Je vivre a Paris de 1984 au 2000.
Lors d'execution de DiagHelp, NOD32 a bloque
27/1/2008 9:49:02 πμ Real-time file system protection file C:\DOCUME~1\Giorgio\LOCALS~1\Temp\qcimyesaES.dll probably a variant of Win32/Inject trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\temp\memory\DiagHelp\catchme.exe.
Le rapport
DiagHelp version v1.4 - http://www.malekal.com
excute le ??? 27/01/2008 ΰ 9:48:37,99
Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf -->27/1/2008 09:48:31
C:\WINDOWS\prefetch\WINDOWSSEARCHFILTER.EXE-2708964D.pf -->27/1/2008 09:47:33
C:\WINDOWS\prefetch\FIREFOX.EXE-28641590.pf -->27/1/2008 09:45:22
C:\WINDOWS\prefetch\NOTEPAD.EXE-336351A9.pf -->27/1/2008 09:43:55
C:\WINDOWS\prefetch\WMIPRVSE.EXE-28F301A9.pf -->27/1/2008 09:42:42
C:\WINDOWS\prefetch\WGATRAY.EXE-0ED38BED.pf -->27/1/2008 09:42:42
C:\WINDOWS\prefetch\RUNDLL32.EXE-451FC2C0.pf -->27/1/2008 09:42:39
C:\WINDOWS\prefetch\MSIEXEC.EXE-2F8A8CAE.pf -->27/1/2008 09:42:24
C:\WINDOWS\prefetch\RUNDLL32.EXE-42057D8B.pf -->27/1/2008 09:42:14
C:\WINDOWS\prefetch\IMAPI.EXE-0BF740A4.pf -->27/1/2008 09:42:06
C:\WINDOWS\System32\drivers\tmcomm.sys -->25/1/2008 17:41:02
C:\WINDOWS\System32\drivers\gmer.sys -->20/1/2008 11:23:51
C:\WINDOWS\System32\drivers\snapman.sys -->10/1/2008 16:05:55
C:\WINDOWS\System32\drivers\AegisP.sys -->8/1/2008 18:35:51
C:\WINDOWS\System32\drivers\NTIDrvr.sys -->6/1/2008 09:56:11
C:\WINDOWS\System32\drivers\epfwtdi.sys -->21/12/2007 08:21:54
C:\WINDOWS\System32\drivers\epfwndis.sys -->21/12/2007 08:21:52
C:\WINDOWS\System32\wpa.dbl -->27/1/2008 09:40:25
C:\WINDOWS\System32\PerfStringBackup.TMP -->25/1/2008 20:57:36
C:\WINDOWS\System32\perfh009.dat -->25/1/2008 20:57:36
C:\WINDOWS\System32\perfc009.dat -->25/1/2008 20:57:36
C:\WINDOWS\System32\wmpscheme.xml -->25/1/2008 10:07:06
C:\WINDOWS\System32\FNTCACHE.DAT -->25/1/2008 10:01:05
C:\WINDOWS\System32\$winnt$.inf -->25/1/2008 09:58:50
C:\WINDOWS\System32\nscompat.tlb -->25/1/2008 09:54:53
C:\WINDOWS\System32\amcompat.tlb -->25/1/2008 09:54:53
C:\WINDOWS\System32\WindowsLogon.manifest -->25/1/2008 09:52:46
C:\WINDOWS\System32\logonui.exe.manifest -->25/1/2008 09:52:46
C:\WINDOWS\System32\wuaucpl.cpl.manifest -->25/1/2008 09:52:40
C:\WINDOWS\System32\sapi.cpl.manifest -->25/1/2008 09:52:40
C:\WINDOWS\System32\nwc.cpl.manifest -->25/1/2008 09:52:40
C:\WINDOWS\System32\ncpa.cpl.manifest -->25/1/2008 09:52:40
C:\WINDOWS\System32\cdplayer.exe.manifest -->25/1/2008 09:52:40
C:\WINDOWS\System32\Uninstall.ico -->22/1/2008 14:57:51
C:\WINDOWS\System32\pavas.ico -->22/1/2008 14:57:51
C:\WINDOWS\System32\Help.ico -->22/1/2008 14:57:51
C:\WINDOWS\System32\PerfStringBackup.INI -->20/1/2008 16:26:22
C:\WINDOWS\System32\HJZFSMJBMKQ -->20/1/2008 15:59:38
C:\WINDOWS\System32\windrv.sys -->20/1/2008 11:59:02
C:\WINDOWS\System32\asfiles.txt -->19/1/2008 20:28:46
C:\WINDOWS\System32\PAV_FOG.OPC -->19/1/2008 09:53:30
C:\WINDOWS\System32\AutoPartNt.let -->10/1/2008 16:49:26
C:\WINDOWS\setupapi.log -->27/1/2008 09:47:30
C:\WINDOWS\ModemLog_SmartUSB56 Voice Modem.txt -->27/1/2008 09:42:04
C:\WINDOWS.log -->27/1/2008 09:42:00
C:\WINDOWS\wiadebug.log -->27/1/2008 09:40:38
C:\WINDOWS\win.ini -->27/1/2008 09:40:28
C:\WINDOWS\wiaservc.log -->27/1/2008 09:40:28
C:\WINDOWS\SchedLgU.Txt -->27/1/2008 09:40:19
C:\WINDOWS\bootstat.dat -->27/1/2008 09:38:56
C:\WINDOWS\MEMORY.DMP -->26/1/2008 13:29:42
C:\WINDOWS\spslpsrm.log -->26/1/2008 13:09:28
C:\WINDOWS\ie7_main.log -->26/1/2008 13:06:52
C:\WINDOWS\svcpack.log -->26/1/2008 13:06:31
C:\WINDOWS\WindowsUpdate.log -->26/1/2008 09:59:26
C:\WINDOWS\medctroc.Log -->26/1/2008 09:58:27
C:\WINDOWS\KB906569.log -->26/1/2008 09:01:11
winlogon.exe
Verified: Signed
svchost.exe
Verified: Signed
ws2_32.dll
Verified: Signed
user32.dll
Verified: Signed
tcpip.sys
Verified: Signed
ndis.sys
Verified: Signed
null.sys
Verified: Signed
ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com
------------------------------------------------------------------------------
explorer.exe pid: 228
Command line: C:\WINDOWS\Explorer.EXE
Base Size Version Path
0x01000000 0xf7000 6.00.2600.0000 C:\WINDOWS\Explorer.EXE
0x77c10000 0x53000 7.00.2600.0000 C:\WINDOWS\system32\msvcrt.dll
0x772d0000 0x63000 6.00.2600.0000 C:\WINDOWS\system32\SHLWAPI.dll
0x773d0000 0x7f4000 6.00.2600.0000 C:\WINDOWS\system32\SHELL32.dll
0x77120000 0x8b000 3.50.5014.0000 C:\WINDOWS\system32\OLEAUT32.dll
0x75f80000 0xfc000 6.00.2600.0000 C:\WINDOWS\System32\BROWSEUI.dll
0x769c0000 0x149000 6.00.2600.0000 C:\WINDOWS\System32\SHDOCVW.dll
0x5ad70000 0x34000 6.00.2600.0000 C:\WINDOWS\System32\UxTheme.dll
0x77340000 0x8b000 5.82.2600.0000 C:\WINDOWS\system32\comctl32.dll
0x5b630000 0x70000 6.00.2600.0000 C:\WINDOWS\System32\themeui.dll
0x71d40000 0x1b000 6.00.2600.0000 C:\WINDOWS\System32\actxprxy.dll
0x76b20000 0x15000 3.00.9238.0000 C:\WINDOWS\System32\ATL.DLL
0x129b0000 0x24000 15.00.0000.0000 C:\Program Files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
0x74b30000 0x41000 6.00.2600.0000 C:\WINDOWS\System32\webcheck.dll
0x74af0000 0x9000 6.00.2600.0000 C:\WINDOWS\System32\BatMeter.dll
0x74ad0000 0x7000 6.00.2600.0000 C:\WINDOWS\System32\POWRPROF.dll
0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll
0x72410000 0x19000 6.00.2600.0000 C:\WINDOWS\System32\mydocs.dll
0x762c0000 0x8a000 5.131.2600.0000 C:\WINDOWS\system32\CRYPT32.dll
0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll
0x582d0000 0x4000 1.01.0001.0005 C:\WINDOWS\System32\tssoft32.acm
0x73b70000 0x7000 1.03.0003.0007 C:\WINDOWS\System32\tsd32.dll
0x58310000 0x1d000 4.04.0000.3400 C:\WINDOWS\System32\msg723.acm
0x58340000 0x4d000 8.00.0000.4477 C:\WINDOWS\System32\msaud32.acm
0x582e0000 0x1e000 3.02.0000.0000 C:\WINDOWS\System32\sl_anet.acm
0x581a0000 0x39000 2.00.0005.0053 C:\WINDOWS\System32\iac25_32.ax
0x58390000 0x8a000 1.09.0000.0305 C:\WINDOWS\System32\l3codeca.acm
0x5a600000 0x13000 8.01.0178.0000 C:\WINDOWS\System32\sirenacm.dll
0x78130000 0x9b000 8.00.50727.1433 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll
0x10000000 0x31000 1.40.0000.0000 C:\WINDOWS\System32\ac3acm.acm
0x018e0000 0x92000 0.09.0001.0000 C:\WINDOWS\System32\lameACM.acm
0x71d90000 0x1e000 6.00.2600.0000 C:\WINDOWS\system32\URL.dll
0x76400000 0x1fb000 2.00.2600.0000 C:\WINDOWS\System32\msi.dll
0x76200000 0x97000 6.00.2600.0000 C:\WINDOWS\system32\WININET.dll
0x72430000 0x12000 6.00.2600.0000 C:\WINDOWS\System32\browselc.dll
0x72e00000 0x114000 8.20.8730.0001 C:\WINDOWS\System32\msxml3.dll
0x760f0000 0x78000 6.00.2600.0000 C:\WINDOWS\system32\urlmon.dll
0x74770000 0x8f000 6.00.2600.0000 C:\WINDOWS\System32\mlang.dll
0x1f7b0000 0x31000 3.520.7713.0000 C:\WINDOWS\System32\ODBC32.dll
0x763b0000 0x45000 6.00.2600.0000 C:\WINDOWS\system32\comdlg32.dll
0x1f850000 0x16000 3.520.7713.0000 C:\WINDOWS\System32\odbcint.dll
0x76170000 0x88000 6.00.2600.0000 C:\WINDOWS\System32\shdoclc.dll
0x68df0000 0x8c000 5.02.1776.0000 C:\WINDOWS\System32\fxsst.dll
0x69010000 0x70000 5.02.1776.0000 C:\WINDOWS\System32\FXSAPI.dll
0x16200000 0x6000 4.01.0000.0000 C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
0x04470000 0x9b000 C:\PROGRA~1\IZArc\IZArcCM.dll
0x5edd0000 0x1a000 5.00.5014.0000 C:\WINDOWS\System32\olepro32.dll
0x22000000 0x2e000 3.00.0621.0000 C:\Program Files\ESET\ESET Smart Security\shellExt.dll
0x019c0000 0x27000 1.00.0000.0001 C:\Documents and Settings\All Users\Application Data\GlobalSCAPE\CuteFTP\CuteShell.dll
0x029a0000 0x5b000 8.01.0000.0000 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com
------------------------------------------------------------------------------
winlogon.exe pid: 916
Command line: winlogon.exe
Base Size Version Path
0x01000000 0x6e000 \??\C:\WINDOWS\system32\winlogon.exe
0x77c10000 0x53000 7.00.2600.0000 C:\WINDOWS\system32\msvcrt.dll
0x762c0000 0x8a000 5.131.2600.0000 C:\WINDOWS\system32\CRYPT32.dll
0x76c30000 0x2b000 5.131.2600.0000 C:\WINDOWS\system32\WINTRUST.dll
0x773d0000 0x7f4000 6.00.2600.0000 C:\WINDOWS\system32\SHELL32.dll
0x772d0000 0x63000 6.00.2600.0000 C:\WINDOWS\system32\SHLWAPI.dll
0x77340000 0x8b000 5.82.2600.0000 C:\WINDOWS\system32\COMCTL32.dll
0x1f7b0000 0x31000 3.520.7713.0000 C:\WINDOWS\system32\ODBC32.dll
0x763b0000 0x45000 6.00.2600.0000 C:\WINDOWS\system32\comdlg32.dll
0x1f850000 0x16000 3.520.7713.0000 C:\WINDOWS\system32\odbcint.dll
0x76bd0000 0x1e000 6.00.2600.0000 C:\WINDOWS\system32\SHSVCS.dll
0x10000000 0x1d000 6.14.0010.4162 C:\WINDOWS\system32\Ati2evxx.dll
0x77120000 0x8b000 3.50.5014.0000 C:\WINDOWS\system32\OLEAUT32.dll
0x0ffd0000 0x22000 5.01.2518.0000 C:\WINDOWS\System32\rsaenh.dll
0x01410000 0x3b000 1.07.0018.0005 C:\WINDOWS\system32\WgaLogon.dll
0x5ad70000 0x34000 6.00.2600.0000 C:\WINDOWS\system32\uxtheme.dll
0x582d0000 0x4000 1.01.0001.0005 C:\WINDOWS\system32\tssoft32.acm
0x73b70000 0x7000 1.03.0003.0007 C:\WINDOWS\system32\tsd32.dll
0x58310000 0x1d000 4.04.0000.3400 C:\WINDOWS\system32\msg723.acm
0x58340000 0x4d000 8.00.0000.4477 C:\WINDOWS\system32\msaud32.acm
0x582e0000 0x1e000 3.02.0000.0000 C:\WINDOWS\system32\sl_anet.acm
0x581a0000 0x39000 2.00.0005.0053 C:\WINDOWS\System32\iac25_32.ax
0x58390000 0x8a000 1.09.0000.0305 C:\WINDOWS\System32\l3codeca.acm
0x5a600000 0x13000 8.01.0178.0000 C:\WINDOWS\system32\sirenacm.dll
0x78130000 0x9b000 8.00.50727.1433 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll
0x015d0000 0x31000 1.40.0000.0000 C:\WINDOWS\system32\ac3acm.acm
0x01610000 0x92000 0.09.0001.0000 C:\WINDOWS\system32\lameACM.acm
0x71d90000 0x1e000 6.00.2600.0000 C:\WINDOWS\system32\URL.dll
0x76b20000 0x15000 3.00.9238.0000 C:\WINDOWS\system32\ATL.DLL
Volume in drive C is DRIVE_C
Volume Serial Number is 747A-C779
Directory of C:\WINDOWS\system32
23/08/2001 14:00 4.096 csrss.exe
1 File(s) 4.096 bytes
0 Dir(s) 112.367.980.544 bytes free
Contenu de Downloaded Program Files
Volume in drive C is DRIVE_C
Volume Serial Number is 747A-C779
Directory of C:\WINDOWS\Downloaded Program Files
22/01/2008 16:19 <DIR> .
22/01/2008 16:19 <DIR> ..
24/08/2006 08:28 141.424 asinst.dll
22/08/2006 09:06 537 asinst.inf
25/10/2007 10:26 32 bdcore.dll
25/10/2007 10:26 118.784 bdupd.dll
30/01/2003 16:52 348.160 bitdefender.ocx
07/05/2003 11:26 192.512 CamCli.dll
19/01/2008 19:41 <DIR> CONFLICT.1
25/01/2008 09:52 65 desktop.ini
16/05/2007 08:29 227 driveragent.inf
16/05/2007 08:28 449.024 driveragent.ocx
25/07/2002 17:13 24.576 dwusplay.dll
25/07/2002 17:13 196.608 dwusplay.exe
11/04/2007 14:55 1.292 erma.inf
12/07/2000 02:02 36.864 fxfileop.dll
30/06/2007 19:09 175.968 IEAWSDC.DLL
30/06/2007 18:46 452 ieawsdc.inf
07/05/2003 11:26 180.224 ijl11.dll
25/10/2007 10:26 53.248 ipsupd.dll
16/02/2005 15:15 401.408 isusweb.dll
25/10/2007 10:26 6.742 lang.ini
13/04/2007 14:27 367 LegitCheckControl.inf
11/09/2007 13:49 12.592 LibComm.dll
25/10/2007 10:26 32 libfn.dll
25/10/2007 10:26 126 live.ini
26/10/2007 15:12 6.300 MSIWDev.inf
20/06/2006 15:44 379.704 MsnPUpld.dll
19/06/2006 14:40 393 MsnPUpld.inf
16/04/2007 21:50 295 muweb.inf
29/10/2007 16:45 1.244 oscan8.inf
25/10/2007 16:54 471.040 oscan8.ocx
11/09/2007 13:49 43.824 PSComm.dll
11/09/2007 13:49 100.656 PSNAdbrk.dll
20/06/2006 15:44 117.560 PURen-us.dll
09/01/2007 08:30 110.592 PURfr-fr.dll
25/10/2007 10:26 6.828 scanoptions.tsi
03/05/2007 15:35 300 setup.inf
27/03/2007 15:00 5.021 swflash.inf
29/05/2007 14:46 23.600 tvichw32.sys
31/10/2001 10:37 118 uninst.bat
26/05/2005 03:19 291 wuweb.inf
39 File(s) 3.609.030 bytes
Directory of C:\WINDOWS\Downloaded Program Files\CONFLICT.1
19/01/2008 19:41 <DIR> .
19/01/2008 19:41 <DIR> ..
0 File(s) 0 bytes
Total Files Listed:
39 File(s) 3.609.030 bytes
5 Dir(s) 112.367.976.448 bytes free
Recherche de rootkit! (Merci S!Ri)
Recherche d'infections connues
Export des clefs sensibles..
Liste des fichiers en exception sur le pare-feu XP SP2
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Export de la clef SharedTaskScheduler
[SharedTaskScheduler]
exports des policies
REGEDIT4
[system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"EnableLUA"=dword:00000000
Export des clefs sensibles..
Rechercher adresses sensibles dans le fichier HOSTS...
catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-27 09:49:03
Windows 5.1.2600 NTFS
scanning hidden services & system hive ...
IPC error: 2 The system cannot find the file specified.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:1a,a7,f1,7c,c7,ab,5e,72,b4,cd,c9,a2,bb,e4,05,df,0c,92,7b,61,8a,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4�000001]
"khjeh"=hex:24,62,eb,ff,3e,a8,9b,97,95,92,b7,e0,f3,5d,44,25,d7,60,e0,c4,0e,..
"d0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4�000001Jf40]
"khjeh"=hex:c1,72,a9,80,f8,ce,e6,16,b5,1e,1b,38,86,64,d2,45,87,df,9f,1d,03,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:1a,a7,f1,7c,c7,ab,5e,72,b4,cd,c9,a2,bb,e4,05,df,0c,92,7b,61,8a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4�000001]
"khjeh"=hex:24,62,eb,ff,3e,a8,9b,97,95,92,b7,e0,f3,5d,44,25,d7,60,e0,c4,0e,..
"d0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4�000001Jf40]
"khjeh"=hex:c1,72,a9,80,f8,ce,e6,16,b5,1e,1b,38,86,64,d2,45,87,df,9f,1d,03,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:1a,a7,f1,7c,c7,ab,5e,72,b4,cd,c9,a2,bb,e4,05,df,0c,92,7b,61,8a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4�000001]
"khjeh"=hex:24,62,eb,ff,3e,a8,9b,97,95,92,b7,e0,f3,5d,44,25,d7,60,e0,c4,0e,..
"d0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4�000001Jf40]
"khjeh"=hex:c1,72,a9,80,f8,ce,e6,16,b5,1e,1b,38,86,64,d2,45,87,df,9f,1d,03,..
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\\x9f\3\x391\3\x389\3\x393\3\x394\3\x389\3\x38a\3\xae\3 ]
"SlowInfoCache"=hex:28,02,00,00,01,00,00,00,00,60,1c,00,00,00,00,00,30,33,c6,98,0d,..
"Changed"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\\xa3\3\x395\3\xb3\3\x38a\3\xb5\3\xbd\3\x394\3\x391\3\x399\3\x394\3\x389\3\x38a\3\xad\3\x392\3 ]
"SlowInfoCache"=hex:28,02,00,00,01,00,00,00,00,b0,26,00,00,00,00,00,40,41,34,ee,fe,..
"Changed"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\x9f\3\x391\3\x389\3\x393\3\x394\3\x389\3\x38a\3\xae\3 ]
"Inno Setup: Setup Version"="4.2.7"
"Inno Setup: App Path"="C:\Program Files\FMY"
"InstallLocation"="C:\Program Files\FMY\"
"Inno Setup: Icon Group"="\x393.\x393.\x3a0.\x3a3."
"Inno Setup: User"="Giorgio"
"Inno Setup: Selected Tasks"="desktopicon"
"Inno Setup: Deselected Tasks"=""
"DisplayName"="\x39f\x3c1\x3b9\x3c3\x3c4\x3b9\x3ba\x3ae \x394\x3ae\x3bb\x3c9\x3c3\x3b7 \x3a6\x39c\x3a5 v1"
"UninstallString"=""C:\Program Files\FMY\unins000.exe""
"QuietUninstallString"=""C:\Program Files\FMY\unins000.exe" /SILENT"
"Publisher"="\x393\x3b5\x3bd\x3b9\x3ba\x3ae \x393\x3c1\x3b1\x3bc\x3bc\x3b1\x3c4\x3b5\x3af\x3b1 \x3a0\x3bb\x3b7\x3c1\x3bf\x3c6\x3bf\x3c1\x3b9\x3b1\x3ba\x3ce\x3bd \x3a3\x3c5\x3c3\x3c4\x3b7\x3bc\x3ac\x3c4\x3c9\x3bd"
"URLInfoAbout"="http://www.gsis.gr"
"HelpLink"="http://www.gsis.gr"
"URLUpdateInfo"="http://www.gsis.gr"
"NoModify"=dword:00000001
"NoRepair"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\xa3\3\x395\3\xb3\3\x38a\3\xb5\3\xbd\3\x394\3\x391\3\x399\3\x394\3\x389\3\x38a\3\xad\3\x392\3 ]
"Inno Setup: Setup Version"="4.2.7"
"Inno Setup: App Path"="C:\Program Files\KVS2007"
"InstallLocation"="C:\Program Files\KVS2007\"
"Inno Setup: Icon Group"="\x393.\x393.\x3a0.\x3a3."
"Inno Setup: User"="Giorgio"
"Inno Setup: Selected Tasks"="desktopicon"
"Inno Setup: Deselected Tasks"=""
"DisplayName"="\x3a3\x3c5\x3b3\x3ba\x3b5\x3bd\x3c4\x3c1\x3c9\x3c4\x3b9\x3ba\x3ad\x3c2 \x3ba\x3b1\x3c4\x3b1\x3c3\x3c4\x3ac\x3c3\x3b5\x3b9\x3c2 \x3a0\x3b5\x3bb\x3b1\x3c4\x3ce\x3bd-\x3a0\x3c1\x3bf\x3bc\x3b7\x3b8\x3b5\x3c5\x3c4\x3ce\x3bd \x388\x3ba\x3b4\x3bf\x3c3\x3b7 2007 v1"
"UninstallString"=""C:\Program Files\KVS2007\unins000.exe""
"QuietUninstallString"=""C:\Program Files\KVS2007\unins000.exe" /SILENT"
"Publisher"="\x393\x3b5\x3bd\x3b9\x3ba\x3ae \x393\x3c1\x3b1\x3bc\x3bc\x3b1\x3c4\x3b5\x3af\x3b1 \x3a0\x3bb\x3b7\x3c1\x3bf\x3c6\x3bf\x3c1\x3b9\x3b1\x3ba\x3ce\x3bd \x3a3\x3c5\x3c3\x3c4\x3b7\x3bc\x3ac\x3c4\x3c9\x3bd"
"URLInfoAbout"="http://www.gsis.gr"
"HelpLink"="http://www.gsis.gr"
"URLUpdateInfo"="http://www.gsis.gr"
"NoModify"=dword:00000001
"NoRepair"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\\x201c\3.]
"Order"=hex:08,00,00,00,02,00,00,00,e8,00,00,00,01,00,00,00,02,00,00,00,76,..
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\\x201c\3.\\xa6\3.]
"Order"=hex:08,00,00,00,02,00,00,00,b6,01,00,00,01,00,00,00,03,00,00,00,90,..
scanning hidden files ...
scan completed successfully
hidden services: 0
hidden files: 0
KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)
ENUMERATION OF PROCESS LIST TERMINATED ABNORMALLY.
RESULTS MAY BE INACCURATE!
KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)
Driver/Module list by traversal of PsLoadedModuleList
804D0000 - \WINDOWS\system32\ntoskrnl.exe
806B8000 - \WINDOWS\system32\hal.dll
F7BAF000 - \WINDOWS\system32\KDCOM.DLL
F7ABF000 - \WINDOWS\system32\BOOTVID.dll
F7662000 - ACPI.sys
F7BB1000 - \WINDOWS\System32\DRIVERS\WMILIB.SYS
F76AF000 - pci.sys
F76BF000 - isapnp.sys
F7C77000 - pciide.sys
F792F000 - \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
F7BB3000 - intelide.sys
F76CF000 - MountMgr.sys
F7643000 - ftdisk.sys
F7937000 - PartMgr.sys
F76DF000 - VolSnap.sys
F762D000 - atapi.sys
F76EF000 - ultra.sys
F7617000 - \WINDOWS\System32\DRIVERS\SCSIPORT.SYS
F76FF000 - disk.sys
F770F000 - \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
F7605000 - sr.sys
F75E5000 - \WINDOWS\system32\drivers\FLTMGR.SYS
F75D1000 - KSecDD.sys
F754E000 - Ntfs.sys
F7526000 - NDIS.sys
F7AC3000 - RecAgent.sys
F750C000 - Mup.sys
F793F000 - agp440.sys
F78FF000 - \SystemRoot\system32\DRIVERS\AmdK8.sys
F52B2000 - \SystemRoot\system32\DRIVERS\ati2mtag.sys
F790F000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
F5298000 - \SystemRoot\system32\DRIVERS\Rtenicxp.sys
F7B7B000 - \SystemRoot\System32\DRIVERS\usbohci.sys
F5279000 - \SystemRoot\System32\DRIVERS\USBPORT.SYS
F791F000 - \SystemRoot\system32\DRIVERS\imapi.sys
F7B7F000 - \SystemRoot\system32\drivers\pfc.sys
F79EF000 - \SystemRoot\system32\drivers\ASAPIW2k.sys
F773F000 - \SystemRoot\System32\DRIVERS\cdrom.sys
F774F000 - \SystemRoot\System32\DRIVERS\redbook.sys
F5258000 - \SystemRoot\System32\DRIVERS\ks.sys
F7BEF000 - \SystemRoot\system32\DRIVERS\NTIDrvr.sys
F5233000 - \SystemRoot\system32\DRIVERS\HDAudBus.sys
F775F000 - \SystemRoot\System32\DRIVERS\serial.sys
F7B8B000 - \SystemRoot\System32\DRIVERS\serenum.sys
F79F7000 - \SystemRoot\System32\DRIVERS\fdc.sys
F776F000 - \SystemRoot\System32\DRIVERS\i8042prt.sys
F79FF000 - \SystemRoot\System32\DRIVERS\kbdclass.sys
F7A07000 - \SystemRoot\system32\DRIVERS\point32.sys
F7A0F000 - \SystemRoot\System32\DRIVERS\mouclass.sys
F521B000 - \SystemRoot\system32\drivers\DCxxMJPG.sys
F777F000 - \SystemRoot\System32\DRIVERS\Epfwndis.sys
F7DB5000 - \SystemRoot\System32\DRIVERS\audstub.sys
F778F000 - \SystemRoot\System32\DRIVERS\rasl2tp.sys
F7B93000 - \SystemRoot\System32\DRIVERS\ndistapi.sys
F5205000 - \SystemRoot\System32\DRIVERS\ndiswan.sys
F779F000 - \SystemRoot\System32\DRIVERS\raspppoe.sys
F77AF000 - \SystemRoot\System32\DRIVERS\raspptp.sys
F7B97000 - \SystemRoot\System32\DRIVERS\TDI.SYS
F51F4000 - \SystemRoot\System32\DRIVERS\psched.sys
F77BF000 - \SystemRoot\System32\DRIVERS\msgpc.sys
F7A17000 - \SystemRoot\System32\DRIVERS\ptilink.sys
F7A1F000 - \SystemRoot\System32\DRIVERS\raspti.sys
F77CF000 - \SystemRoot\System32\DRIVERS\termdd.sys
F7DBE000 - \SystemRoot\System32\DRIVERS\swenum.sys
F5132000 - \SystemRoot\System32\DRIVERS\update.sys
F77DF000 - \SystemRoot\system32\DRIVERS\AmdLLD.sys
F77EF000 - \SystemRoot\System32\Drivers\NDProxy.SYS
F782F000 - \SystemRoot\System32\DRIVERS\usbhub.sys
F7BF1000 - \SystemRoot\System32\DRIVERS\USBD.SYS
ECFCA000 - \SystemRoot\system32\DRIVERS\SLDRV\slnt7554.sys
F54D8000 - \SystemRoot\system32\DRIVERS\SLDRV\SlWdmSup.sys
ECFA9000 - \SystemRoot\system32\DRIVERS\SLDRV\Mtlmnt5.sys
F7A27000 - \SystemRoot\System32\Drivers\Modem.SYS
F54D4000 - \SystemRoot\system32\drivers\MODEMCSA.sys
F54D0000 - \SystemRoot\system32\DRIVERS\usbscan.sys
F7A2F000 - \SystemRoot\System32\DRIVERS\flpydisk.sys
F7BF5000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS
F7CDA000 - \SystemRoot\System32\Drivers\Null.SYS
F7BF7000 - \SystemRoot\System32\Drivers\Beep.SYS
F7CDB000 - \SystemRoot\System32\DRIVERS\AvgAsCln.sys
F7A3F000 - \SystemRoot\System32\drivers\vga.sys
F7BF9000 - \SystemRoot\System32\Drivers\mnmdd.SYS
F7BFB000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys
F7A47000 - \SystemRoot\System32\Drivers\Msfs.SYS
F7A4F000 - \SystemRoot\System32\Drivers\Npfs.SYS
F7B47000 - \SystemRoot\System32\DRIVERS\rasacd.sys
F785F000 - \SystemRoot\System32\DRIVERS\ipsec.sys
ECEFC000 - \SystemRoot\System32\DRIVERS\tcpip.sys
ECEEA000 - \SystemRoot\System32\DRIVERS\epfwtdi.sys
F786F000 - \SystemRoot\System32\DRIVERS\wanarp.sys
ECEC5000 - \SystemRoot\System32\DRIVERS\netbt.sys
ECEA5000 - \SystemRoot\System32\drivers\afd.sys
F787F000 - \SystemRoot\System32\DRIVERS\netbios.sys
F7A5F000 - \??\C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys
ECDDD000 - \SystemRoot\System32\DRIVERS\rdbss.sys
F7B6F000 - \??\C:\WINDOWS\system32\drivers\pclepci.sys
ECD51000 - \SystemRoot\System32\DRIVERS\mrxsmb.sys
F788F000 - \SystemRoot\System32\Drivers\Fips.SYS
F789F000 - \SystemRoot\System32\DRIVERS\easdrv.sys
F78CF000 - \SystemRoot\System32\Drivers\Cdfs.SYS
ECD3B000 - \SystemRoot\System32\Drivers\dump_atapi.sys
F7C13000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS
BF800000 - \??\C:\WINDOWS\system32\win32k.sys
ECF9D000 - \??\C:\WINDOWS\system32\watchdog.sys
BFF80000 - \SystemRoot\System32\drivers\dxg.sys
F7CE7000 - \SystemRoot\System32\drivers\dxgthk.sys
BF000000 - \SystemRoot\System32\ati2dvag.dll
BF045000 - \SystemRoot\System32\ati2cqag.dll
BF09A000 - \SystemRoot\System32\atikvmag.dll
BF0EA000 - \SystemRoot\System32\ati3duag.dll
BF39C000 - \SystemRoot\System32\ativvaxx.dll
BFFA0000 - \SystemRoot\System32\ATMFD.DLL
B85E4000 - \SystemRoot\System32\DRIVERS\epfw.sys
F79D7000 - \SystemRoot\system32\DRIVERS\AegisP.sys
B85AC000 - \SystemRoot\system32\drivers\sysaudio.sys
B839D000 - \SystemRoot\System32\DRIVERS\mrxdav.sys
B85C8000 - \SystemRoot\system32\DRIVERS\MaVc2K.sys
B8328000 - \SystemRoot\System32\DRIVERS\eamon.sys
B82AF000 - \SystemRoot\System32\DRIVERS\srv.sys
B7629000 - \SystemRoot\system32\DRIVERS\SLDRV\Mtlstrm.sys
B7610000 - \SystemRoot\system32\DRIVERS\SLDRV\Slnthal.sys
B74AC000 - \SystemRoot\System32\Drivers\Fastfat.SYS
F7DAD000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys
Total number of drivers = 123
Liste des programmes installes
Συμβάσεις & Συμφωνητικά
Συμβάσεις & Συμφωνητικά
ACDSee 6.0 PowerPack
Adobe ActiveShare 1.3.1
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.1
Adobe® Photoshop® Album Starter Edition 3.0
Adobe® Photoshop® Album Starter Edition 3.0.1
ArcSoft PhotoStudio 5.5
ATI - Βοηθητικό πρόγραμμα απεγκατάστασης λογισμικού
ATI Catalyst Control Center
ATI Display Driver
ATI Parental Control & Encoder
Autorun CD Studio 2.1
AutoStreamer
AutoUpdate
AVI/MPEG/RM/WMV Splitter 4.28
AVIcodec (remove only)
AVIVO Codecs
Barre d'outils Outlook de Windows Live (Windows Live Toolbar)
Bloqueur de fenetres pop-up (Windows Live Toolbar)
BufferChm
Caere Scan Manager 5.0
Canon CanoScan Toolbox 5.0
CanoScan 4400F
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CoffeeCup Flash Firestarter
CoffeeCup Flash Form Builder - Registered
CoffeeCup Flash Menu Builder
CoffeeCup Flash Password Wizard
CoffeeCup Flash Website Font
CoffeeCup Flash Website Font Pack
CoffeeCup Flash Website Search - Registered
CoffeeCup GIF Animator
CoffeeCup Google SiteMapper
CoffeeCup HTML Editor 2007
CoffeeCup Image Mapper
CoffeeCup Live Chat - Registered
CoffeeCup LockBox
CoffeeCup MP3 Rip & Burn
CoffeeCup Photo Gallery - Registered
CoffeeCup PixConverter
CoffeeCup RSS News Flash - Registered
CoffeeCup StyleSheet Maker
CoffeeCup Visual Site Designer
CoffeeCup Web Calendar
CoffeeCup Web JukeBox - Registered
CoffeeCup Web Video Player - Registered
CoffeeCup WebCam
CoffeeCup Website Color Schemer
Concord WinFax Plugin v3.0
CustomerResearchQFolder
CuteFTP
D4200
D4200_Help
Deluxe Menus
Detecteur de flux Windows Live Toolbar (Windows Live Toolbar)
DeviceManagementQFolder
Disc2Phone
DivX Content Uploader
DivX Web Player
dj_sf_ProductContext
dj_sf_software
dj_sf_software_req
DScaler 5 Mpeg Decoders
Dual-Core Optimizer
Easy GIF Animator 4.1
eMule
ESET Smart Security
eSupportQFolder
Extension de Windows Live Toolbar (Windows Live Toolbar)
HijackThis 1.99.1
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
HP Customer Participation Program 8.0
HP Deskjet 8.0 Software
HP Imaging Device Functions 8.0
HP Photosmart Essential
HP Product Detection
HP Share-to-Web
HP Solution Center 8.0
HP Update
HPProductAssistant
HPSSupply
InterVideo WinDVD Creator 2
IZArc 3.81
Jasc Animation Shop 3
Jasc Paint Shop Pro 9
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) SE Runtime Environment 6 Update 1
K-Lite Codec Pack 3.6.5 Full
LightScribe 1.4.136.1
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
MarketResearch
Menus intelligents (Windows Live Toolbar)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliPoint 6.1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft PhotoDraw 2000
Microsoft Silverlight
Microsoft SQL Server Desktop Engine
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mon Carnet d'Adresses
Mozilla ActiveX Control v1.7.12
Mozilla Firefox (2.0.0.11)
Mozilla Thunderbird (2.0.0.9)
MSI Live Update 3
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
NTI Backup NOW! 4
NTI Backup NOW! 4
NTI CD & DVD-Maker
NTI CD & DVD-Maker 7 Platinum
OneCare Advisor (Windows Live Toolbar)
Outlook Express Backup Genie v2.0
Panda ActiveScan
Pinnacle Hollywood FX 5
Pinnacle Studio DC10plus
Pixie registration fix
Presto! PageManager 7.15.14
Rapid PHP 2007 v8.2
Realtek High Definition Audio Driver
Recognita Plus 5.0
SAGEM F@st 1500
ScanSoft OmniPage SE 4.0
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows XP (KB931784)
Sharp GX25 USB-Handset Manager
Skins
SmartSound Quicktracks Plugin
SmartSound Quicktracks Plugin
SmartUSB56 Voice Modem
SnatchIt! Video Screen Capture
SolutionCenter
Sony Ericsson PC Suite
Status
Studio 9
Studio 9.4 Patch
Symantec WinFax PRO
System Requirements Lab
ThumbsPlus version 7.0
Toolbox
TrayApp
Ulead GIF Animator 5
Uniblue RegistryBooster 2
Uniblue SpyEraser
UnloadSupport
VideoLAN VLC media player 0.8.6d
WebFldrs XP
WebReg
WeBuilder 2007 v8.0
Windows Desktop Search
Windows Desktop Search (KB926356-V2)
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Live Favorites pour Windows Live Toolbar
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows Media Format 11 runtime
Windows Media Format Runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
WinZip
XML Paper Specification Shared Components Pack 1.0
Volume in drive C is DRIVE_C
Volume Serial Number is 747A-C779
Directory of C:\Program Files
26/01/2008 11:12 <DIR> .
26/01/2008 11:12 <DIR> ..
15/06/2007 12:07 <DIR> ACD Systems
24/08/2007 08:45 <DIR> Adobe
03/01/2008 02:15 <DIR> AMD
27/09/2007 16:44 <DIR> ArcSoft
16/01/2008 12:30 <DIR> ATI Technologies
31/05/2007 10:40 <DIR> Autorun CD Studio
26/01/2008 11:13 <DIR> AutoStreamer
03/06/2007 10:44 <DIR> AVI MPEG RM WMV Splitter
03/06/2007 10:54 <DIR> AVIcodec
01/10/2007 10:41 <DIR> Canon
31/05/2007 19:45 <DIR> CD MEDIA
01/01/2008 20:20 <DIR> CoffeeCup Software
31/12/2007 14:52 <DIR> CoffeeCup SoftwareWebsiteFont
11/01/2008 11:33 <DIR> Common Files
29/05/2007 14:01 <DIR> ComPlus Applications
31/05/2007 19:46 <DIR> Contact
31/05/2007 16:50 <DIR> Corel
19/06/2007 13:00 <DIR> Deluxe Menus
11/01/2008 10:24 <DIR> DIFX
24/08/2007 08:46 <DIR> Disc2Phone
11/07/2007 16:54 <DIR> DivX
03/06/2007 11:15 <DIR> DScaler5
15/11/2007 18:08 <DIR> E9
30/11/2007 13:52 <DIR> Easy GIF Animator
25/01/2008 09:08 <DIR> ESET
04/11/2007 18:38 <DIR> FMY
27/09/2007 16:37 <DIR> Hewlett-Packard
01/10/2007 16:57 <DIR> HP
02/06/2007 13:02 <DIR> hp deskjet 840c series
29/05/2007 17:29 <DIR> Intel
25/01/2008 09:51 <DIR> Internet Explorer
01/06/2007 11:30 <DIR> InterVideo
21/01/2008 16:03 <DIR> IZArc
31/05/2007 10:50 <DIR> Jasc Software Inc
02/11/2007 11:43 <DIR> Java
17/01/2008 16:55 <DIR> K-Lite Codec Pack
19/01/2008 12:27 <DIR> KVS
13/12/2007 14:26 <DIR> KVS2007
31/05/2007 19:52 <DIR> LexFr
24/01/2008 19:53 <DIR> Messenger
30/05/2007 10:57 <DIR> Microsoft ActiveSync
14/06/2007 10:02 <DIR> Microsoft CAPICOM 2.1.0.2
29/05/2007 14:04 <DIR> microsoft frontpage
22/01/2008 15:08 <DIR> Microsoft IntelliPoint
31/05/2007 07:59 <DIR> Microsoft Office
22/01/2008 11:39 <DIR> Microsoft Silverlight
22/01/2008 16:19 <DIR> Microsoft SQL Server
30/05/2007 10:57 <DIR> Microsoft Visual Studio
09/06/2007 09:43 <DIR> Mobile Action
01/06/2007 12:14 <DIR> Mon Carnet d'Adresses
25/01/2008 09:52 <DIR> Movie Maker
18/10/2007 13:11 <DIR> Mozilla ActiveX Control v1.7.12
27/01/2008 09:45 <DIR> Mozilla Firefox
01/01/2008 18:27 <DIR> Mozilla Thunderbird
29/05/2007 21:53 <DIR> MSBuild
10/01/2008 10:49 <DIR> MSI
29/05/2007 14:00 <DIR> MSN
29/05/2007 14:00 <DIR> MSN Gaming Zone
22/01/2008 13:45 <DIR> MSN Messenger
01/06/2007 11:28 <DIR> MSXML 4.0
14/06/2007 09:30 <DIR> MSXML 6.0
25/01/2008 09:52 <DIR> NetMeeting
01/10/2007 18:21 <DIR> NewSoft
06/01/2008 09:58 <DIR> NewTech Infosystems
29/05/2007 14:02 <DIR> Online Services
25/01/2008 09:52 <DIR> Outlook Express
19/01/2008 22:23 <DIR> Panda Software
25/01/2008 20:51 <DIR> Passcape
24/01/2008 09:50 <DIR> Passware
26/10/2007 16:27 <DIR> pcmesh
07/11/2007 12:13 <DIR> PHP
10/01/2008 17:40 <DIR> Pinnacle
06/01/2008 10:15 <DIR> Pinnacle Systems
26/10/2007 11:20 <DIR> Rapid PHP 2007
03/01/2008 02:13 <DIR> Realtek
31/05/2007 07:50 <DIR> Recognita Plus 5.0
29/05/2007 21:46 <DIR> Reference Assemblies
16/01/2008 13:52 <DIR> SAGEM
27/09/2007 16:45 <DIR> ScanSoft
03/01/2008 11:50 <DIR> Setup Files
06/01/2008 09:53 <DIR> SmartSound Software
21/01/2008 19:31 <DIR> SnatchIt!
24/08/2007 08:36 <DIR> Sony Ericsson
20/01/2008 16:05 <DIR> Spyware Doctor
30/05/2007 11:25 <DIR> Symantec
15/06/2007 12:04 <DIR> Thumbs7
30/11/2007 14:15 <DIR> Ulead Systems
20/01/2008 16:30 <DIR> Uniblue
31/05/2007 13:49 <DIR> VideoLAN
26/10/2007 16:33 <DIR> WeBuilder 2007
22/01/2008 15:05 <DIR> Windows Desktop Search
22/01/2008 15:04 <DIR> Windows Live Favorites
22/01/2008 15:04 <DIR> Windows Live Toolbar
25/01/2008 20:31 <DIR> Windows Media Connect 2
25/01/2008 10:07 <DIR> Windows Media Player
25/01/2008 09:51 <DIR> Windows NT
22/01/2008 15:09 <DIR> WinFax
24/01/2008 10:01 <DIR> WinZip
17/01/2008 10:26 <DIR> Wise Registry Cleaner
29/05/2007 14:04 <DIR> xerox
0 File(s) 0 bytes
102 Dir(s) 112.367.886.336 bytes free
Volume in drive C is DRIVE_C
Volume Serial Number is 747A-C779
Directory of C:\Program Files\common files
11/01/2008 11:33 <DIR> .
11/01/2008 11:33 <DIR> ..
15/06/2007 12:07 <DIR> ACD Systems
10/01/2008 16:05 <DIR> Acronis
30/05/2007 11:09 <DIR> Adobe
03/01/2008 13:28 <DIR> ATI Technologies
31/05/2007 07:50 <DIR> Caere
27/09/2007 16:43 <DIR> CANON
31/05/2007 13:59 <DIR> Concord Shared
30/05/2007 10:57 <DIR> Designer
30/05/2007 11:09 <DIR> FotoNation
09/06/2007 09:29 <DIR> Hewlett-Packard
01/10/2007 16:58 <DIR> HP
01/06/2007 10:58 <DIR> InstallShield
31/05/2007 10:52 <DIR> Jasc Software Inc
04/06/2007 09:37 <DIR> Java
30/05/2007 10:55 <DIR> L&H
22/01/2008 15:10 <DIR> LightScribe
15/10/2007 10:53 <DIR> Microsoft Shared
29/05/2007 14:01 <DIR> MSSoap
08/06/2007 12:09 <DIR> muvee Technologies
08/06/2007 12:11 <DIR> NewTech Infosystems
31/05/2007 13:57 <DIR> Novell Shared
29/05/2007 16:49 <DIR> ODBC
19/01/2008 20:04 <DIR> Panda Software
01/10/2007 18:22 <DIR> PDFView
27/09/2007 16:46 <DIR> ScanSoft Shared
29/05/2007 14:01 <DIR> Services
29/05/2007 16:49 <DIR> SpeechEngines
01/06/2007 11:43 <DIR> SWF Studio
31/05/2007 14:00 <DIR> Symantec Shared
25/01/2008 09:52 <DIR> System
24/08/2007 08:37 <DIR> Teleca Shared
0 File(s) 0 bytes
33 Dir(s) 112.367.886.336 bytes free
c:\Documents and Settings\Admin\Local Settings\Temp\WindowsInstaller-KB893803-v2-x86.exe
c:\Documents and Settings\Admin\Local Settings\Temp\Adobe Reader 8\Setup.exe
c:\Documents and Settings\Admin\Local Settings\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER.exe
c:\Documents and Settings\Admin\Local Settings\Temp\wz454b\RegSearch (Trial).exe
c:\Documents and Settings\Admin\Local Settings\Temp\wza26e\avenger.exe
c:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\C5QBG5IB\WindowsInstaller-KB893803-v2-x86[1].exe
c:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\CLAZ016B\winzip111[1].exe
c:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\EZCBM7YD\CDM_Enu_2_5_4_17[1].exe
c:\Documents and Settings\Admin\My Documents\RegRun2\Files\explorer.exe
c:\Documents and Settings\Admin\My Documents\RegRun2\Files\NTOSKRNL.EXE
c:\Documents and Settings\All Users\Application Data\GlobalSCAPE\CuteFTP\CuteFTP_CRK.exe
c:\Documents and Settings\All Users\Application Data\GlobalSCAPE\CuteFTP\cutftp32.exe
c:\Documents and Settings\All Users\Application Data\GlobalSCAPE\CuteFTP\stub.exe
c:\Documents and Settings\All Users\Application Data\GlobalSCAPE\CuteFTP\unreg.exe
c:\Documents and Settings\All Users\Application Data\GlobalSCAPE\CuteFTP\unwise32.exe
c:\Documents and Settings\All Users\Application Data\GlobalSCAPE\CuteFTP\CuteHTML\cutehtml.exe
c:\Documents and Settings\Giorgio\Application Data\Microsoft\Installer\{01B28B7B-EEC6-12D5-5B5A-5A7EBDF5EFBA}\ARPPRODUCTICON.exe
c:\Documents and Settings\Giorgio\Application Data\Microsoft\Installer\{01E836B9-843A-42F7-9F10-0F261B3B15DA}\ARPPRODUCTICON.exe
c:\Documents and Settings\Giorgio\Application Data\Microsoft\Installer\{06577CC6-34AC-F592-C982-ACA2C6693F4B}\ARPPRODUCTICON.exe
c:\Documents and Settings\Giorgio\Application Data\Microsoft\Installer\{09784F06-A9D0-AD2F-9947-4637F8917EED}\ARPPRODUCTICON.exe
c:\Documents and Settings\Giorgio\Application Data\Microsoft\Installer\{13400EBE-5DE5-48E5-FBDC-27CC4E2FB723}\ARPPRODUCTICON.exe
c:\Documents and Settings\Giorgio\Application Data\Microsoft\Installer\{14E01A0E-14CF-A34F-6B02-24710B14E4FB}\ARPPRODUCTICON.exe
c:\Documents and Settings\Giorgio\Application Data\Microsoft\Installer\{1BCAF2AE-302A-515A-12B5-48AF8CCE00FF}\ARPPRODUCTICON.exe
c:\Documents and Settings\Giorgio\Application Data\Microsoft\Installer\{2BD1F67A-F41E-35FB-75F5-6D1A1D08A478}\ARPPRODUCTICON.exe
c:\Documents and Settings\Giorgio\Application Data\Microsoft\Installer\{413A49C0-E43E-FE69-D9D5-DBF6B8F24CA4}\ARPPRODUCTICON.exe
c:\Documents and Settings\Giorgio\Application Data\Microsoft\Installer\{4A106F8A-7C4D-F592-6FA0-71E056236F74}\ARPPRODUCTICON.exe
c:\Documents and Settings\Giorgio\Application Data\Microsoft\Installer\{554597A5-A57A-9592-A28E-3EBDCFFC5516}\ARPPRODUCTICON.exe
c:\Documents and Settings\Giorgio\Application Data\Microsoft\Installer\{6045FB3F-5CF6-2157-885B-20BC9DBC6B0A}\ARPPRODUCTICON.exe
c:\Documents and Settings\Giorgio\Application Data\Microsoft\Installer\{788E737C-54C5-0E5B-2C2D-A5AE5E941765}\ARPPRODUCTICON.exe
c:\Documents and Settings\Giorgio\Application Data\Microsoft\Installer\{7A6B26B5-6872-B3ED-A644-396778046FE4}\ARPPRODUCTICON.exe
c:\Documents and Settings\Giorgio\Application Data\Microsoft\Installer\{7C4196CA-CA41-4F34-9C08-7724E7705D52}\ARPPRODUCTICON.exe
c:\Documents and Settings\Giorgio\Application Data\Microsoft\Installer\{7C4196CA-CA41-4F34-9C08-7724E7705D52}\NewShortcut1_7C4196CACA414F349C087724E7705D52.exe
c:\Documents and Settings\Giorgio\Application Data\Microsoft\Installer\{80BDA494-E9FF-2A4C-209B-AC1F84957A72}\ARPPRODUCTICON.exe
c:\Documents and Settings\Giorgio\Application Data\Microsoft\Installer\{851B7934-1CF6-3CF7-7E60-61E74509279A}\ARPPRODUCTICON.exe
c:\Documents and Settings\Giorgio\Application Data\Microsoft\Installer\{89C9ECA1-6FCF-CA48-FCB4-E6AD3D2E812E}\ARPPRODUCTICON.exe
c:\Documents and Settings\Giorgio\Application Data\Microsoft\Installer\{8AA18701-9EFA-6B5D-E199-D55EA27DBC83}\ARPPRODUCTICON.exe
c:\Documents and Settings\Giorgio\Application Data\Microsoft\Installer\{8CE62CBA-6D7E-B810-20CE-D8159427295A}\ARPPRODUCTICON.exe
c:\Documents and Settings\Giorgio\Application Data\Microsoft\Installer\{8D5C20A6-5CBF-4D0F-7193-4703DC2F27DF}\ARPPRODUCTICON.exe
c:\Documents and Settings\Giorgio\Application Data\Microsoft\Installer\{A9759B20-7D00-5BBF-031C-D35B297D3D19}\ARPPRODUCTICON.exe
c:\Documents and Settings\Giorgio\Application Data\Microsoft\Installer\{ABFB9EA8-2B03-6470-39BD-0535DB3021FC}\ARPPRODUCTICON.exe
c:\Documents and Settings\Giorgio\Application Data\Microsoft\Installer\{AE7363A2-B18A-1C20-E91A-8D31230A78C7}\ARPPRODUCTICON.exe
c:\Documents and Settings\Giorgio\Application Data\Microsoft\Installer\{B0E062C5-21A4-ADDF-759C-4852A9507AC4}\ARPPRODUCTICON.exe
c:\Documents and Settings\Giorgio\Application Data\Microsoft\Installer\{B38B8FCF-200E-9829-782F-3C47B2629B6F}\ARPPRODUCTICON.exe
c:\Documents and Settings\Giorgio\Application Data\Microsoft\Installer\{B68521B4-5BCA-E327-E0F0-FA5E0704F1B9}\ARPPRODUCTICON.exe
c:\Documents and Settings\Giorgio\Application Data\Microsoft\Installer\{B969515D-747E-1831-B8FC-9BFEF6590F9E}\ARPPRODUCTICON.exe
c:\Documents and Settings\Giorgio\Application Data\Microsoft\Installer\{BCA02FAD-2C86-4C8C-A815-51C09F4E51FF}\ARPPRODUCTICON.exe
c:\Documents and Settings\Giorgio\Application Data\Microsoft\Installer\{BE5C71FE-D9F0-9EC8-041C-CC4D7BF5DDF0}\ARPPRODUCTICON.exe
c:\Documents and Settings\Giorgio\Application Data\Microsoft\Installer\{BF2E75D1-E386-E496-D7B7-92C47FD28B4C}\ARPPRODUCTICON.exe
c:\Documents and Settings\Giorgio\Application Data\Microsoft\Installer\{BF707D69-A99C-3D43-F408-266177F59C95}\ARPPRODUCTICON.exe
c:\Documents and Settings\Giorgio\Application Data\Microsoft\Installer\{C5B66459-7020-E809-13A9-B7401550B1D0}\ARPPRODUCTICON.exe
c:\Documents and Settings\Giorgio\Application Data\Microsoft\Installer\{C60A4D74-4922-872B-C801-DFEA30557817}\ARPPRODUCTICON.exe
c:\Documents and Settings\Giorgio\Application Data\Microsoft\Installer\{C6F58E1D-EB38-08F6-76A5-568553A2BA66}\ARPPRODUCTICON.exe
c:\Documents and Settings\Giorgio\Application Data\Microsoft\Installer\{C941F1F1-25B3-4DF5-83E6-888C51A1AAB6}\ARPPRODUCTICON.exe
c:\Documents and Settings\Giorgio\Application Data\Microsoft\Installer\{C9D1D844-9AE6-B208-19B1-71967A62DEFC}\ARPPRODUCTICON.exe
c:\Documents and Settings\Giorgio\Application Data\Microsoft\Installer\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}\ARPPRODUCTICON.exe
c:\Documents and Settings\Giorgio\Application Data\Microsoft\Installer\{CB803548-1B13-B505-A6BF-2F20B951D0C3}\ARPPRODUCTICON.exe
c:\Documents and Settings\Giorgio\Application Data\Microsoft\Installer\{D09B05A7-714E-55F2-D9F8-4797641E961D}\ARPPRODUCTICON.exe
c:\Documents and Settings\Giorgio\Application Data\Microsoft\Installer\{D9DD35C3-0967-1F19-8024-4C2E9202729B}\ARPPRODUCTICON.exe
c:\Documents and Settings\Giorgio\Application Data\Microsoft\Installer\{EA117E9A-586E-A80E-FB01-D34FE9F1E61F}\ARPPRODUCTICON.exe
c:\Documents and Settings\Giorgio\Application Data\Microsoft\Installer\{EFCF2EC0-39B9-CF5C-73DA-07DC33F91599}\ARPPRODUCTICON.exe
c:\Documents and Settings\Giorgio\Application Data\Microsoft\Installer\{F843C6A3-224D-4615-94F8-3C461BD9AEA0}\ARPPRODUCTICON.exe
c:\Documents and Settings\Giorgio\Application Data\Microsoft\Installer\{F8D32782-613E-7076-4AFD-E7232A23515D}\ARPPRODUCTICON.exe
c:\Documents and Settings\Giorgio\Application Data\Microsoft\Installer\{FFF14D52-BE57-EA38-DEA9-B0101D14B1A2}\ARPPRODUCTICON.exe
c:\Documents and Settings\All Users\Application Data\eMule\config\libbz2.dll
c:\Documents and Settings\All Users\Application Data\GlobalSCAPE\CuteFTP\CuteLink.dll
c:\Documents and Settings\All Users\Application Data\GlobalSCAPE\CuteFTP\CuteSearch.dll
c:\Documents and Settings\All Users\Application Data\GlobalSCAPE\CuteFTP\CuteShell.dll
c:\Documents and Settings\All Users\Application Data\Grisoft\AVG Anti-Spyware 7.5\Downloads\help.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll
c:\Documents and Settings\Giorgio\Local Settings\Application Data\eMule\config\libbz2.dll
c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
****** Fin du rapport DiagHelp
Veuillez svp envoyer le fichier C:\upload_moi_BX-GEORGES.tar.gz a l'adresse http://upload.malekal.com
Avec NOD32 ou manuellement je efface
srosa.sys
hldrrr.exe
autolncu.ref
wintms.exe
et au registre les : hldrrr, srosa, fisrtrrrun, datetime4, wintems
Chaque demarage execution "dj_sf_software" - etait repare avec sp1, alors ont doit execute le mis a jour en sp2
