Voila (c'est un beau bebe ce rapport)
DiagHelp version v1.4 -
http://www.malekal.comexcute le Mon 03/31/2008 à 20:44:54.76
Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
C:\WINDOWS\prefetch\CHCP.COM-17EDBDC9.pf -->3/31/2008 8:44:40 PM
C:\WINDOWS\prefetch\CMD.EXE-034B0549.pf -->3/31/2008 8:44:37 PM
C:\WINDOWS\prefetch\WINRAR.EXE-0AA31BB9.pf -->3/31/2008 8:43:55 PM
C:\WINDOWS\prefetch\DFRGNTFS.EXE-38C3807C.pf -->3/31/2008 8:26:42 PM
C:\WINDOWS\prefetch\DEFRAG.EXE-2858C7E2.pf -->3/31/2008 8:26:42 PM
C:\WINDOWS\prefetch\Layout.ini -->3/31/2008 8:20:14 PM
C:\WINDOWS\prefetch\XMC33HS2.EXE-05A85500.pf -->3/31/2008 8:00:11 PM
C:\WINDOWS\prefetch\FIREFOX.EXE-0B573C88.pf -->3/31/2008 7:51:55 PM
C:\WINDOWS\prefetch\WINWORD.EXE-33AEA629.pf -->3/31/2008 7:49:15 PM
C:\WINDOWS\prefetch\OUTLOOK.EXE-0CC1C5E5.pf -->3/31/2008 7:49:02 PM
C:\WINDOWS\System32\drivers\ehfooysy.dat -->1/16/2008 7:50:19 PM
C:\WINDOWS\System32\drivers\AWRTRD.sys -->8/7/2007 12:58:08 PM
C:\WINDOWS\System32\drivers\NSDriver.sys -->8/7/2007 12:56:58 PM
C:\WINDOWS\System32\drivers\AWRTPD.sys -->7/11/2007 1:37:26 PM
C:\WINDOWS\System32\drivers\vpnva.sys -->4/23/2007 5:09:58 AM
C:\WINDOWS\System32\drivers\VMM.sys -->2/18/2007 12:15:34 AM
C:\WINDOWS\System32\drivers\VMNetSrv.sys -->1/29/2007 6:20:34 AM
C:\WINDOWS\System32\PerfStringBackup.INI -->3/31/2008 5:12:22 PM
C:\WINDOWS\System32\perfh009.dat -->3/31/2008 5:12:22 PM
C:\WINDOWS\System32\perfc009.dat -->3/31/2008 5:12:22 PM
C:\WINDOWS\System32\nvModes.001 -->3/31/2008 5:08:13 PM
C:\WINDOWS\System32\nvapps.xml -->3/31/2008 5:07:55 PM
C:\WINDOWS\System32\nvModes.dat -->3/31/2008 9:52:05 AM
C:\WINDOWS\System32\wpa.dbl -->3/30/2008 3:55:22 PM
C:\WINDOWS\System32\rmoc3260.dll -->3/26/2008 12:54:15 PM
C:\WINDOWS\System32\pndx5032.dll -->3/26/2008 12:53:58 PM
C:\WINDOWS\System32\pndx5016.dll -->3/26/2008 12:53:58 PM
C:\WINDOWS\System32\pncrt.dll -->3/26/2008 12:53:55 PM
C:\WINDOWS\System32\msvcr71.dll -->3/26/2008 12:53:55 PM
C:\WINDOWS\System32\ssldivx.dll -->2/21/2008 4:05:34 AM
C:\WINDOWS\System32\libdivx.dll -->2/21/2008 4:05:34 AM
C:\WINDOWS\System32\nscompat.tlb -->2/17/2008 9:29:37 PM
C:\WINDOWS\System32\amcompat.tlb -->2/17/2008 9:29:37 PM
C:\WINDOWS\System32\FNTCACHE.DAT -->2/16/2008 8:37:04 PM
C:\WINDOWS\System32\XMc33hs2.exe -->2/5/2008 3:58:25 PM
C:\WINDOWS\System32\MRT.exe -->2/4/2008 4:09:48 PM
C:\WINDOWS\System32\w95inf16.dll -->10/30/2007 9:50:24 PM
C:\WINDOWS\System32\w95inf32.dll -->10/30/2007 9:50:23 PM
C:\WINDOWS\System32\wuaueng.dll -->7/30/2007 7:19:42 PM
C:\WINDOWS\System32\wuapi.dll -->7/30/2007 7:19:36 PM
C:\WINDOWS\System32\wucltui.dll -->7/30/2007 7:19:32 PM
C:\WINDOWS\System32\wuaucpl.cpl.mui -->7/30/2007 7:19:32 PM
C:\WINDOWS\NeroDigital.ini -->3/31/2008 7:25:59 PM
C:\WINDOWS\WindowsUpdate.log -->3/31/2008 5:09:00 PM
C:\WINDOWS\bootstat.dat -->3/31/2008 5:07:29 PM
C:\WINDOWS\SchedLgU.Txt -->3/31/2008 5:04:33 PM
C:\WINDOWS\scode8.cfg -->3/31/2008 10:27:23 AM
C:\WINDOWS\pestpatrol5.INI -->3/28/2008 1:49:05 PM
C:\WINDOWS\GPInstall.exe -->3/28/2008 12:49:53 PM
C:\WINDOWS\QTFont.qfn -->3/26/2008 5:28:18 PM
C:\WINDOWS\err.txt -->2/17/2008 9:29:41 PM
C:\WINDOWS\mozver.dat -->2/14/2008 12:26:20 PM
C:\WINDOWS\win.ini -->2/12/2008 7:07:47 PM
C:\WINDOWS\system.ini -->2/12/2008 7:07:47 PM
C:\WINDOWS\unins000.dat -->2/12/2008 4:02:09 PM
C:\WINDOWS\unins000.exe -->2/12/2008 4:01:26 PM
C:\WINDOWS\msettings.ini -->2/9/2008 8:27:19 PM
winlogon.exe
Verified: Signed
svchost.exe
Verified: Signed
ws2_32.dll
Verified: Signed
user32.dll
Verified: Signed
tcpip.sys
Verified: Signed
ndis.sys
Verified: Signed
null.sys
Verified: Signed
ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals -
http://www.sysinternals.com------------------------------------------------------------------------------
explorer.exe pid: 1072
Command line: C:\WINDOWS\Explorer.EXE
Base Size Version Path
0x76fd0000 0x7f000 2001.12.4414.0258 C:\WINDOWS\system32\CLBCATQ.DLL
0x77050000 0xc5000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x746c0000 0x27000 3.10.0349.0000 C:\WINDOWS\System32\msls31.dll
0x76b20000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x01b10000 0x2c6000 3.01.4000.2435 C:\WINDOWS\system32\msi.dll
0x7c340000 0x56000 7.10.3052.0004 C:\Program Files\Common Files\Ahead\Lib\MSVCR71.dll
0x7c3a0000 0x7b000 7.10.3077.0000 C:\Program Files\Common Files\Ahead\Lib\MSVCP71.dll
0x00dd0000 0xf000 C:\Program Files\Dell\Bluetooth Software\btkeyind.dll
0x00f70000 0x12000 C:\Program Files\Dell\QuickSet\dadkeyb.dll
0x02c90000 0x185000 1.05.0000.0011 C:\PROGRA~1\SPYBOT~1\SDHelper.dll
0x74320000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
0x03d10000 0x17000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x6bf50000 0x7d000 6.04.0009.1125 C:\WINDOWS\system32\dxmasf.dll
0x03d30000 0x4f000 9.00.0000.3250 C:\WINDOWS\system32\DRMClien.DLL
0x040e0000 0x2ca000 3.15.0009.7000 C:\Program Files\Common Files\Ahead\Lib\AdvrCntr2.dll
0x58390000 0x8a000 1.09.0000.0305 C:\WINDOWS\system32\l3codeca.acm
0x10000000 0x14000 2.02.0009.0001 C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll
0x027c0000 0x102000 7.10.3077.0000 C:\Program Files\Nero\Nero 7\Nero BackItUp\MFC71U.DLL
0x016b0000 0x2c000 C:\Program Files\WinRAR\rarext.dll
0x00c80000 0x6000 C:\Program Files\Unlocker\UnlockerCOM.dll
0x026f0000 0x34000 3.02.0000.0000 C:\Program Files\PowerISO\PWRISOSH.DLL
0x00f40000 0x10000 8.00.0000.0456 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
0x78130000 0x9b000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll
0x01af0000 0x15000 493.00.0000.0000 C:\Program Files\Free Download Manager\iefdmcks.dll
0x325c0000 0x12000 11.00.5510.0000 C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll
0x03d80000 0x1b9000 2.00.0000.0008 C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll
0x7c140000 0x103000 7.10.3077.0000 C:\Program Files\Common Files\Ahead\Lib\MFC71.DLL
0x031a0000 0x5b000 8.01.0000.0000 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals -
http://www.sysinternals.com------------------------------------------------------------------------------
winlogon.exe pid: 1456
Command line: winlogon.exe
Base Size Version Path
0x01000000 0x80000 \??\C:\WINDOWS\system32\winlogon.exe
0x74320000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
0x20000000 0x17000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x672c0000 0x6000 11.00.0000.0730 C:\WINDOWS\system32\PCANotify.dll
0x7c000000 0x54000 7.00.9466.0000 C:\WINDOWS\system32\MSVCR70.dll
0x22000000 0x32000 7.01.0004.0004 C:\WINDOWS\system32\LgNotify.dll
0x77050000 0xc5000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x76fd0000 0x7f000 2001.12.4414.0258 C:\WINDOWS\system32\CLBCATQ.DLL
0x76080000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
Volume in drive C has no label.
Volume Serial Number is A0A8-CD2D
Directory of C:\WINDOWS\system
07/17/2002 04:22 PM 4,672 WOWPOST.EXE
1 File(s) 4,672 bytes
0 Dir(s) 6,452,740,096 bytes free
Volume in drive C has no label.
Volume Serial Number is A0A8-CD2D
Directory of C:\WINDOWS\system32
08/04/2004 12:56 AM 6,144 csrss.exe
1 File(s) 6,144 bytes
0 Dir(s) 6,452,740,096 bytes free
Contenu de Downloaded Program Files
Volume in drive C has no label.
Volume Serial Number is A0A8-CD2D
Directory of C:\WINDOWS\Downloaded Program Files
02/07/2008 10:52 AM <DIR> .
02/07/2008 10:52 AM <DIR> ..
10/08/2004 07:46 AM 172,032 CentraDownloader.dll
10/08/2004 07:46 AM 250 CentraDownloader.inf
05/21/2006 06:41 AM 53,520 csagent.dll
05/21/2006 03:49 AM 416 csagent.inf
09/26/2005 06:13 PM 65 desktop.ini
10/14/1997 06:52 PM 697 DirectAnimation Java Classes.osd
10/28/2003 08:51 AM 7,424 DjVuLite.inf
07/25/2002 05:13 PM 24,576 dwusplay.dll
07/25/2002 05:13 PM 196,608 dwusplay.exe
03/23/2007 12:17 PM 1,292 erma.inf
10/14/2004 12:13 PM 1,187,840 ICSScanner.dll
07/29/2004 08:10 AM 416 ICSScanner.inf
10/23/2006 12:14 PM 446 InstallerJava.osd
07/25/2002 05:05 PM 172,032 isusweb.dll
03/14/2007 04:02 AM 1,055 jinstall-6u1.inf
01/20/2000 03:25 PM 1,162 Microsoft XML Parser for Java.osd
06/20/2006 04:44 PM 379,704 MsnPUpld.dll
06/19/2006 03:40 PM 393 MsnPUpld.inf
08/04/2004 01:01 AM 1,561 msrdp.inf
08/03/2004 10:59 PM 656,896 msrdp.ocx
06/20/2006 04:44 PM 117,560 PURen-us.dll
01/09/2007 09:30 AM 110,592 PURfr-fr.dll
01/22/2003 01:05 PM 1,400 SysPro.inf
04/23/2007 05:10 AM 230 vpnweb.inf
06/30/2003 10:41 PM 1,689 WMV9VCM.inf
06/01/2004 03:41 PM 853 yinst.inf
06/01/2004 03:36 PM 141,312 yinsthelper.dll
27 File(s) 3,232,021 bytes
Total Files Listed:
27 File(s) 3,232,021 bytes
2 Dir(s) 6,452,736,000 bytes free
Recherche de rootkit! (Merci S!Ri)
Recherche d'infections connues
Export des clefs sensibles..
Liste des fichiers en exception sur le pare-feu XP SP2
"C:\\Program Files\\Symantec\\pcAnywhere\\Winaw32.exe"="C:\\Program Files\\Symantec\\pcAnywhere\\Winaw32.exe:*:Enabled:pcAnywhere Main Executable"
"C:\\Program Files\\Symantec\\pcAnywhere\\awhost32.exe"="C:\\Program Files\\Symantec\\pcAnywhere\\awhost32.exe:*:Enabled:pcAnywhere Host Service"
"C:\\Program Files\\Symantec\\pcAnywhere\\awrem32.exe"="C:\\Program Files\\Symantec\\pcAnywhere\\awrem32.exe:*:Enabled:pcAnywhere Remote Service"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\LeechFTP\\Leechftp.exe"="C:\\Program Files\\LeechFTP\\Leechftp.exe:*:Enabled:LeechFTP"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test"
"C:\\Program Files\\BitSpirit\\BitSpirit.exe"="C:\\Program Files\\BitSpirit\\BitSpirit.exe:*:Enabled:The powerful and easy-to-use BitTorrent Client"
"C:\\Program Files\\Microsoft Office\\OFFICE11\\EXCEL.EXE"="C:\\Program Files\\Microsoft Office\\OFFICE11\\EXCEL.EXE:*:Enabled:Microsoft Office Excel"
"C:\\Program Files\\Microsoft Office\\OFFICE11\\POWERPNT.EXE"="C:\\Program Files\\Microsoft Office\\OFFICE11\\POWERPNT.EXE:*:Enabled:Microsoft Office PowerPoint"
"C:\\WINDOWS\\system32\\mmc.exe"="C:\\WINDOWS\\system32\\mmc.exe:*:Disabled:Microsoft Management Console"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Pando Networks\\Pando\\pando.exe"="C:\\Program Files\\Pando Networks\\Pando\\pando.exe:*:Enabled:pando"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\Cisco\\Cisco AnyConnect VPN Client\\vpnui.exe"="C:\\Program Files\\Cisco\\Cisco AnyConnect VPN Client\\vpnui.exe:*:Enabled:AnyConnect VPN Client"
"C:\\Program Files\\Microsoft Virtual PC\\Virtual PC.exe"="C:\\Program Files\\Microsoft Virtual PC\\Virtual PC.exe:*:Enabled:Virtual PC 2007"
"C:\\Program Files\\CyberLink\\PCM4Everio\\PCM4Everio.exe"="C:\\Program Files\\CyberLink\\PCM4Everio\\PCM4Everio.exe:*:Disabled:CyberLink PowerCinema NE for Everio"
"C:\\Program Files\\CyberLink\\PCM4Everio\\EverioService.exe"="C:\\Program Files\\CyberLink\\PCM4Everio\\EverioService.exe:*:Disabled:CyberLink PowerCinema NE for Everio Resident Program"
"C:\\Program Files\\CyberLink\\PowerDirector\\PDR.exe"="C:\\Program Files\\CyberLink\\PowerDirector\\PDR.exe:*:Disabled:CyberLink PowerDirector"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\SpyBlocker Software\\spyblocker.exe"="C:\\Program Files\\SpyBlocker Software\\spyblocker.exe:*:Enabled:SpyBlocker"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\BitSpirit\\BitSpirit.exe"="C:\\Program Files\\BitSpirit\\BitSpirit.exe:*:Disabled:The powerful and easy-to-use BitTorrent Client"
Export de la clef SharedTaskScheduler
[SharedTaskScheduler]
exports des policies
REGEDIT4
[system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
Export des clefs sensibles..
Rechercher adresses sensibles dans le fichier HOSTS...
127.0.0.1 counter.kaspersky.com
127.0.0.1 osiris.cj.com
127.0.0.1 ads1.updated.com
127.0.0.1 autoupdate.windowsmedia.com
127.0.0.1 update.downloadaccelerator.com
127.0.0.1 update.imiserver.com
127.0.0.1 update.kazaa.com
127.0.0.1 update.webhancer.com
127.0.0.1 updaterservice.wildtangent.com
127.0.0.1 updates.browseraid.com
127.0.0.1 updates.hotbar.com
127.0.0.1 updates.searchmadesafe.net
127.0.0.1 updateserver.gator.com
127.0.0.1 wdcs.trendmicro.com
catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-03-31 20:47:11
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0010c61ef443]
"0012475b9181"=hex:a4,d2,0f,37,36,1e,69,74,44,b3,e1,6f,7e,70,9f,1c
"001a8a800137"=hex:35,bf,92,fb,13,64,6d,fd,03,f3,d8,10,84,bd,05,7e
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s0"=dword:a06243d2
"s1"=dword:f5e7156d
"s2"=dword:fcb395c2
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:eb,e3,57,cc,d5,a3,35,c4,3c,c9,75,d3,b7,fe,c6,29,48,f9,9d,11,03,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,bc,c8,32,0b,9d,50,5d,00,0c,ce,e0,0d,a0,2c,e7,59,d2,..
"khjeh"=hex:f5,34,eb,e7,99,94,3d,93,af,aa,c3,09,93,31,a7,f2,ba,da,f4,55,ff,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:b6,a7,6d,c1,f2,78,c6,0a,4b,91,d8,7c,8f,77,de,b5,39,24,9d,67,db,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0010c61ef443]
"0012475b9181"=hex:a4,d2,0f,37,36,1e,69,74,44,b3,e1,6f,7e,70,9f,1c
"001a8a800137"=hex:35,bf,92,fb,13,64,6d,fd,03,f3,d8,10,84,bd,05,7e
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:eb,e3,57,cc,d5,a3,35,c4,3c,c9,75,d3,b7,fe,c6,29,48,f9,9d,11,03,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,bc,c8,32,0b,9d,50,5d,00,0c,ce,e0,0d,a0,2c,e7,59,d2,..
"khjeh"=hex:f5,34,eb,e7,99,94,3d,93,af,aa,c3,09,93,31,a7,f2,ba,da,f4,55,ff,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:b6,a7,6d,c1,f2,78,c6,0a,4b,91,d8,7c,8f,77,de,b5,39,24,9d,67,db,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:eb,e3,57,cc,d5,a3,35,c4,3c,c9,75,d3,b7,fe,c6,29,48,f9,9d,11,03,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,bc,c8,32,0b,9d,50,5d,00,0c,ce,e0,0d,a0,2c,e7,59,d2,..
"khjeh"=hex:f5,34,eb,e7,99,94,3d,93,af,aa,c3,09,93,31,a7,f2,ba,da,f4,55,ff,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:6f,65,a2,0b,c4,a8,a8,2e,9e,48,82,3f,98,ab,f1,78,6a,8e,90,a4,7b,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden services: 0
hidden files: 0
KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (
http://www.security.org.sg)
Process list by traversal of KiWaitListHead
4 - System
228 - S24EvMon.exe
336 - svchost.exe
344 - svchost.exe
364 - btwdins.exe
396 - slimsvc.exe
440 - vpnagent.exe
548 - Ad-Watch2007.ex
776 - nvsvc32.exe
828 - RegSrvc.exe
896 - aawservice.exe
996 - ZCfgSvc.exe
1072 - explorer.exe
1148 - RichVideo.exe
1316 - spoolsv.exe
1360 - scardsvr.exe
1428 - csrss.exe
1456 - winlogon.exe
1504 - services.exe
1508 - xfilter.exe
1516 - lsass.exe
1684 - svchost.exe
1732 - svchost.exe
1812 - rundll32.exe
1832 - quickset.exe
1876 - carpserv.exe
1884 - qttask.exe
1912 - PPActiveDetecti
2000 - BTTray.exe
2020 - FilMsg.exe
2040 - svchost.exe
2072 - taskmgr.exe
2132 - wmiprvse.exe
2208 - alg.exe
2964 - cmd.exe
3040 - caiss.exe
3404 - PestPatrol5.exe
4192 - firefox.exe
Total number of processes = 38
NOTE: Under WinXP, this will not show all processes.
KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (
http://www.security.org.sg)
Driver/Module list by traversal of PsLoadedModuleList
804D7000 - \WINDOWS\system32\ntoskrnl.exe
806EC000 - \WINDOWS\system32\hal.dll
F7D2D000 - \WINDOWS\system32\KDCOM.DLL
F7C3D000 - \WINDOWS\system32\BOOTVID.dll
F773B000 - sptd.sys
F7D2F000 - \WINDOWS\System32\Drivers\WMILIB.SYS
F7723000 - \WINDOWS\System32\Drivers\SPTD3677.SYS
F76F5000 - ACPI.sys
F76E4000 - pci.sys
F782D000 - isapnp.sys
F783D000 - ohci1394.sys
F784D000 - \WINDOWS\System32\DRIVERS\1394BUS.SYS
F7AAD000 - ehfooysy.dat
F7C41000 - compbatt.sys
F7C45000 - \WINDOWS\System32\DRIVERS\BATTC.SYS
F7DF5000 - PCIIde.sys
F7AB5000 - \WINDOWS\System32\Drivers\PCIIDEX.SYS
F7D31000 - intelide.sys
F76C6000 - pcmcia.sys
F785D000 - MountMgr.sys
F76A7000 - ftdisk.sys
F7ABD000 - PartMgr.sys
F7AC5000 - sfsync02.sys
F786D000 - VolSnap.sys
F768F000 - atapi.sys
F787D000 - disk.sys
F788D000 - \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
F7670000 - fltmgr.sys
F7659000 - KSecDD.sys
F75CC000 - Ntfs.sys
F759F000 - NDIS.sys
F7580000 - xpacket.sys
F7ACD000 - sfhlp02.sys
F756F000 - sfdrv01.sys
F789D000 - sbp2port.sys
F7554000 - Mup.sys
F7C49000 - Gernuwa.sys
F7D33000 - tiumflt.sys
F7428000 - btkrnl.sys
F78AD000 - agp440.sys
F7A1D000 - \SystemRoot\System32\DRIVERS\intelppm.sys
F73EF000 - \SystemRoot\System32\DRIVERS\CmBatt.sys
F685B000 - \SystemRoot\system32\DRIVERS\nv4_mini.sys
F6847000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
F7B4D000 - \SystemRoot\System32\DRIVERS\usbuhci.sys
F6824000 - \SystemRoot\System32\DRIVERS\USBPORT.SYS
F7B55000 - \SystemRoot\System32\DRIVERS\usbehci.sys
F6803000 - \SystemRoot\system32\DRIVERS\b57xp32.sys
F7A2D000 - \SystemRoot\system32\DRIVERS\gticard.sys
F73EB000 - \SystemRoot\system32\DRIVERS\SMCLIB.SYS
F7A3D000 - \SystemRoot\System32\DRIVERS\nic1394.sys
F7B5D000 - \SystemRoot\system32\drivers\tiumfwl.sys
F7A4D000 - \SystemRoot\System32\DRIVERS\i8042prt.sys
F7B65000 - \SystemRoot\System32\DRIVERS\mouclass.sys
F7B6D000 - \SystemRoot\system32\drivers\aw_host5.sys
F7B75000 - \SystemRoot\System32\DRIVERS\kbdclass.sys
F7A5D000 - \SystemRoot\System32\DRIVERS\serial.sys
F73E7000 - \SystemRoot\System32\DRIVERS\serenum.sys
F67EF000 - \SystemRoot\System32\DRIVERS\parport.sys
F7A6D000 - \SystemRoot\System32\DRIVERS\imapi.sys
F7A7D000 - \SystemRoot\System32\DRIVERS\cdrom.sys
F7A8D000 - \SystemRoot\System32\DRIVERS\redbook.sys
F67CC000 - \SystemRoot\System32\DRIVERS\ks.sys
F679C000 - \SystemRoot\system32\drivers\STAC97.sys
F6778000 - \SystemRoot\system32\drivers\portcls.sys
F7A9D000 - \SystemRoot\system32\drivers\drmk.sys
F6754000 - \SystemRoot\system32\DRIVERS\HSFHWICH.sys
F6649000 - \SystemRoot\system32\DRIVERS\HSF_DP.sys
F65BE000 - \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
F7B7D000 - \SystemRoot\System32\Drivers\Modem.SYS
F6574000 - \SystemRoot\System32\Drivers\dtscsi.sys
F63BC000 - \SystemRoot\System32\Drivers\SCSIPORT.SYS
F6BB0000 - \SystemRoot\system32\DRIVERS\VMNetSrv.sys
F7B85000 - \SystemRoot\system32\drivers\btaudio.sys
F7EEE000 - \SystemRoot\System32\DRIVERS\audstub.sys
F6BA0000 - \SystemRoot\System32\DRIVERS\rasl2tp.sys
F73DB000 - \SystemRoot\System32\DRIVERS\ndistapi.sys
F63A5000 - \SystemRoot\System32\DRIVERS\ndiswan.sys
F6B90000 - \SystemRoot\System32\DRIVERS\raspppoe.sys
F6B80000 - \SystemRoot\System32\DRIVERS\raspptp.sys
F7B8D000 - \SystemRoot\System32\DRIVERS\TDI.SYS
F6394000 - \SystemRoot\System32\DRIVERS\psched.sys
F6B70000 - \SystemRoot\System32\DRIVERS\msgpc.sys
F7B95000 - \SystemRoot\System32\DRIVERS\ptilink.sys
F7B9D000 - \SystemRoot\System32\DRIVERS\raspti.sys
F6379000 - \SystemRoot\system32\DRIVERS\vna.sys
F7D5B000 - \SystemRoot\system32\DRIVERS\loop.sys
F7BA5000 - \SystemRoot\system32\DRIVERS\btport.sys
F6348000 - \SystemRoot\System32\DRIVERS\rdpdr.sys
F6B60000 - \SystemRoot\System32\DRIVERS\termdd.sys
F7D5D000 - \SystemRoot\System32\DRIVERS\swenum.sys
F6314000 - \SystemRoot\System32\DRIVERS\update.sys
F73BB000 - \SystemRoot\System32\DRIVERS\mssmbios.sys
F6B50000 - \SystemRoot\System32\Drivers\NDProxy.SYS
F6B40000 - \SystemRoot\System32\DRIVERS\usbhub.sys
F7D5F000 - \SystemRoot\System32\DRIVERS\USBD.SYS
F7D63000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS
F7E23000 - \SystemRoot\System32\Drivers\Null.SYS
F7D65000 - \SystemRoot\System32\Drivers\Beep.SYS
F7BD5000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
F7BDD000 - \SystemRoot\System32\drivers\vga.sys
F7CFD000 - \SystemRoot\System32\Drivers\awlegacy.sys
F7D69000 - \SystemRoot\System32\Drivers\mnmdd.SYS
F7D6B000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys
F7BE5000 - \SystemRoot\System32\Drivers\Msfs.SYS
F7BED000 - \SystemRoot\System32\Drivers\Npfs.SYS
F7D01000 - \SystemRoot\System32\DRIVERS\rasacd.sys
F523E000 - \SystemRoot\System32\DRIVERS\ipsec.sys
F51E6000 - \SystemRoot\System32\DRIVERS\tcpip.sys
F51BE000 - \SystemRoot\System32\DRIVERS\netbt.sys
F519C000 - \SystemRoot\System32\drivers\afd.sys
F6B20000 - \SystemRoot\System32\DRIVERS\netbios.sys
F5161000 - \??\C:\WINDOWS\system32\Drivers\vmm.sys
F7BF5000 - \SystemRoot\System32\Drivers\SCDEmu.SYS
F510D000 - \SystemRoot\System32\DRIVERS\rdbss.sys
F6310000 - \SystemRoot\SYSTEM32\DRIVERS\OMCI.SYS
F509E000 - \SystemRoot\System32\DRIVERS\mrxsmb.sys
F78ED000 - \SystemRoot\System32\Drivers\Fips.SYS
F4FDD000 - \SystemRoot\System32\DRIVERS\ipnat.sys
F78FD000 - \SystemRoot\System32\DRIVERS\wanarp.sys
F790D000 - \SystemRoot\System32\DRIVERS\arp1394.sys
F7D6D000 - \SystemRoot\System32\Drivers\FileDisk.SYS
F62EC000 - \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS
F7C15000 - \SystemRoot\system32\DRIVERS\USBSTOR.SYS
F5285000 - \SystemRoot\system32\DRIVERS\sfloppy.sys
F7C1D000 - \SystemRoot\System32\DRIVERS\usbccgp.sys
F5281000 - \SystemRoot\system32\DRIVERS\hidusb.sys
F798D000 - \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
F527D000 - \SystemRoot\system32\DRIVERS\kbdhid.sys
F7C2D000 - \SystemRoot\System32\Drivers\BTHUSB.sys
F4DF2000 - \SystemRoot\System32\Drivers\bthport.sys
F79CD000 - \SystemRoot\system32\DRIVERS\rfcomm.sys
F7AE5000 - \SystemRoot\System32\DRIVERS\BthEnum.sys
F4DD9000 - \SystemRoot\system32\DRIVERS\bthpan.sys
F78CD000 - \SystemRoot\System32\Drivers\Cdfs.SYS
F4DC1000 - \SystemRoot\System32\Drivers\dump_atapi.sys
F7D81000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS
BF800000 - \SystemRoot\System32\win32k.sys
F7B05000 - \SystemRoot\System32\watchdog.sys
F4FD9000 - \SystemRoot\System32\drivers\Dxapi.sys
BF9C1000 - \SystemRoot\System32\drivers\dxg.sys
F7EB0000 - \SystemRoot\System32\drivers\dxgthk.sys
BF9D3000 - \SystemRoot\System32\nv4_disp.dll
BFFA0000 - \SystemRoot\System32\ATMFD.DLL
F282D000 - \SystemRoot\system32\DRIVERS\AegisP.sys
F2829000 - \SystemRoot\system32\DRIVERS\s24trans.sys
F281D000 - \SystemRoot\System32\DRIVERS\ndisuio.sys
F242C000 - \SystemRoot\system32\drivers\wdmaud.sys
F2639000 - \SystemRoot\system32\drivers\sysaudio.sys
F22C2000 - \SystemRoot\System32\DRIVERS\mrxdav.sys
F7DB5000 - \SystemRoot\System32\Drivers\ParVdm.SYS
F4E5D000 - \SystemRoot\System32\drivers\aspi32.sys
F2791000 - \SystemRoot\system32\DRIVERS\mdmxsdk.sys
F2157000 - \SystemRoot\system32\DRIVERS\srv.sys
F4E35000 - \SystemRoot\System32\DRIVERS\secdrv.sys
F7C35000 - \SystemRoot\system32\DRIVERS\strmdisp.sys
F7DBD000 - \??\C:\WINDOWS\system32\drivers\AWRTPD.sys
F1E3F000 - \??\C:\WINDOWS\system32\drivers\NSDriver.sys
F1F3B000 - \??\C:\WINDOWS\system32\drivers\AWRTRD.sys
F1A52000 - \SystemRoot\System32\Drivers\Fastfat.SYS
F7EE8000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys
Total number of drivers = 161
Liste des programmes installes
Ad-Aware 2007
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.2
Archiveur WinRAR
AutoUpdate
AviSynth 2.5
BitSpirit v3.1.0.077 Stable Release
Broadcom Gigabit Integrated Controller
CA eTrust PestPatrol Anti-Spyware
CardBus
CCleaner (remove only)
CentraOne
Check Point SSL Network Extender
Cisco AnyConnect VPN Client
Conexant D480 MDC V.92 Modem
Convertor 2.0
Dell Bluetooth Software
Dell ResourceCD
Digital Photo Navigator 1.5
DivX Codec
DivX Content Uploader
DivX Converter
DivX Web Player
EasyPHP 1.8
Filseclab Personal Firewall
Free Download Manager 2.1
HijackThis 2.0.2
Hotfix for Windows XP (KB909394)
Hotfix for Windows XP (KB926239)
Intel(R) PROSet
InterVideo WinDVD
LeechFTP
Livebox
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
Macromedia Dreamweaver 8
Macromedia Extension Manager
MetaFrame Presentation Server Web Client for Win32
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft ActiveSync
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Access 2.0 Converter
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Virtual PC 2007
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (2.0.0.13)
MSXML 6.0 Parser (KB927977)
Nero 7 Essentials
NVIDIA Drivers
O2Micro Smartcard Driver
O2Micro Smartcard Driver
Oracle JInitiator 1.3.1.21
Outil de connexion Wanadoo
PCI 7510 CardBus Controller with SmartCard and Software
Philips Intelligent Agent
PhotoNow! 1.0
PowerCinema NE for Everio
PowerDirector
PowerDirector
PowerISO
PSP Brew 0.91
PSP Video 9 1.74
QuickSet
QuickTime
QuickTime
RealPlayer
SAMSUNG CDMA Modem Driver Set
Sega Cue Maker
SigmaTel AC97 Audio Drivers
SmartSound Quicktracks Plugin
SmartSound Quicktracks Plugin
SpyBlocker
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
Symantec pcAnywhere
TELL ME MORE
UltraSplitter
Unlocker 1.8.5
Update for Windows XP (KB898461)
VCW VicMan's Photo Editor 7.9
VideoLAN VLC media player 0.8.6c
WebFldrs XP
Windows Communication Foundation
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Hotfix - KB884020
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB891220
Windows XP Service Pack 2
XML Paper Specification Shared Components Pack 1.0
XnView 1.80.3
Yahoo! Anti-Spy
Volume in drive C has no label.
Volume Serial Number is A0A8-CD2D
Directory of C:\Program Files
03/31/2008 03:46 PM <DIR> .
03/31/2008 03:46 PM <DIR> ..
02/06/2008 11:51 AM <DIR> Adobe
06/13/2007 08:17 PM <DIR> Ahead
10/30/2007 09:49 PM <DIR> Auralog
08/10/2007 04:02 PM <DIR> AviSynth 2.5
07/17/2007 04:39 PM <DIR> BitSpirit
01/17/2008 06:30 PM <DIR> Bobdown
01/17/2007 12:15 PM <DIR> Broadcom
03/28/2008 01:45 PM <DIR> CA
08/06/2007 01:40 PM <DIR> CCleaner
01/19/2007 03:40 PM <DIR> CentraOne
08/16/2006 04:24 PM <DIR> CheckPoint
12/13/2007 12:04 PM <DIR> Cisco
01/24/2007 11:44 AM <DIR> Cisco Systems
03/28/2008 04:05 PM <DIR> Citrix
03/31/2008 05:04 PM <DIR> Common Files
09/26/2005 06:11 PM <DIR> ComPlus Applications
09/26/2005 11:32 PM <DIR> CONEXANT
03/06/2006 04:45 PM <DIR> Convertor
09/14/2007 12:29 AM <DIR> CyberLink
08/17/2006 02:18 PM <DIR> DAEMON Tools
01/16/2007 07:52 PM <DIR> Dell
09/12/2007 03:13 PM <DIR> Digital Photo Navigator 1.5
03/30/2008 04:40 PM <DIR> DivX
01/03/2007 01:18 PM <DIR> EasyPHP1-8
03/31/2008 03:46 PM <DIR> Exterminate It!
02/07/2008 11:39 AM <DIR> Free Download Manager
01/18/2008 10:57 PM <DIR> Grisoft
01/31/2008 08:53 PM <DIR> Intel
02/08/2008 11:52 AM <DIR> Internet Explorer
01/17/2006 12:11 AM <DIR> InterVideo
06/25/2007 09:34 PM <DIR> Java
01/02/2006 07:27 PM <DIR> LeechFTP
04/20/2007 08:52 AM <DIR> LizardTech
10/09/2006 04:14 PM <DIR> Maxthon
09/27/2005 11:07 PM <DIR> Messenger
12/03/2007 06:45 PM <DIR> Microsoft ActiveSync
12/03/2007 06:35 PM <DIR> microsoft frontpage
09/28/2005 12:47 PM <DIR> Microsoft Office
12/27/2007 04:39 PM <DIR> Microsoft SQL Server
08/23/2007 04:08 PM <DIR> Microsoft Virtual PC
09/28/2005 12:48 PM <DIR> Microsoft.NET
09/26/2005 06:39 PM <DIR> Movie Maker
03/31/2008 07:27 PM <DIR> Mozilla Firefox
08/07/2007 02:52 PM <DIR> MSBuild
09/26/2005 06:10 PM <DIR> MSN
09/26/2005 06:10 PM <DIR> MSN Gaming Zone
09/16/2007 10:50 AM <DIR> MSN Messenger
06/13/2007 08:21 PM <DIR> Nero
09/26/2005 06:36 PM <DIR> NetMeeting
11/08/2006 05:14 PM <DIR> NovaLogic
07/26/2007 12:15 PM <DIR> Nvu
09/26/2005 06:10 PM <DIR> Online Services
09/14/2006 02:34 PM <DIR> Oracle
05/02/2006 12:01 PM <DIR> Outlook Express
08/06/2007 01:08 PM <DIR> Pando Networks
06/13/2007 08:27 PM <DIR> Philips Intelligent Agent
10/13/2006 10:14 PM <DIR> PowerISO
08/10/2007 06:11 PM <DIR> PSP Brew
09/14/2007 12:19 AM <DIR> QuickTime
12/16/2005 02:14 AM <DIR> Real
08/07/2007 02:46 PM <DIR> Reference Assemblies
01/17/2007 12:31 PM <DIR> SAGEM
11/15/2007 03:03 PM <DIR> SAMSUNG
09/26/2005 07:21 PM <DIR> SigmaTel
09/12/2007 08:00 PM <DIR> SmartSound Software
03/31/2008 12:12 PM <DIR> SpyBlocker Software
02/12/2008 04:05 PM <DIR> Spybot - Search & Destroy
09/26/2005 11:19 PM <DIR> Symantec
01/16/2008 11:39 PM <DIR> Trend Micro
01/21/2007 07:49 PM <DIR> UltraSplitter
02/12/2008 06:41 PM <DIR> Unlocker
08/10/2007 03:57 PM <DIR> VCW VicMan's Photo Editor
08/11/2006 08:26 PM <DIR> VideoLAN
01/17/2007 01:19 PM <DIR> Wanadoo
09/17/2007 09:10 AM <DIR> Windows Live Toolbar
09/09/2007 11:11 PM <DIR> Windows Media Components
11/14/2006 12:43 PM <DIR> Windows Media Connect 2
02/17/2008 09:29 PM <DIR> Windows Media Player
09/26/2005 06:36 PM <DIR> Windows NT
03/28/2006 10:26 AM <DIR> WinRAR
09/26/2005 06:15 PM <DIR> xerox
12/20/2005 06:20 PM <DIR> XnView
01/31/2008 08:56 PM <DIR> Yahoo!
0 File(s) 0 bytes
85 Dir(s) 6,435,139,584 bytes free
Volume in drive C has no label.
Volume Serial Number is A0A8-CD2D
Directory of C:\Program Files\common files
03/31/2008 05:04 PM <DIR> .
03/31/2008 05:04 PM <DIR> ..
10/14/2006 09:46 PM <DIR> Adaptec Shared
02/06/2008 11:52 AM <DIR> Adobe
06/13/2007 08:26 PM <DIR> Ahead
01/03/2008 06:36 PM <DIR> AVSMedia
02/27/2006 06:40 PM <DIR> Borland Shared
09/28/2005 12:47 PM <DIR> DESIGNER
03/31/2008 05:04 PM <DIR> Filseclab
09/09/2007 11:09 PM <DIR> InstallShield
07/26/2007 12:31 PM <DIR> Macromedia
01/03/2008 05:54 PM <DIR> Microsoft Shared
09/26/2005 06:12 PM <DIR> MSSoap
09/26/2005 08:02 PM <DIR> ODBC
03/26/2008 12:54 PM <DIR> Real
03/28/2008 01:46 PM <DIR> Scanner
09/26/2005 06:12 PM <DIR> Services
09/26/2005 08:02 PM <DIR> SpeechEngines
09/26/2005 11:20 PM <DIR> Symantec Shared
09/28/2005 12:47 PM <DIR> System
03/31/2008 04:01 PM <DIR> Wise Installation Wizard
03/26/2008 12:54 PM <DIR> xing shared
0 File(s) 0 bytes
22 Dir(s) 6,435,139,584 bytes free
Volume in drive C has no label.
Volume Serial Number is A0A8-CD2D
Directory of C:\
02/20/2008 04:54 PM 6,222,376 DivXWebPlayerInstaller.exe
1 File(s) 6,222,376 bytes
0 Dir(s) 6,435,139,584 bytes free
c:\Documents and Settings\All Users\Desktop\spybotsd152.exe
c:\Documents and Settings\TheBoss\ScanReg.exe
c:\Documents and Settings\TheBoss\Application Data\Real\RealPlayer\setup\AU_setup.exe
c:\Documents and Settings\TheBoss\Application Data\Real\RealPlayer\Update\RealPlayer11GOLD.exe
c:\Documents and Settings\TheBoss\Desktop\694-System4v3.1G.exe
c:\Documents and Settings\TheBoss\Desktop\ALPHA.EXE
c:\Documents and Settings\TheBoss\Desktop\LLGMICA.EXE
c:\Documents and Settings\TheBoss\Desktop\PDP2325_35_45FWUpgrade_v142.exe
c:\Documents and Settings\TheBoss\Desktop\R105328.EXE
c:\Documents and Settings\TheBoss\Desktop\R115320.EXE
c:\Documents and Settings\TheBoss\Desktop\R97343.EXE
c:\Documents and Settings\TheBoss\Desktop\vlc-0.8.5-win32.exe
c:\Documents and Settings\TheBoss\My Documents\HJTInstall.exe
c:\Documents and Settings\TheBoss\My Documents\MIO\InstallTomTomHOME.exe
c:\Documents and Settings\TheBoss\My Documents\philips graveur\Philips_Intelligent_Agent_2.0_Setup.exe
c:\Documents and Settings\All Users\Application Data\Grisoft\AVG Anti-Spyware 7.5\Downloads\help.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll
c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
c:\Documents and Settings\TheBoss\Application Data\InstallShield Installation Information\{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}\_setup.dll
c:\Documents and Settings\TheBoss\Application Data\Macromedia\Dreamweaver 8\Configuration\Flash Player\FlashPlayerW.dll
c:\Documents and Settings\TheBoss\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
c:\Documents and Settings\TheBoss\Application Data\Microsoft\Virtual PC\VPCKeyboard.dll
****** Fin du rapport DiagHelp
Veuillez svp envoyer le fichier C:\upload_moi_EQUITRAC-LAPTOP.tar.gz a l'adresse
http://upload.malekal.com