
F4084000 - \SystemRoot\System32\DRIVERS\TDI.SYS
F3C60000 - \SystemRoot\System32\DRIVERS\raspptp.sys
F3ED0000 - \SystemRoot\System32\DRIVERS\ptilink.sys
F3EE0000 - \SystemRoot\System32\DRIVERS\raspti.sys
F3C70000 - \SystemRoot\System32\DRIVERS\parallel.sys
F3C80000 - \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
BFEAF000 - \SystemRoot\System32\DRIVERS\atimpab.sys
F408C000 - \SystemRoot\System32\DRIVERS\gameenum.sys
BFE48000 - \SystemRoot\system32\drivers\KS.SYS
BFE68000 - \SystemRoot\system32\drivers\portcls.sys
BFE8D000 - \SystemRoot\system32\drivers\ctlsb16.sys
F3C90000 - \SystemRoot\System32\Drivers\Cdr4_2K.SYS
F3F18000 - \SystemRoot\System32\DRIVERS\cdrom.sys
F3F28000 - \SystemRoot\System32\Drivers\Cdralw2k.SYS
F3F48000 - \SystemRoot\System32\DRIVERS\USBD.SYS
F3F38000 - \SystemRoot\System32\DRIVERS\uhcd.sys
F41CB000 - \SystemRoot\System32\DRIVERS\swenum.sys
BFE25000 - \SystemRoot\System32\DRIVERS\update.sys
F3CA0000 - \SystemRoot\System32\DRIVERS\i8042prt.sys
F3F58000 - \SystemRoot\System32\DRIVERS\kbdclass.sys
F3F68000 - \SystemRoot\System32\DRIVERS\parport.sys
F3CB0000 - \SystemRoot\System32\DRIVERS\serial.sys
F40A4000 - \SystemRoot\System32\DRIVERS\serenum.sys
F3F80000 - \SystemRoot\System32\DRIVERS\fdc.sys
F3F90000 - \SystemRoot\System32\DRIVERS\mouclass.sys
F3CC0000 - \SystemRoot\System32\Drivers\NDProxy.SYS
F3CE0000 - \SystemRoot\System32\DRIVERS\usbhub.sys
F3FA8000 - \SystemRoot\System32\DRIVERS\flpydisk.sys
F3FB8000 - \SystemRoot\system32\DRIVERS\RNDISMPK.SYS
F40BC000 - \SystemRoot\system32\DRIVERS\usb8023k.sys
F4112000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS
F41CE000 - \SystemRoot\System32\Drivers\Null.SYS
F41CF000 - \SystemRoot\System32\Drivers\Beep.SYS
F40CC000 - \SystemRoot\System32\drivers\vga.sys
F41D0000 - \SystemRoot\System32\Drivers\mnmdd.SYS
F3FD8000 - \SystemRoot\System32\Drivers\Msfs.SYS
F3CF0000 - \SystemRoot\System32\Drivers\Npfs.SYS
F411A000 - \SystemRoot\System32\DRIVERS\rasacd.sys
BFD6C000 - \SystemRoot\System32\DRIVERS\tcpip.sys
F3D00000 - \SystemRoot\System32\DRIVERS\msgpc.sys
BFD47000 - \SystemRoot\System32\DRIVERS\netbt.sys
F3D10000 - \SystemRoot\System32\DRIVERS\netbios.sys
BFD25000 - \SystemRoot\System32\DRIVERS\rdbss.sys
BFCB5000 - \SystemRoot\System32\DRIVERS\mrxsmb.sys
F4000000 - \SystemRoot\System32\DRIVERS\wanarp.sys
BFC0A000 - \SystemRoot\System32\Drivers\Ntfs.SYS
F3EA0000 - \SystemRoot\System32\Drivers\EFS.SYS
F41D1000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS
BFBF4000 - \SystemRoot\System32\Drivers\dump_atapi.sys
A0000000 - \??\C:\WINNT\system32\win32k.sys
BFBD3000 - \SystemRoot\System32\atidrab.dll
BF275000 - \SystemRoot\System32\drivers\afd.sys
F413C000 - \SystemRoot\System32\Drivers\ParVdm.SYS
F413E000 - \SystemRoot\System32\Drivers\ASCTRM.SYS
BF2DF000 - \SystemRoot\System32\Drivers\ASPI32.SYS
BF38B000 - \SystemRoot\System32\Drivers\Fips.SYS
BF172000 - \SystemRoot\system32\drivers\wdmaud.sys
BF36B000 - \SystemRoot\system32\drivers\sysaudio.sys
BF10E000 - \SystemRoot\System32\DRIVERS\srv.sys
BF0FD000 - \??\C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPEL.SYS
BF058000 - \SystemRoot\System32\Drivers\Udfs.SYS
BEF58000 - \SystemRoot\System32\DRIVERS\ipsec.sys
BEC3F000 - \??\C:\Program Files\Symantec\SYMEVENT.SYS
BEC01000 - \??\C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAP.sys
BEB2F000 - \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20071116.009\NAVEX15.sys
BEB1C000 - \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20071116.009\NAVENG.sys
BECF8000 - \SystemRoot\System32\Drivers\Cdfs.SYS
BE55A000 - \SystemRoot\system32\drivers\kmixer.sys
F41D2000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys
Total number of drivers = 100
Volume in drive C has no label.
Volume Serial Number is 2F33-1EE6
Directory of C:\Program Files
14.12.2001 23:31 <DIR> .
14.12.2001 23:31 <DIR> ..
14.12.2001 23:43 <DIR> Accessories
14.12.2001 23:12 <DIR> ADAPTEC
14.04.2006 15:19 <DIR> Ahead
18.07.2003 12:40 851'879 appl.zip
22.01.2006 12:03 <DIR> ArcSoft
27.10.2002 15:31 162'041 cal20.zip
24.12.2006 13:18 <DIR> Canon
10.09.2005 12:53 <DIR> CCleaner
19.02.2002 21:30 1'968'128 cinstall.exe
11.08.2004 17:41 <DIR> Classic PhoneTools
14.12.2001 23:31 <DIR> Common Files
14.12.2001 22:42 <DIR> ComPlus Applications
27.10.2003 20:18 440 config.prop
11.02.2002 20:10 <DIR> directx
19.02.2002 21:16 77'943 DxDiag.lnk
13.05.2005 20:15 <DIR> epson
19.02.2002 21:32 <DIR> Geneva Casino
19.02.2002 21:20 77'943 Geneva Casino.exe
06.10.2002 13:44 <DIR> GoBluewin
28.10.2005 12:46 <DIR> Google
05.03.2003 20:01 <DIR> GrandVirtual
27.10.2002 15:31 446'245 iaik.jar
27.10.2002 15:31 14 ilfrench.prop
03.06.2002 19:32 <DIR> Infogrames
09.04.2003 21:07 997'888 installTarot.exe
14.12.2001 22:43 <DIR> Internet Explorer
27.10.2002 15:31 <DIR> jre
27.10.2002 15:31 26'804 lax.jar
09.11.2007 02:34 <DIR> MalwareBurn 7.2
15.12.2001 00:07 <DIR> McAfee
24.09.2007 21:52 <DIR> Micro Application
14.12.2001 22:49 <DIR> microsoft frontpage
15.12.2001 09:00 <DIR> Microsoft Office
09.04.2006 17:02 <DIR> Microsoft.NET
05.03.2003 20:00 107'495 monstercasino.exe
01.01.1997 02:18 <DIR> Navilog1
18.07.2003 12:40 35'644 net.zip
14.12.2001 22:43 <DIR> NetMeeting
22.01.2006 12:06 <DIR> Nikon
08.11.2007 03:14 <DIR> Octoshape Streaming Services
01.01.1997 02:02 <DIR> Online TV Player 4
14.12.2001 22:43 <DIR> Outlook Express
27.10.2002 15:51 <DIR> PayMaker
02.03.2006 20:14 <DIR> PCRescue3.0
15.06.2002 07:33 <DIR> Polaroid
27.10.2002 15:31 26'972 print.zip
27.05.2006 12:51 <DIR> PySol Solitaire
22.01.2006 12:05 <DIR> QuickTime
01.01.2002 11:14 <DIR> Real
08.05.2006 19:54 <DIR> ReflexiveArcade
18.07.2003 12:40 214'024 rsc.zip
24.12.2006 13:28 <DIR> ScanSoft
09.11.2007 01:50 <DIR> SopCast
14.10.2007 18:10 <DIR> Sunrise
16.04.2003 19:59 148'936 swing.zip
27.10.2002 15:31 2'420'388 swingall.jar
18.11.2003 18:56 <DIR> Symantec
18.10.2007 20:20 <DIR> Symantec_Client_Security
27.05.2006 12:57 <DIR> Ultimate Cribbage
27.10.2002 15:31 39'274 update.zip
27.10.2003 20:17 <DIR> updTMP
27.10.2003 20:17 <DIR> updUPD
27.10.2002 15:31 5'849 util.zip
18.07.2003 12:40 76 version.prop
27.10.2002 15:33 <DIR> Viewer
14.12.2001 22:43 <DIR> Windows Media Player
14.12.2001 23:43 <DIR> Windows NT
19.04.2006 12:02 <DIR> X-Setup Pro
13.10.2004 21:39 <DIR> Yahoo!
27.10.2002 15:31 321'536 yellownetJavaEdition.exe
27.10.2002 15:32 2'238 yellownetJavaEdition.ico
27.10.2002 15:31 3'795 yellownetJavaEdition.lax
05.11.2007 20:24 <DIR> YesMessenger
22 File(s) 7'935'552 bytes
53 Dir(s) 594'755'584 bytes free
Volume in drive C has no label.
Volume Serial Number is 2F33-1EE6
Directory of C:\Program Files\common files
14.12.2001 23:31 <DIR> .
14.12.2001 23:31 <DIR> ..
14.12.2001 23:31 <DIR> Microsoft Shared
14.12.2001 23:31 <DIR> ODBC
14.12.2001 22:43 <DIR> System
14.12.2001 22:43 <DIR> Services
15.12.2001 00:02 <DIR> Adobe
15.12.2001 09:03 <DIR> Designer
15.12.2001 09:24 <DIR> InstallShield
01.01.2002 11:14 <DIR> Real
09.02.2003 09:15 <DIR> Vbox
09.03.2004 22:58 <DIR> Adobe Systems Shared
29.10.2005 11:00 <DIR> C-CHANNEL
22.01.2006 12:09 <DIR> Nikon
14.04.2006 15:25 <DIR> Nero
19.04.2006 12:15 <DIR> Ahead
24.12.2006 13:28 <DIR> ScanSoft Shared
14.10.2007 16:55 <DIR> SupportSoft
14.10.2007 18:09 <DIR> Wise Installation Wizard
18.10.2007 20:20 <DIR> Symantec Shared
0 File(s) 0 bytes
20 Dir(s) 594'882'560 bytes free
Volume in drive C has no label.
Volume Serial Number is 2F33-1EE6
Directory of C:\
c:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\SXS36XKN\Windows2000-KB823980-x86-ENU[1].exe
c:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\SXS36XKN\Windows2000-KB823980-x86-ENU[10].exe
c:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\SXS36XKN\Windows2000-KB823980-x86-ENU[11].exe
c:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\SXS36XKN\Windows2000-KB823980-x86-ENU[12].exe
c:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\SXS36XKN\Windows2000-KB823980-x86-ENU[13].exe
c:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\SXS36XKN\Windows2000-KB823980-x86-ENU[14].exe
c:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\SXS36XKN\Windows2000-KB823980-x86-ENU[15].exe
c:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\SXS36XKN\Windows2000-KB823980-x86-ENU[16].exe
c:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\SXS36XKN\Windows2000-KB823980-x86-ENU[17].exe
c:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\SXS36XKN\Windows2000-KB823980-x86-ENU[18].exe
c:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\SXS36XKN\Windows2000-KB823980-x86-ENU[19].exe
c:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\SXS36XKN\Windows2000-KB823980-x86-ENU[2].exe
c:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\SXS36XKN\Windows2000-KB823980-x86-ENU[20].exe
c:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\SXS36XKN\Windows2000-KB823980-x86-ENU[21].exe
c:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\SXS36XKN\Windows2000-KB823980-x86-ENU[22].exe
c:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\SXS36XKN\Windows2000-KB823980-x86-ENU[23].exe
c:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\SXS36XKN\Windows2000-KB823980-x86-ENU[24].exe
c:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\SXS36XKN\Windows2000-KB823980-x86-ENU[25].exe
c:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\SXS36XKN\Windows2000-KB823980-x86-ENU[26].exe
c:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\SXS36XKN\Windows2000-KB823980-x86-ENU[27].exe
c:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\SXS36XKN\Windows2000-KB823980-x86-ENU[28].exe
c:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\SXS36XKN\Windows2000-KB823980-x86-ENU[29].exe
c:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\SXS36XKN\Windows2000-KB823980-x86-ENU[3].exe
c:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\SXS36XKN\Windows2000-KB823980-x86-ENU[30].exe
c:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\SXS36XKN\Windows2000-KB823980-x86-ENU[4].exe
c:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\SXS36XKN\Windows2000-KB823980-x86-ENU[5].exe
c:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\SXS36XKN\Windows2000-KB823980-x86-ENU[6].exe
c:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\SXS36XKN\Windows2000-KB823980-x86-ENU[7].exe
c:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\SXS36XKN\Windows2000-KB823980-x86-ENU[8].exe
c:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\SXS36XKN\Windows2000-KB823980-x86-ENU[9].exe
c:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OLYRG1E3\Navilog1[1].exe
c:\Documents and Settings\Administrator\Desktop\HiJackThis.exe
c:\Documents and Settings\Administrator\Desktop\Navilog1.exe
c:\Documents and Settings\Administrator\Desktop\DiagHelp\catchme.exe
c:\Documents and Settings\Administrator\Desktop\DiagHelp\diff.exe
c:\Documents and Settings\Administrator\Desktop\DiagHelp\dumphive.exe
c:\Documents and Settings\Administrator\Desktop\DiagHelp\FilesInfoCmd.exe
c:\Documents and Settings\Administrator\Desktop\DiagHelp\find2.exe
c:\Documents and Settings\Administrator\Desktop\DiagHelp\Fport.exe
c:\Documents and Settings\Administrator\Desktop\DiagHelp\grep.exe
c:\Documents and Settings\Administrator\Desktop\DiagHelp\gzip.exe
c:\Documents and Settings\Administrator\Desktop\DiagHelp\KProcCheck.exe
c:\Documents and Settings\Administrator\Desktop\DiagHelp\LFiles.exe
c:\Documents and Settings\Administrator\Desktop\DiagHelp\LISTDLLS.exe
c:\Documents and Settings\Administrator\Desktop\DiagHelp\md5sums.exe
c:\Documents and Settings\Administrator\Desktop\DiagHelp\pslist.exe
c:\Documents and Settings\Administrator\Desktop\DiagHelp\sigcheck.exe
c:\Documents and Settings\Administrator\Desktop\DiagHelp\streams.exe
c:\Documents and Settings\Administrator\Desktop\DiagHelp\swreg.exe
c:\Documents and Settings\Administrator\Desktop\DiagHelp\tar.exe
c:\Documents and Settings\Administrator\Desktop\BTFix\BTFix.exe
c:\Documents and Settings\Administrator\Desktop\SmitfraudFix\dumphive.exe
c:\Documents and Settings\Administrator\Desktop\SmitfraudFix\exit.exe
c:\Documents and Settings\Administrator\Desktop\SmitfraudFix\GenericRenosFix.exe
c:\Documents and Settings\Administrator\Desktop\SmitfraudFix\HostsChk.exe
c:\Documents and Settings\Administrator\Desktop\SmitfraudFix\Process.exe
c:\Documents and Settings\Administrator\Desktop\SmitfraudFix\Reboot.exe
c:\Documents and Settings\Administrator\Desktop\SmitfraudFix\restart.exe
c:\Documents and Settings\Administrator\Desktop\SmitfraudFix\SmiUpdate.exe
c:\Documents and Settings\Administrator\Desktop\SmitfraudFix\SrchSTS.exe
c:\Documents and Settings\Administrator\Desktop\SmitfraudFix\swreg.exe
c:\Documents and Settings\Administrator\Desktop\SmitfraudFix\swsc.exe
c:\Documents and Settings\Administrator\Desktop\SmitfraudFix\swxcacls.exe
c:\Documents and Settings\Administrator\Desktop\SmitfraudFix\unzip.exe
c:\Documents and Settings\Administrator\Desktop\SmitfraudFix\VCCLSID.exe
c:\Documents and Settings\Administrator\Desktop\SmitfraudFix\WS2Fix.exe
c:\Documents and Settings\Administrator\Application Data\SopCast\adv\SopAdver.exe
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINNT\Canon MP150 Series Printer\LanguageModules\0409\CNMlr7K.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINNT\Canon MP150 Series Printer\LanguageModules\0409\CNMsr7K.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINNT\Canon MP150 Series Printer\LanguageModules\0409\CNMur7K.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINNT\Canon MP150 Series Printer\LanguageModules\040c\CNMlr7K.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINNT\Canon MP150 Series Printer\LanguageModules\040c\CNMsr7K.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINNT\Canon MP150 Series Printer\LanguageModules\040c\CNMur7K.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINNT\Canon MP150 Series Printer\LanguageModules\0407\CNMlr7K.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINNT\Canon MP150 Series Printer\LanguageModules\0407\CNMsr7K.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINNT\Canon MP150 Series Printer\LanguageModules\0407\CNMur7K.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINNT\Canon MP150 Series Printer\LanguageModules\0410\CNMlr7K.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINNT\Canon MP150 Series Printer\LanguageModules\0410\CNMsr7K.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINNT\Canon MP150 Series Printer\LanguageModules\0410\CNMur7K.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINNT\Canon MP150 Series Printer\LanguageModules\0c0a\CNMlr7K.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINNT\Canon MP150 Series Printer\LanguageModules\0c0a\CNMsr7K.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINNT\Canon MP150 Series Printer\LanguageModules\0c0a\CNMur7K.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINNT\Canon MP150 Series Printer\LanguageModules\0816\CNMlr7K.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINNT\Canon MP150 Series Printer\LanguageModules\0816\CNMsr7K.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINNT\Canon MP150 Series Printer\LanguageModules\0816\CNMur7K.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINNT\Canon MP150 Series Printer\LanguageModules\0415\CNMlr7K.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINNT\Canon MP150 Series Printer\LanguageModules\0415\CNMsr7K.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINNT\Canon MP150 Series Printer\LanguageModules\0415\CNMur7K.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINNT\Canon MP150 Series Printer\LanguageModules\0419\CNMlr7K.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINNT\Canon MP150 Series Printer\LanguageModules\0419\CNMsr7K.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINNT\Canon MP150 Series Printer\LanguageModules\0419\CNMur7K.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINNT\Canon MP150 Series Printer\LanguageModules\0413\CNMlr7K.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINNT\Canon MP150 Series Printer\LanguageModules\0413\CNMsr7K.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINNT\Canon MP150 Series Printer\LanguageModules\0413\CNMur7K.dll
****** Fin du rapport DiagHelp
Veuillez svp envoyer le fichier C:\upload_moi_DIS-LXFJJAA.tar.gz a l'adresse
http://upload.malekal.com
Merci.