Espace Micro

Bonjour, Désolé pour hier soir !! Mais j'ai du partir. J'ai suivi tes instructions et voilà le rapport que j'ai obtenu : ComboFix 09-06-17.04 - DG 19/06/2009 9:09.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1918.1570 [GMT 2:00] Lancé depuis: c:\documents and settings\DG\Bureau\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\DG\Bureau\CFScript.txt AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! FILE :: "c:\documents and settings\DG\Menu Démarrer\Programmes\Démarrage\rncsys32.exe" "c:\windows\pss\rncsys32.exe" "c:\windows\system32\drivers\amd64si.sys" . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\DG\Application Data\wiaserva.log c:\documents and settings\DG\Menu Démarrer\Programmes\Démarrage\rncsys32.exe . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_AMD64SI -------\Service_amd64si ((((((((((((((((((((((((((((( Fichiers créés du 2009-05-19 au 2009-06-19 )))))))))))))))))))))))))))))))))))) . 2009-06-17 13:54 . 2009-06-17 14:25 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-06-17 13:53 . 2009-06-17 13:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2009-06-16 15:15 . 2009-06-16 15:39 -------- d-----w- c:\windows\BDOSCAN8 . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-17 15:01 . 2004-08-05 12:00 73236 ----a-w- c:\windows\system32\perfc00C.dat 2009-06-17 15:01 . 2004-08-05 12:00 462954 ----a-w- c:\windows\system32\perfh00C.dat 2009-06-17 13:53 . 2006-06-14 15:45 -------- d-----w- c:\program files\Google 2009-05-14 07:39 . 2009-05-14 07:39 -------- d-----w- c:\documents and settings\DG\Application Data\TeamViewer 2009-05-07 10:43 . 2007-08-09 12:38 -------- d-----w- c:\program files\Java 2009-05-07 10:43 . 2009-05-07 10:43 152576 ----a-w- c:\documents and settings\DG\Application Data\Sun\Java\jre1.6.0_13\lzma.dll . ((((((((((((((((((((((((((((( SnapShot@2009-06-18_15.13.54 ))))))))))))))))))))))))))))))))))))))))) . + 2009-06-19 07:11 . 2009-06-19 07:11 16384 c:\windows\Temp\Perflib_Perfdata_70c.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-16 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DkAutoReg.exe"="c:\program files\Rainbow Technologies\iKey 2000 Series Software\DkAutoReg.exe" [2002-07-24 241664] "DkStartup"="c:\program files\Rainbow Technologies\iKey 2000 Series Software\DkStartup.exe" [2002-07-24 217088] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoWelcomeScreen"= 1 (0x1) [HKLM\~\startupfolder\c:^documents and settings^all users^menu démarrer^programmes^démarrage^microsoft office.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\MsgSys.EXE"= R3 iKeyEnum;Rainbow iKey Enumerator;c:\windows\system32\drivers\IKEYENUM.SYS [01/03/2006 11:27 11464] R3 iKeyIFD;Rainbow iKey Virtual Reader;c:\windows\system32\drivers\IKEYIFD.SYS [01/03/2006 11:27 17928] S3 RnbToken;Rainbow iKey Token Service;c:\windows\system32\drivers\RNBTOKEN.SYS [01/03/2006 11:27 18536] . Contenu du dossier 'Tâches planifiées' 2009-06-19 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-26 13:53] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.com/ uSearch Page = hxxp://www.google.com uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearch Bar = hxxp://www.google.com/ie mDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie TCP: {8125C0D6-DC45-4EEC-80D7-A5466789B6DA} = 192.168.200.1 DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-19 09:11 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(852) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(1164) c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\ati2evxx.exe c:\program files\Fichiers communs\Acronis\Schedule2\schedul2.exe c:\windows\system32\ati2evxx.exe c:\program files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe c:\windows\system32\dklog.exe c:\windows\system32\cba\pds.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\scardsvr.exe c:\windows\system32\AMS_II\IAO.EXE c:\windows\system32\MSGSYS.EXE c:\windows\system32\cba\XFR.EXE c:\windows\system32\dkcktkn.exe c:\windows\system32\AMS_II\HNDLRSVC.EXE c:\windows\system32\wscntfy.exe c:\windows\system32\wbem\wmiapsrv.exe . ************************************************************************** . Heure de fin: 2009-06-19 9:13 - La machine a redémarré ComboFix-quarantined-files.txt 2009-06-19 07:13 Avant-CF: 233 955 061 760 octets libres Après-CF: 233 940 500 480 octets libres 124 Je te remercie de la patiente que tu m'accordes =) !

D'accord =) Alors voilà le rapport Catchme catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-18 13:52:31 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden files ... scan completed successfully hidden files: 0 Et ensuite le rapport Combofix ComboFix 09-06-17.04 - DG 18/06/2009 17:10.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1918.1559 [GMT 2:00] Lancé depuis: c:\documents and settings\DG\Bureau\ComboFix.exe AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\SAV c:\windows\system32\drivers\ce7a2c4e.sys c:\documents and settings\DG\Application Data\wiaserva.log c:\documents and settings\DG\DG.exe c:\program files\SAV\AMS2\Winnt\12520437.CP_ c:\program files\SAV\AMS2\Winnt\12520850.CP_ c:\program files\SAV\AMS2\Winnt\AMS.DL_ c:\program files\SAV\AMS2\Winnt\AMS2.CA_ c:\program files\SAV\AMS2\Winnt\AMS2.CFG c:\program files\SAV\AMS2\Winnt\ams2inst.dll c:\program files\SAV\AMS2\Winnt\AMSDB.MD_ c:\program files\SAV\AMS2\Winnt\AMSLIB.DL_ c:\program files\SAV\AMS2\Winnt\AMSLIB.PD_ c:\program files\SAV\AMS2\Winnt\AMSUI.DL_ c:\program files\SAV\AMS2\Winnt\BCSTHCFG.DL_ c:\program files\SAV\AMS2\Winnt\BCSTHNDL.DL_ c:\program files\SAV\AMS2\Winnt\CACONFIG.EX_ c:\program files\SAV\AMS2\Winnt\CADB.DL_ c:\program files\SAV\AMS2\Winnt\CASVC.EX_ c:\program files\SAV\AMS2\Winnt\CASVC.MD_ c:\program files\SAV\AMS2\Winnt\CAUninst.dll c:\program files\SAV\AMS2\Winnt\CBA.CA_ c:\program files\SAV\AMS2\Winnt\CBA.DL_ c:\program files\SAV\AMS2\Winnt\CBACHAT.EX_ c:\program files\SAV\AMS2\Winnt\CBADB.MD_ c:\program files\SAV\AMS2\Winnt\CBATL.MD_ c:\program files\SAV\AMS2\Winnt\CBAXFR.DL_ c:\program files\SAV\AMS2\Winnt\CLUTIL_S.DL_ c:\program files\SAV\AMS2\Winnt\CSL.DL_ c:\program files\SAV\AMS2\Winnt\CSSM32S.DL_ c:\program files\SAV\AMS2\Winnt\CSSM32S.SI_ c:\program files\SAV\AMS2\Winnt\CSSMS_IN.DL_ c:\program files\SAV\AMS2\Winnt\CTL3D32.DL_ c:\program files\SAV\AMS2\Winnt\DS16GT.DL_ c:\program files\SAV\AMS2\Winnt\DS32GT.DL_ c:\program files\SAV\AMS2\Winnt\ENUAMS.LR_ c:\program files\SAV\AMS2\Winnt\ENUAMS2.CN_ c:\program files\SAV\AMS2\Winnt\ENUAMS2.HL_ c:\program files\SAV\AMS2\Winnt\ENUAMSUI.LR_ c:\program files\SAV\AMS2\Winnt\ENUCACRC.LR_ c:\program files\SAV\AMS2\Winnt\ENUCAIN.DL_ c:\program files\SAV\AMS2\Winnt\ENUCAMGR.CN_ c:\program files\SAV\AMS2\Winnt\ENUCAMGR.HL_ c:\program files\SAV\AMS2\Winnt\ENUCASRC.LR_ c:\program files\SAV\AMS2\Winnt\enuinst.dll c:\program files\SAV\AMS2\Winnt\ENUPDSRC.LR_ c:\program files\SAV\AMS2\Winnt\ENUSAT.CN_ c:\program files\SAV\AMS2\Winnt\ENUSAT.HL_ c:\program files\SAV\AMS2\Winnt\ENUSAT.LR_ c:\program files\SAV\AMS2\Winnt\ENUXFRRC.LR_ c:\program files\SAV\AMS2\Winnt\FRAAMS.LR_ c:\program files\SAV\AMS2\Winnt\FRAAMS2.CN_ c:\program files\SAV\AMS2\Winnt\FRAAMS2.HL_ c:\program files\SAV\AMS2\Winnt\FRAAMSUI.LR_ c:\program files\SAV\AMS2\Winnt\FRACACRC.LR_ c:\program files\SAV\AMS2\Winnt\FRACAIN.DL_ c:\program files\SAV\AMS2\Winnt\FRACAMGR.CN_ c:\program files\SAV\AMS2\Winnt\FRACAMGR.HL_ c:\program files\SAV\AMS2\Winnt\FRACASRC.LR_ c:\program files\SAV\AMS2\Winnt\frainst.dll c:\program files\SAV\AMS2\Winnt\FRAPDSRC.LR_ c:\program files\SAV\AMS2\Winnt\FRASAT.CN_ c:\program files\SAV\AMS2\Winnt\FRASAT.HL_ c:\program files\SAV\AMS2\Winnt\FRASAT.LR_ c:\program files\SAV\AMS2\Winnt\FRAXFRRC.LR_ c:\program files\SAV\AMS2\Winnt\HNDLRSVC.EX_ c:\program files\SAV\AMS2\Winnt\IAO.EX_ c:\program files\SAV\AMS2\Winnt\INDSM_S.DL_ c:\program files\SAV\AMS2\Winnt\InstallAMS.dll c:\program files\SAV\AMS2\Winnt\ITMLHCFG.DL_ c:\program files\SAV\AMS2\Winnt\ITMLHNDL.DL_ c:\program files\SAV\AMS2\Winnt\IX509CLS.DL_ c:\program files\SAV\AMS2\Winnt\LOC32VC0.DL_ c:\program files\SAV\AMS2\Winnt\loc32vc0.dll c:\program files\SAV\AMS2\Winnt\MFC42.DL_ c:\program files\SAV\AMS2\Winnt\MFC42ENU.DL_ c:\program files\SAV\AMS2\Winnt\MFC42FRA.DL_ c:\program files\SAV\AMS2\Winnt\MSBXHCFG.DL_ c:\program files\SAV\AMS2\Winnt\MSBXHNDL.DL_ c:\program files\SAV\AMS2\Winnt\MSCPXL32.DL_ c:\program files\SAV\AMS2\Winnt\MSGSYS.DL_ c:\program files\SAV\AMS2\Winnt\MSGSYS.EX_ c:\program files\SAV\AMS2\Winnt\MSJET35.DL_ c:\program files\SAV\AMS2\Winnt\MSJET40.DL_ c:\program files\SAV\AMS2\Winnt\MSJINT40.DL_ c:\program files\SAV\AMS2\Winnt\MSJTER40.DL_ c:\program files\SAV\AMS2\Winnt\MSLTUS40.DL_ c:\program files\SAV\AMS2\Winnt\MSRD2X40.DL_ c:\program files\SAV\AMS2\Winnt\MSVCIRT.DL_ c:\program files\SAV\AMS2\Winnt\MSVCRT.DL_ c:\program files\SAV\AMS2\Winnt\MSVCRT20.DL_ c:\program files\SAV\AMS2\Winnt\MSVCRT40.DL_ c:\program files\SAV\AMS2\Winnt\msvcrt40.dll c:\program files\SAV\AMS2\Winnt\MTXDM.DL_ c:\program files\SAV\AMS2\Winnt\NLMXHCFG.DL_ c:\program files\SAV\AMS2\Winnt\NTELHCFG.DL_ c:\program files\SAV\AMS2\Winnt\NTELHNDL.DL_ c:\program files\SAV\AMS2\Winnt\NTS.DL_ c:\program files\SAV\AMS2\Winnt\NTSU2T.DL_ c:\program files\SAV\AMS2\Winnt\ODBC16GT.DL_ c:\program files\SAV\AMS2\Winnt\ODBC32.DL_ c:\program files\SAV\AMS2\Winnt\ODBC32GT.DL_ c:\program files\SAV\AMS2\Winnt\ODBCAD32.EX_ c:\program files\SAV\AMS2\Winnt\ODBCCP32.CP_ c:\program files\SAV\AMS2\Winnt\ODBCCP32.DL_ c:\program files\SAV\AMS2\Winnt\ODBCCR32.DL_ c:\program files\SAV\AMS2\Winnt\ODBCINST.CN_ c:\program files\SAV\AMS2\Winnt\ODBCINST.HL_ c:\program files\SAV\AMS2\Winnt\ODBCINT.DL_ c:\program files\SAV\AMS2\Winnt\ODBCJET.CN_ c:\program files\SAV\AMS2\Winnt\ODBCJET.HL_ c:\program files\SAV\AMS2\Winnt\ODBCJI32.DL_ c:\program files\SAV\AMS2\Winnt\ODBCJT32.DL_ c:\program files\SAV\AMS2\Winnt\ODBCTL32.DL_ c:\program files\SAV\AMS2\Winnt\ODBCTRAC.DL_ c:\program files\SAV\AMS2\Winnt\ORIGREG.DL_ c:\program files\SAV\AMS2\Winnt\ORIGREG.PD_ c:\program files\SAV\AMS2\Winnt\PAGEHCFG.DL_ c:\program files\SAV\AMS2\Winnt\PAGEHNDL.DL_ c:\program files\SAV\AMS2\Winnt\PDS.DL_ c:\program files\SAV\AMS2\Winnt\PDS.EX_ c:\program files\SAV\AMS2\Winnt\PRGXHCFG.DL_ c:\program files\SAV\AMS2\Winnt\PRGXHNDL.DL_ c:\program files\SAV\AMS2\Winnt\SNMPAT.EX_ c:\program files\SAV\AMS2\Winnt\SNMPAT.LD_ c:\program files\SAV\AMS2\Winnt\SNMPHCFG.DL_ c:\program files\SAV\AMS2\Winnt\SNMPHNDL.DL_ c:\program files\SAV\AMS2\Winnt\VBAJET32.DL_ c:\program files\SAV\AMS2\Winnt\VBAR332.DL_ c:\program files\SAV\AMS2\Winnt\XFR.EX_ c:\program files\SAV\AMSAdmin.exe c:\program files\SAV\amscust.dll c:\program files\SAV\GRCGRP.DAT c:\program files\SAV\Langs\Enu\AMS2NT\FRAAMS2.HL_ c:\program files\SAV\SAVSetup\0x040c.ini c:\program files\SAV\SAVSetup\AMS2\0x040c.ini c:\program files\SAV\SAVSetup\AMS2\AMS.msi c:\program files\SAV\SAVSetup\AMS2\amsover.dat c:\program files\SAV\SAVSetup\AMS2\AMSREMOTE.DAT c:\program files\SAV\SAVSetup\AMS2\amsremote.exe c:\program files\SAV\SAVSetup\AMS2\instmsiw.exe c:\program files\SAV\SAVSetup\AMS2\Setup.exe c:\program files\SAV\SAVSetup\AMS2\Setup.ini c:\program files\SAV\SAVSetup\AMS2\Setup.iss c:\program files\SAV\SAVSetup\cpolicy.xml c:\program files\SAV\SAVSetup\instmsiw.exe c:\program files\SAV\SAVSetup\instopts.dat c:\program files\SAV\SAVSetup\SETTINGS.INI c:\program files\SAV\SAVSetup\Setup.exe c:\program files\SAV\SAVSetup\Setup.ini c:\program files\SAV\SAVSetup\Symantec Client Security.msi c:\program files\SAV\SAVSetup\vpremote.dat c:\program files\SAV\SAVSetup\VPREMOTE.exe c:\program files\SAV\VD218E12.vdb c:\program files\SAV\VD219C23.vdb c:\program files\SAV\VD21AA18.vdb c:\program files\SAV\VD21B814.vdb c:\program files\SAV\VD21B814.XDB c:\windows\system32\drivers\netsik.sys c:\windows\system32\E95THK16.EXE c:\windows\system32\encapi32.dll c:\windows\system32\mdm.exe c:\windows\zaponce52689.dat . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ACPI32 -------\Legacy_ATI64SI -------\Legacy_FIPS32CUP -------\Legacy_I386SI -------\Legacy_KSI32SK -------\Legacy_NETSIK -------\Legacy_NICSK32 -------\Legacy_PORT135SIK -------\Legacy_SECURENTM -------\Legacy_SYSTEMNTMI -------\Legacy_WS2_32SIK -------\Service_acpi32 -------\Service_ati64si -------\Service_ce7a2c4e -------\Service_fips32cup -------\Service_i386si -------\Service_ksi32sk -------\Service_netsik -------\Service_nicsk32 -------\Service_poof -------\Service_port135sik -------\Service_securentm -------\Service_systemntmi -------\Service_ws2_32sik ((((((((((((((((((((((((((((( Fichiers créés du 2009-05-18 au 2009-06-18 )))))))))))))))))))))))))))))))))))) . 2009-06-17 13:54 . 2009-06-17 14:25 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-06-17 13:53 . 2009-06-17 13:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2009-06-16 15:15 . 2009-06-16 15:39 -------- d-----w- c:\windows\BDOSCAN8 . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-17 15:01 . 2004-08-05 12:00 73236 ----a-w- c:\windows\system32\perfc00C.dat 2009-06-17 15:01 . 2004-08-05 12:00 462954 ----a-w- c:\windows\system32\perfh00C.dat 2009-06-17 13:53 . 2006-06-14 15:45 -------- d-----w- c:\program files\Google 2009-05-14 07:39 . 2009-05-14 07:39 -------- d-----w- c:\documents and settings\DG\Application Data\TeamViewer 2009-05-07 10:43 . 2007-08-09 12:38 -------- d-----w- c:\program files\Java 2009-05-07 10:43 . 2009-05-07 10:43 152576 ----a-w- c:\documents and settings\DG\Application Data\Sun\Java\jre1.6.0_13\lzma.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-16 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DkAutoReg.exe"="c:\program files\Rainbow Technologies\iKey 2000 Series Software\DkAutoReg.exe" [2002-07-24 241664] "DkStartup"="c:\program files\Rainbow Technologies\iKey 2000 Series Software\DkStartup.exe" [2002-07-24 217088] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360] c:\documents and settings\DG\Menu D‚marrer\Programmes\D‚marrage\ rncsys32.exe [2004-8-5 20480] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoWelcomeScreen"= 1 (0x1) [HKLM\~\startupfolder\c:^documents and settings^all users^menu démarrer^programmes^démarrage^microsoft office.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\c:^documents and settings^dg^menu démarrer^programmes^démarrage^rncsys32.exe] path=c:\documents and settings\DG\Menu Démarrer\Programmes\Démarrage\rncsys32.exe backup=c:\windows\pss\rncsys32.exeStartup [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\MsgSys.EXE"= R3 iKeyEnum;Rainbow iKey Enumerator;c:\windows\system32\drivers\IKEYENUM.SYS [01/03/2006 11:27 11464] R3 iKeyIFD;Rainbow iKey Virtual Reader;c:\windows\system32\drivers\IKEYIFD.SYS [01/03/2006 11:27 17928] S2 amd64si;amd64si;\??\c:\windows\system32\drivers\amd64si.sys --> c:\windows\system32\drivers\amd64si.sys [?] S3 RnbToken;Rainbow iKey Token Service;c:\windows\system32\drivers\RNBTOKEN.SYS [01/03/2006 11:27 18536] . Contenu du dossier 'Tâches planifiées' 2009-06-18 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-26 13:53] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.com/ uSearch Page = hxxp://www.google.com uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearch Bar = hxxp://www.google.com/ie mDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie TCP: {8125C0D6-DC45-4EEC-80D7-A5466789B6DA} = 192.168.200.1 DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-18 17:13 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(848) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(604) c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\ati2evxx.exe c:\program files\Fichiers communs\Acronis\Schedule2\schedul2.exe c:\windows\system32\ati2evxx.exe c:\program files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe c:\windows\system32\dklog.exe c:\windows\system32\cba\pds.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\scardsvr.exe c:\windows\system32\AMS_II\IAO.EXE c:\windows\system32\MSGSYS.EXE c:\windows\system32\cba\XFR.EXE c:\windows\system32\dkcktkn.exe c:\windows\system32\AMS_II\HNDLRSVC.EXE c:\windows\system32\wbem\wmiapsrv.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Heure de fin: 2009-06-18 17:14 - La machine a redémarré ComboFix-quarantined-files.txt 2009-06-18 15:14 Avant-CF: 234 060 759 040 octets libres Après-CF: 233 944 866 816 octets libres 309 Merci beaucoup !

Bon j'ai le rapport catchme mais pas le rapport de combofix car il faut une connexion internet et je ne travaille pas sur le même poste, et il y a des problèmes de réseaux en ce moment, ça serait possible de reporter ça à demain ? Je te remercie d'avance =)

Merci beaucoup pour cette rapide réponse ! Je vais éssayé ça tout de suite =)

Bonjour, Je suis technicien dans une société espace micro et j'aurais besoin de votre aide. En effet certains rootkit me posent problème et j'ai vu que vous saviez interpreter les rapports d'erreurs. J'ai fais un scan avec DiagHelp, j'ai eu les résultats et je vais donc les poster. Je vous serez très reconnaissant de m'aidé. Merci =) DiagHelp version v1.4 - http://www.malekal.com excute le 18/06/2009 à 13:25:16.56 System information for \\PC-DG: Uptime: Error reading uptime Kernel version: Microsoft Windows XP, Multiprocessor Free Product type: Professional Product version: 5.1 Service pack: 2 Kernel build number: 2600 Registered organization: Registered owner: miroiterie Install date: 15/12/2005, 16:55:21 Activation status: Error reading status IE version: 6.0000 System root: C:\WINDOWS Processors: 2 Processor speed: 2.3 GHz Processor type: Dual-Core AMD Opteron Processor 1216 Physical memory: 1918 MB Video driver: ATI RADEON XPRESS 200 Series Volume Type Format Label Size Free Free C: Fixed NTFS 232.88 GB 218.06 GB 93.6% D: CD-ROM 0.0% E: Removable 0.0% F: Removable 0.0% G: Removable 0.0% H: Removable 0.0% I: Removable FAT32 KINGSTON 7.46 GB 5.18 GB 69.4% P: Remote 0.0% X: Remote 0.0% Y: Remote 0.0% Z: Remote 0.0% C:\WINDOWS\prefetch\RUNDLL32.EXE-451FC2C0.pf -->18/06/2009 14:50:31 C:\WINDOWS\prefetch\WPABALN.EXE-18F87702.pf -->18/06/2009 14:22:25 C:\WINDOWS\prefetch\WSCNTFY.EXE-1B24F5EB.pf -->18/06/2009 13:46:19 C:\WINDOWS\prefetch\MSIEXEC.EXE-2F8A8CAE.pf -->18/06/2009 13:23:50 C:\WINDOWS\prefetch\IMAPI.EXE-0BF740A4.pf -->18/06/2009 12:55:09 C:\WINDOWS\prefetch\MMC.EXE-0F8A2282.pf -->18/06/2009 12:38:32 C:\WINDOWS\prefetch\RUNDLL32.EXE-3A7E373A.pf -->18/06/2009 12:38:26 C:\WINDOWS\prefetch\MMC.EXE-040E5BFE.pf -->18/06/2009 12:28:25 C:\WINDOWS\prefetch\RUNDLL32.EXE-27E8E3FB.pf -->18/06/2009 12:28:15 C:\WINDOWS\prefetch\RUNDLL32.EXE-2770CEE7.pf -->18/06/2009 11:54:38 C:\WINDOWS\System32\drivers\netsik.sys -->18/06/2009 14:51:50 C:\WINDOWS\System32\drivers\ce7a2c4e.sys -->18/06/2009 13:25:30 C:\WINDOWS\System32\drivers\timntr.sys -->09/01/2009 16:43:38 C:\WINDOWS\System32\drivers\tifsfilt.sys -->09/01/2009 16:43:38 C:\WINDOWS\System32\drivers\snapman.sys -->09/01/2009 16:43:38 C:\WINDOWS\System32\drivers\b57xp32.sys -->25/07/2008 02:18:32 C:\WINDOWS\System32\drivers\baspxp32.sys -->06/06/2008 10:15:40 C:\WINDOWS\System32\wpa.dbl -->18/06/2009 12:36:28 C:\WINDOWS\System32\PerfStringBackup.INI -->17/06/2009 17:01:32 C:\WINDOWS\System32\perfh00C.dat -->17/06/2009 17:01:32 C:\WINDOWS\System32\perfh009.dat -->17/06/2009 17:01:32 C:\WINDOWS\System32\perfc00C.dat -->17/06/2009 17:01:32 C:\WINDOWS\System32\perfc009.dat -->17/06/2009 17:01:32 C:\WINDOWS\System32\jupdate-1.6.0_13-b03.log -->07/05/2009 12:43:53 C:\WINDOWS\System32\spupdsvc.inf -->17/03/2009 15:46:29 C:\WINDOWS\System32\javaws.exe -->09/03/2009 05:19:13 C:\WINDOWS\System32\javaw.exe -->09/03/2009 05:19:13 C:\WINDOWS\System32\java.exe -->09/03/2009 05:19:11 C:\WINDOWS\System32\deploytk.dll -->09/03/2009 05:19:08 C:\WINDOWS\System32\javacpl.cpl -->09/03/2009 02:53:21 C:\WINDOWS\System32\temp.000 -->06/03/2009 15:44:24 C:\WINDOWS\System32\wpa.bak -->11/02/2009 10:52:15 C:\WINDOWS\System32\MRT.exe -->03/02/2009 16:21:14 C:\WINDOWS\System32\snapapi.dll -->09/01/2009 16:43:38 C:\WINDOWS\System32\setupnt.dll -->09/01/2009 16:43:38 C:\WINDOWS\System32\ieudinit.exe -->19/12/2008 11:10:15 C:\WINDOWS\System32\81002661.dk2 -->27/11/2008 11:24:14 C:\WINDOWS\System32\81002661.dk1 -->27/11/2008 11:21:22 C:\WINDOWS\System32\BSelList.dll -->18/07/2008 17:46:54 C:\WINDOWS\System32\Baspi32i.exe -->18/07/2008 17:46:38 C:\WINDOWS\System32\BACSCPL.cpl -->18/07/2008 17:46:18 C:\WINDOWS\System32\jupdate-1.6.0_07-b06.log -->15/07/2008 13:19:08 C:\WINDOWS\setupapi.log -->18/06/2009 12:38:12 C:\WINDOWS\0.log -->18/06/2009 12:36:29 C:\WINDOWS\bootstat.dat -->18/06/2009 12:35:55 C:\WINDOWS\SchedLgU.Txt -->18/06/2009 12:17:12 C:\WINDOWS\WindowsUpdate.log -->18/06/2009 12:17:10 C:\WINDOWS\setupact.log -->18/06/2009 12:05:24 C:\WINDOWS\OEWABLog.txt -->18/06/2009 10:40:30 C:\WINDOWS\wmsetup.log -->18/06/2009 10:40:29 C:\WINDOWS\setuplog.txt -->18/06/2009 10:40:18 C:\WINDOWS\tsoc.log -->18/06/2009 10:39:00 C:\WINDOWS\tabletoc.log -->18/06/2009 10:39:00 C:\WINDOWS\ocmsn.log -->18/06/2009 10:39:00 C:\WINDOWS\ntdtcsetup.log -->18/06/2009 10:39:00 C:\WINDOWS\imsins.log -->18/06/2009 10:39:00 C:\WINDOWS\iis6.log -->18/06/2009 10:39:00 Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est F87A-09F3 Répertoire de C:\WINDOWS 11/02/2009 11:20 <REP> $hf_mig$ 21/12/2006 16:51 <REP> $MSI31Uninstall_KB893803v2$ 11/02/2009 11:18 <REP> $NtServicePackUninstallIDNMitigationAPIs$ 11/02/2009 11:17 <REP> $NtServicePackUninstallNLSDownlevelMapping$ 20/12/2005 17:55 <REP> $NtUninstallKB888111WXPSP2$ 21/12/2006 16:52 <REP> $NtUninstallKB898461$ 11/02/2009 11:05 <REP> $NtUninstallKB904942$ 11/02/2009 11:05 <REP> $NtUninstallKB914440$ 11/02/2009 11:17 <REP> $NtUninstallKB915865$ 10/01/2008 15:35 <REP> $NtUninstallKB926239$ 10/01/2008 15:34 <REP> $NtUninstallMSCompPackV1$ 10/01/2008 15:33 <REP> $NtUninstallWMFDist11$ 10/01/2008 15:34 <REP> $NtUninstallwmp11$ 10/01/2008 15:33 <REP> $NtUninstallWudf01000$ 18/06/2009 14:44 <REP> CSC 16/06/2009 17:15 <REP> inf 18/06/2009 13:21 <REP> Installer 11/02/2009 11:20 <REP> msdownld.tmp 05/08/2004 14:00 49 102 winnt.bmp 05/08/2004 14:00 49 102 winnt256.bmp 16/06/2009 15:30 2 zaponce52689.dat 4 fichier(s) 98 955 octets 18 Rép(s) 234 141 454 336 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est F87A-09F3 Répertoire de C:\WINDOWS\system32 18/06/2009 12:36 <REP> dllcache 13/08/2004 12:08 28 729 ENUAMS.LRC 13/08/2004 12:09 184 320 ENUAMSUI.LRC 13/08/2004 12:44 28 729 FRAAMS.LRC 13/08/2004 12:44 192 512 FRAAMSUI.LRC 11 fichier(s) 439 011 octets 1 Rép(s) 234 141 454 336 octets libres winlogon.exe Verified: Signed svchost.exe Verified: Signed ws2_32.dll Verified: Signed user32.dll Verified: Signed tcpip.sys Verified: Signed ndis.sys Verified: Signed null.sys Verified: Signed userinit.exe kernel32.dll ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ explorer.exe pid: 2832 Command line: C:\WINDOWS\Explorer.EXE Base Size Version Path 0x76f80000 0x7f000 2001.12.4414.0258 C:\WINDOWS\system32\CLBCATQ.DLL 0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll 0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL 0x745e0000 0x2c6000 3.01.4000.2435 C:\WINDOWS\system32\msi.dll 0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll 0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll 0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll 0x10000000 0x5b000 9.01.0000.0163 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll 0x78130000 0x9b000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll 0x02350000 0x4c000 9.01.0000.0163 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA 0x023a0000 0xab000 2.00.0000.0000 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll 0x01680000 0x3000 6.14.0010.2001 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiamFRA.dll 0x01450000 0x2c000 C:\Program Files\WinRAR\rarext.dll 0x00cb0000 0xa000 8.00.0000.9374 C:\Program Files\Fichiers communs\Symantec Shared\SSC\vpshell2.dll 0x00cc0000 0x19000 1.00.0201.0000 C:\WINDOWS\system32\CmdLineExt.dll 0x325c0000 0x12000 11.00.5510.0000 C:\Program Files\Microsoft Outlook\OFFICE11\msohev.dll ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ winlogon.exe pid: 848 Command line: winlogon.exe Base Size Version Path 0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe 0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll 0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll 0x10000000 0x20000 6.14.0010.4176 C:\WINDOWS\system32\Ati2evxx.dll 0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL 0x51690000 0xc000 C:\WINDOWS\system32\NavLogon.dll 0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll 0x76f80000 0x7f000 2001.12.4414.0258 C:\WINDOWS\system32\CLBCATQ.DLL Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est F87A-09F3 Répertoire de C:\WINDOWS\temp 17/06/2009 09:07 205 762 wpv861243627542.exe 1 fichier(s) 205 762 octets 0 Rép(s) 234 141 450 240 octets libres Contenu de Downloaded Program Files Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est F87A-09F3 Répertoire de C:\WINDOWS\Downloaded Program Files 16/06/2009 17:15 <REP> . 16/06/2009 17:15 <REP> .. 07/12/2004 17:07 32 bdcore.dll 25/05/2006 01:21 118 784 bdupd.dll 15/12/2005 16:51 65 desktop.ini 02/03/2006 15:40 1 271 erma.inf 25/05/2006 01:21 53 248 ipsupd.dll 12/07/2007 04:22 1 055 jinstall-6u2.inf 16/03/2005 12:34 7 407 lang.ini 15/05/2006 18:48 367 LegitCheckControl.inf 07/12/2004 17:07 32 libfn.dll 13/02/2008 17:55 130 live.ini 13/06/2006 10:20 280 896 nshelp.dll 29/10/2007 16:45 1 244 oscan8.inf 25/10/2007 16:54 471 040 oscan8.ocx 03/06/2002 17:53 144 QTPlugin.inf 14/03/2005 14:58 7 073 scanoptions.tsi 02/12/2005 11:55 5 101 swflash.inf 26/05/2005 04:19 291 wuweb.inf 17 fichier(s) 948 180 octets Total des fichiers listés : 17 fichier(s) 948 180 octets 2 Rép(s) 234 141 450 240 octets libres Recherche de rootkit! (Merci S!Ri) Recherche d'infections connues Export des clefs sensibles.. Liste des fichiers en exception sur le pare-feu XP SP2 "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\WINDOWS\\system32\\MsgSys.EXE"="C:\\WINDOWS\\system32\\MsgSys.EXE:*:Enabled:ENABLE" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\WINDOWS\\Explorer.EXE"="C:\\WINDOWS\\Explorer.EXE:*:Enabled:ENABLE" "C:\\WINDOWS\\system32\\MsgSys.EXE"="C:\\WINDOWS\\system32\\MsgSys.EXE:*:Enabled:ENABLE" Export de la clef SharedTaskScheduler [sharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant" exports des policies REGEDIT4 [system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 Export des clefs sensibles.. Rechercher adresses sensibles dans le fichier HOSTS... catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-18 13:25:49 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ce7a2c4e] "ImagePath"="\SystemRoot\System32\drivers\ce7a2c4e.sys" "Type"=dword:00000001 "Start"=dword:00000001 "ErrorControl"=dword:00000001 "F96ZK6nPB"="MmF1Y3Rpb25ydS51cw==" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ce7a2c4e] "ImagePath"="\SystemRoot\System32\drivers\ce7a2c4e.sys" "Type"=dword:00000001 "Start"=dword:00000001 "ErrorControl"=dword:00000001 "F96ZK6nPB"="MmF1Y3Rpb25ydS51cw==" scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\\24\xe1\21] "DisplayName"="\x66e0\x230\x66e0\x230\1" "DeviceDesc"="\x66e0\x230\x66e0\x230\1" "ProviderName"="\xfed4\21\xee18\x7c91\xff44\21\b" "MFG"="\x5bc" "ReinstallString"="C:\WINDOWS\System32\ReinstallBackups\\xe114\21\x80\xc010\DriverFiles\.INF" "DeviceInstanceIds"=str(7):"d:\software\drivers\chipset_inf\sbdrv\sbdrv\smbus\smbusati.inf" scanning hidden files ... scan completed successfully hidden services: 0 hidden files: 0 Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully kernel: MBR read successfully user & kernel MBR OK KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Process list by traversal of KiWaitListHead 4 - System 228 - scardsvr.exe 324 - IAO.EXE 332 - MSGSYS.EXE 528 - XFR.EXE 600 - dkcktkn.exe 816 - csrss.exe 848 - winlogon.exe 892 - services.exe 904 - lsass.exe 1032 - ati2evxx.exe 1092 - svchost.exe 1168 - svchost.exe 1212 - svchost.exe 1264 - svchost.exe 1352 - svchost.exe 1388 - svchost.exe 1512 - spoolsv.exe 1580 - HNDLRSVC.EXE 1616 - schedul2.exe 1648 - ati2evxx.exe 1700 - DefWatch.exe 1728 - dklog.exe 1808 - pds.exe 1852 - jqs.exe 2292 - alg.exe 2368 - wmiapsrv.exe 2832 - explorer.exe 2976 - dkAutoReg.exe 3060 - cmd.exe 3100 - GoogleToolbarNo 3568 - svchost.exe 3956 - msiexec.exe Total number of processes = 33 NOTE: Under WinXP, this will not show all processes. KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Driver/Module list by traversal of PsLoadedModuleList 804D7000 - \WINDOWS\system32\ntkrnlpa.exe 806E2000 - \WINDOWS\system32\hal.dll BA5A8000 - \WINDOWS\system32\KDCOM.DLL BA4B8000 - \WINDOWS\system32\BOOTVID.dll B9F78000 - ACPI.sys BA5AA000 - \WINDOWS\system32\DRIVERS\WMILIB.SYS B9F67000 - pci.sys BA0A8000 - isapnp.sys BA670000 - pciide.sys BA328000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS BA0B8000 - MountMgr.sys B9F48000 - ftdisk.sys BA5AC000 - dmload.sys B9F22000 - dmio.sys BA330000 - PartMgr.sys BA0C8000 - VolSnap.sys B9F0A000 - atapi.sys BA0D8000 - disk.sys BA0E8000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS B9EEB000 - fltMgr.sys B9ED9000 - sr.sys B9EC2000 - KSecDD.sys B9EAF000 - WudfPf.sys B9E22000 - Ntfs.sys B9DF5000 - NDIS.sys B9DC0000 - timntr.sys B9DAB000 - snapman.sys B9D90000 - Mup.sys B9918000 - \SystemRoot\system32\DRIVERS\ati2mtag.sys B9904000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS B98D5000 - \SystemRoot\system32\DRIVERS\b57xp32.sys BA108000 - \SystemRoot\system32\DRIVERS\imapi.sys BA118000 - \SystemRoot\system32\DRIVERS\cdrom.sys BA128000 - \SystemRoot\system32\DRIVERS\redbook.sys B98B2000 - \SystemRoot\system32\DRIVERS\ks.sys BA380000 - \SystemRoot\system32\DRIVERS\usbohci.sys B988F000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS BA388000 - \SystemRoot\system32\DRIVERS\usbehci.sys B986A000 - \SystemRoot\system32\DRIVERS\HDAudBus.sys B9859000 - \SystemRoot\system32\DRIVERS\serial.sys BA578000 - \SystemRoot\system32\DRIVERS\serenum.sys BA398000 - \SystemRoot\system32\DRIVERS\fdc.sys BA138000 - \SystemRoot\system32\DRIVERS\AmdK8.sys BA580000 - \SystemRoot\system32\DRIVERS\wmiacpi.sys BA727000 - \SystemRoot\system32\DRIVERS\audstub.sys BA148000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys BA588000 - \SystemRoot\system32\DRIVERS\ndistapi.sys B9842000 - \SystemRoot\system32\DRIVERS\ndiswan.sys BA158000 - \SystemRoot\system32\DRIVERS\raspppoe.sys BA168000 - \SystemRoot\system32\DRIVERS\raspptp.sys BA3B8000 - \SystemRoot\system32\DRIVERS\TDI.SYS B9831000 - \SystemRoot\system32\DRIVERS\psched.sys BA178000 - \SystemRoot\system32\DRIVERS\msgpc.sys BA3C8000 - \SystemRoot\system32\DRIVERS\ptilink.sys BA3D8000 - \SystemRoot\system32\DRIVERS\raspti.sys B9800000 - \SystemRoot\system32\DRIVERS\rdpdr.sys BA188000 - \SystemRoot\system32\DRIVERS\termdd.sys BA3E8000 - \SystemRoot\system32\DRIVERS\kbdclass.sys BA3F8000 - \SystemRoot\system32\DRIVERS\mouclass.sys BA5B0000 - \SystemRoot\system32\DRIVERS\ikeyenum.sys BA5B4000 - \SystemRoot\system32\DRIVERS\swenum.sys B97A4000 - \SystemRoot\system32\DRIVERS\update.sys B9D64000 - \SystemRoot\system32\DRIVERS\mssmbios.sys BA1B8000 - \SystemRoot\System32\Drivers\NDProxy.SYS B9D40000 - \SystemRoot\system32\DRIVERS\ikeyifd.sys B9D38000 - \SystemRoot\system32\DRIVERS\SMCLIB.SYS BA1D8000 - \SystemRoot\system32\DRIVERS\usbhub.sys BA5BA000 - \SystemRoot\system32\DRIVERS\USBD.SYS B1133000 - \SystemRoot\system32\drivers\RtkHDAud.sys B1111000 - \SystemRoot\system32\drivers\portcls.sys BA1F8000 - \SystemRoot\system32\drivers\drmk.sys BA5C2000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS BA776000 - \SystemRoot\System32\Drivers\Null.SYS BA5C6000 - \SystemRoot\System32\Drivers\Beep.SYS BA438000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS BA440000 - \SystemRoot\System32\drivers\vga.sys BA5CA000 - \SystemRoot\System32\Drivers\mnmdd.SYS BA5CE000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys BA450000 - \SystemRoot\System32\Drivers\Msfs.SYS BA460000 - \SystemRoot\System32\Drivers\Npfs.SYS B97E0000 - \SystemRoot\system32\DRIVERS\rasacd.sys B108E000 - \SystemRoot\system32\DRIVERS\ipsec.sys B1036000 - \SystemRoot\system32\DRIVERS\tcpip.sys B100E000 - \SystemRoot\system32\DRIVERS\netbt.sys B0FED000 - \SystemRoot\system32\DRIVERS\ipnat.sys B0FCB000 - \SystemRoot\System32\drivers\afd.sys BA218000 - \SystemRoot\system32\DRIVERS\netbios.sys B0F9F000 - \SystemRoot\system32\DRIVERS\rdbss.sys B0F30000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys BA238000 - \SystemRoot\System32\Drivers\Fips.SYS BA248000 - \SystemRoot\System32\drivers\ce7a2c4e.sys B1670000 - \SystemRoot\system32\DRIVERS\hidusb.sys BA258000 - \SystemRoot\system32\DRIVERS\HIDCLASS.SYS BA268000 - \SystemRoot\system32\DRIVERS\wanarp.sys BA488000 - \SystemRoot\system32\DRIVERS\USBSTOR.SYS B1664000 - \SystemRoot\system32\DRIVERS\mouhid.sys B1660000 - \SystemRoot\system32\DRIVERS\kbdhid.sys BA288000 - \SystemRoot\System32\Drivers\Cdfs.SYS B0EC8000 - \SystemRoot\System32\Drivers\dump_atapi.sys BA5D8000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS BF800000 - \SystemRoot\System32\win32k.sys BA340000 - \SystemRoot\System32\watchdog.sys B97EC000 - \SystemRoot\System32\drivers\Dxapi.sys BF000000 - \SystemRoot\System32\drivers\dxg.sys BA6F9000 - \SystemRoot\System32\drivers\dxgthk.sys BF012000 - \SystemRoot\System32\ati2dvag.dll BF058000 - \SystemRoot\System32\ati2cqag.dll BF0D3000 - \SystemRoot\System32\atikvmag.dll BF141000 - \SystemRoot\System32\atiok3x2.dll BF17D000 - \SystemRoot\System32\ati3duag.dll BF478000 - \SystemRoot\System32\ativvaxx.dll BA468000 - \SystemRoot\system32\DRIVERS\tifsfilt.sys AE9E4000 - \SystemRoot\system32\DRIVERS\ndisuio.sys AE82B000 - \SystemRoot\system32\DRIVERS\mrxdav.sys AE6FE000 - \SystemRoot\system32\DRIVERS\atksgt.sys BA3B0000 - \SystemRoot\system32\DRIVERS\lirsgt.sys AE5FD000 - \??\C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPEL.SYS AE582000 - \SystemRoot\system32\DRIVERS\srv.sys AE74F000 - \??\C:\WINDOWS\system32\drivers\netsik.sys AE0E9000 - \??\C:\Program Files\Symantec\SYMEVENT.SYS ADDCD000 - \SystemRoot\system32\drivers\wdmaud.sys AE12A000 * --[Hidden]-- ADB35000 - \SystemRoot\System32\Drivers\HTTP.sys BA418000 - \SystemRoot\System32\Drivers\TDTCP.SYS ADAEB000 - \SystemRoot\System32\Drivers\RDPWD.SYS AD8EC000 - \SystemRoot\System32\Drivers\Fastfat.SYS AD8C2000 - \SystemRoot\system32\drivers\kmixer.sys BA60A000 - \??\C:\DOCUME~1\DG\LOCALS~1\Temp\mbr.sys BA6C3000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys Total number of drivers = 129 Liste des programmes installes Adobe Flash Player 10 ActiveX Adobe Reader 9.1.2 - Français AMS APISOFT Comptabilité HUIT APISOFT Comptabilité HUIT APISOFT Financier HUIT APISOFT Financier HUIT APISOFT Gestion HUIT APISOFT Gestion HUIT Archiveur WinRAR ATI - Utilitaire de désinstallation du logiciel ATI Catalyst Control Center ATI Display Driver Bel Atout 3.95 Broadcom Management Programs Broadcom NetXtreme Ethernet Controller Catalyst Control Center - Branding Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Localization Chinese Standard Catalyst Control Center Localization Chinese Traditional Catalyst Control Center Localization Czech Catalyst Control Center Localization Danish Catalyst Control Center Localization Dutch Catalyst Control Center Localization Finnish Catalyst Control Center Localization French Catalyst Control Center Localization German Catalyst Control Center Localization Greek Catalyst Control Center Localization Hungarian Catalyst Control Center Localization Italian Catalyst Control Center Localization Japanese Catalyst Control Center Localization Korean Catalyst Control Center Localization Norwegian Catalyst Control Center Localization Polish Catalyst Control Center Localization Portuguese Catalyst Control Center Localization Russian Catalyst Control Center Localization Spanish Catalyst Control Center Localization Swedish Catalyst Control Center Localization Thai Catalyst Control Center Localization Turkish ccc-core-preinstall ccc-core-static ccc-utility CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish CCleaner (remove only) Client de clichés instantanés Compta 8 Correctif pour Windows XP (KB914440) Financier Huit GALAAD Version 3 GalaadV4.0 Gestion 8 Google Toolbar for Internet Explorer High Definition Audio Driver Package - KB888111 HijackThis 2.0.2 Horoquartz TEMPTATION Client 2 Hotfix for Windows XP (KB915865) Hotfix for Windows XP (KB926239) Java 6 Update 13 Java 6 Update 2 Java 6 Update 3 Java 6 Update 5 Java 6 Update 7 Lame ACM MP3 Codec Lecteur Windows Media 11 LiveUpdate 2.6 (Symantec Corporation) Macromedia Shockwave Player Microsoft .NET Framework 2.0 Microsoft .NET Framework 2.0 Microsoft Access 2002 Runtime Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office 2000 Small Business Microsoft Office Outlook 2003 Microsoft Office PowerPoint Viewer 2003 Microsoft Office Word Viewer 2003 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Works 4.5 Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260) Mise à jour pour Windows XP (KB898461) Mise à jour pour Windows XP (KB904942) MSN MSXML 4.0 SP2 Parser and SDK Outil de mise à jour Google Package de pilotes Windows - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) Paye HUIT Paye HUIT V4 PSI-XP 2004-1 PSI-XP 2007 Mise à jour Rainbow iKey 2000 Series SDK v4.7.0 Rainbow iKey 2000 Series SDK v4.7.0 Rainbow iKey Driver v3.4.7.118 REALTEK Gigabit and Fast Ethernet NIC Driver Realtek High Definition Audio Driver Skins SLD Codec Pack Sélecteur d'installation Microsoft Works Symantec AntiVirus Client Symantec System Center Symantec System Center TrueImage WebFldrs XP Windows Installer 3.1 (KB893803) Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Player 11 Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est F87A-09F3 Répertoire de C:\Program Files 17/06/2009 16:35 <REP> . 17/06/2009 16:35 <REP> .. 17/03/2009 10:25 <REP> Adobe 11/02/2009 10:46 <REP> ATI Technologies 05/01/2007 18:02 <REP> AviSynth 2.5 11/02/2009 10:41 <REP> Broadcom 30/12/2008 11:42 <REP> CCleaner 15/12/2005 16:49 <REP> ComPlus Applications 11/02/2009 09:20 <REP> DIFX 17/06/2009 16:35 <REP> Fichiers communs 07/12/2007 17:46 <REP> FlashGet 17/06/2009 15:53 <REP> Google 17/03/2009 15:47 <REP> Internet Explorer 07/05/2009 12:43 <REP> Java 08/03/2007 18:36 <REP> Jeux de cartes 15/12/2005 16:49 <REP> Messenger 09/01/2009 16:43 <REP> Micro Application 20/12/2005 18:15 <REP> microsoft frontpage 23/02/2009 14:22 <REP> Microsoft Office 13/06/2006 10:37 <REP> Microsoft Outlook 20/12/2005 18:16 <REP> Microsoft Visual Studio 13/06/2006 10:21 <REP> Microsoft Windows Small Business Server 27/01/2006 12:00 <REP> Microsoft Works 4.5 15/12/2005 16:50 <REP> Movie Maker 10/06/2008 17:53 <REP> MSN 15/12/2005 16:49 <REP> MSN Gaming Zone 27/01/2006 12:01 <REP> MSWorks 20/12/2005 17:50 <REP> MSXML 4.0 15/12/2005 16:50 <REP> NetMeeting 21/06/2007 15:42 <REP> NTR global 15/12/2005 16:49 <REP> Online Services 05/05/2006 14:16 <REP> ORHA 16/06/2009 15:30 <REP> Outlook Express 11/09/2006 12:03 <REP> QuickTime 01/03/2006 11:27 <REP> Rainbow Technologies 11/02/2009 10:32 <REP> Realtek 29/06/2006 12:13 <REP> SAV 15/12/2005 16:51 <REP> Services en ligne 05/12/2007 15:32 <REP> SLD Codec Pack 03/07/2006 16:09 <REP> Symantec 03/07/2006 16:08 <REP> Symantec_Client_Security 15/01/2007 17:11 <REP> WinAVI Video Converter 10/01/2008 15:34 <REP> Windows Media Connect 2 10/01/2008 15:34 <REP> Windows Media Player 15/12/2005 16:49 <REP> Windows NT 01/07/2006 10:26 <REP> WinRAR 15/12/2005 16:53 <REP> xerox 05/06/2006 17:07 <REP> Yahoo! 0 fichier(s) 0 octets 48 Rép(s) 234 129 969 152 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est F87A-09F3 Répertoire de C:\Program Files\fichiers communs 17/06/2009 16:35 <REP> . 17/06/2009 16:35 <REP> .. 09/01/2009 16:44 <REP> Acronis 17/03/2009 10:25 <REP> Adobe 07/07/2008 14:59 <REP> Aplogistique 20/12/2005 18:16 <REP> Designer 03/10/2006 17:32 <REP> InstallShield 09/08/2007 14:34 <REP> Java 23/02/2009 14:22 <REP> Microsoft Shared 15/12/2005 16:50 <REP> MSSoap 16/12/2005 01:29 <REP> ODBC 15/12/2005 16:50 <REP> Services 16/12/2005 01:29 <REP> SpeechEngines 03/07/2006 16:09 <REP> Symantec Shared 13/06/2006 10:37 <REP> System 0 fichier(s) 0 octets 15 Rép(s) 234 129 969 152 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est F87A-09F3 Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders 13/06/2006 10:38 <REP> . 13/06/2006 10:38 <REP> .. 13/06/2006 10:38 <REP> 1033 13/06/2006 10:38 <REP> 1036 11/07/2003 10:15 1 292 872 MSONSEXT.DLL 15/07/2003 06:52 35 896 MSOSV.DLL 03/06/1999 13:09 122 937 MSOWS409.DLL 07/03/2001 08:00 127 033 MSOWS40c.DLL 11/07/2003 02:25 80 448 PKMWS.DLL 18/03/1999 07:37 593 977 RAGENT.DLL 6 fichier(s) 2 253 163 octets 4 Rép(s) 234 129 969 152 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est F87A-09F3 Répertoire de C:\ 12/02/2008 17:35 264 521 web-assistance.exe 1 fichier(s) 264 521 octets 0 Rép(s) 234 129 969 152 octets libres c:\Documents and Settings\Administrateur\Bureau\HP XW4550\AUDIO\sp37051.exe c:\Documents and Settings\Administrateur\Bureau\HP XW4550\CHIPSET\sp35355.exe c:\Documents and Settings\Administrateur\Bureau\HP XW4550\CHIPSET\sp36862.exe c:\Documents and Settings\Administrateur\Bureau\HP XW4550\Claviers-souris\sp35998.exe c:\Documents and Settings\Administrateur\Bureau\HP XW4550\Claviers-souris\sp40035.exe c:\Documents and Settings\Administrateur\Bureau\HP XW4550\LAN\sp41509.exe c:\Documents and Settings\Administrateur\Bureau\HP XW4550\VIDEO\ATI\sp39570.exe c:\Documents and Settings\Administrateur\Bureau\HP XW4550\VIDEO\NVIDIA\sp41936.exe c:\Documents and Settings\DG\DG.exe c:\Documents and Settings\DG\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr709_fr_FR.exe c:\Documents and Settings\DG\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr710_fr_FR.exe c:\Documents and Settings\DG\Bureau\DiagHelp\catchme.exe c:\Documents and Settings\DG\Bureau\DiagHelp\diff.exe c:\Documents and Settings\DG\Bureau\DiagHelp\dumphive.exe c:\Documents and Settings\DG\Bureau\DiagHelp\FilesInfoCmd.exe c:\Documents and Settings\DG\Bureau\DiagHelp\find2.exe c:\Documents and Settings\DG\Bureau\DiagHelp\Fport.exe c:\Documents and Settings\DG\Bureau\DiagHelp\grep.exe c:\Documents and Settings\DG\Bureau\DiagHelp\gzip.exe c:\Documents and Settings\DG\Bureau\DiagHelp\KProcCheck.exe c:\Documents and Settings\DG\Bureau\DiagHelp\LFiles.exe c:\Documents and Settings\DG\Bureau\DiagHelp\LISTDLLS.exe c:\Documents and Settings\DG\Bureau\DiagHelp\mbr.exe c:\Documents and Settings\DG\Bureau\DiagHelp\md5sums.exe c:\Documents and Settings\DG\Bureau\DiagHelp\Psinfo.exe c:\Documents and Settings\DG\Bureau\DiagHelp\pslist.exe c:\Documents and Settings\DG\Bureau\DiagHelp\sigcheck.exe c:\Documents and Settings\DG\Bureau\DiagHelp\streams.exe c:\Documents and Settings\DG\Bureau\DiagHelp\swreg.exe c:\Documents and Settings\DG\Bureau\DiagHelp\tar.exe c:\Documents and Settings\DG\Local Settings\Temp\applnch.exe c:\Documents and Settings\DG\Local Settings\Temporary Internet Files\Content.IE5\F7Z0SBUV\Google Updater[1].exe c:\Documents and Settings\DG\Menu Démarrer\Programmes\Démarrage\rncsys32.exe c:\Documents and Settings\temptation\Local Settings\Temp\applnch.exe c:\Documents and Settings\DG\Application Data\Creative\Media Database\JetFileBackup\Expsrv.dll c:\Documents and Settings\DG\Application Data\Creative\Media Database\JetFileBackup\Msado15.dll c:\Documents and Settings\DG\Application Data\Creative\Media Database\JetFileBackup\Msadox.dll c:\Documents and Settings\DG\Application Data\Creative\Media Database\JetFileBackup\Msadrh15.dll c:\Documents and Settings\DG\Application Data\Creative\Media Database\JetFileBackup\Msjet40.dll c:\Documents and Settings\DG\Application Data\Creative\Media Database\JetFileBackup\Msjetoledb40.dll c:\Documents and Settings\DG\Application Data\Creative\Media Database\JetFileBackup\Msjint40.dll c:\Documents and Settings\DG\Application Data\Creative\Media Database\JetFileBackup\Msjro.dll c:\Documents and Settings\DG\Application Data\Creative\Media Database\JetFileBackup\Msjter40.dll c:\Documents and Settings\DG\Application Data\Creative\Media Database\JetFileBackup\Msjtes40.dll c:\Documents and Settings\DG\Application Data\Creative\Media Database\JetFileBackup\Mswstr10.dll c:\Documents and Settings\DG\Application Data\Creative\Media Database\JetFileBackup\vbajet32.dll c:\Documents and Settings\DG\Application Data\ntr\service.dll c:\Documents and Settings\DG\Application Data\Sun\Java\jre1.6.0_11\lzma.dll c:\Documents and Settings\DG\Application Data\Sun\Java\jre1.6.0_13\lzma.dll c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll ****** Fin du rapport DiagHelp Veuillez svp envoyer le fichier C:\upload_moi_MDR-PAULCLAUDEL.tar.gz a l'adresse http://upload.malekal.com Je vous remercie !!