Voila le rapport de SDFIX....
[b]SDFix: Version 1.240 /b
Run by Fanny on 26/06/2009 at 10:42
Microsoft Windows XP [version 5.1.2600]
Running From: C:\Documents and Settings\Fanny\Bureau\SDFix\SDFix
[b]Checking Services /b:
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
[b]Checking Files /b:
No Trojan Files Found
Removing Temp Files
[b]ADS Check /b:
[b]Final Check /b:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-26 10:52:30
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services /b:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"="C:\\Program Files\\IncrediMail\\bin\\ImApp.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\Fichiers communs\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Fichiers communs\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[b]Remaining Files /b:
[b]Files with Hidden Attributes /b:
Mon 23 Apr 2007 88 A.SHR --- "C:\i386\D7D402E145.sys"
Mon 23 Apr 2007 2,828 A.SH. --- "C:\i386\KGyGaAvL.sys"
Tue 23 Jun 2009 41,472 ...H. --- "C:\WINDOWS\freddy46.exe"
Tue 23 Jun 2009 14,848 ...H. --- "C:\WINDOWS\ld10.exe"
Thu 26 Apr 2007 88 ..SHR --- "C:\WINDOWS\system32\D7D402E145.sys"
Thu 26 Apr 2007 2,828 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Mon 22 Oct 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 6 Apr 2009 114 A..H. --- "C:\Program Files\InterActual\InterActual Player\iti1AB.tmp"
Wed 22 Apr 2009 20,688 A.SHR --- "C:\Program Files\McAfee\MQC\MRU.bak"
Wed 22 Apr 2009 265 A.SHR --- "C:\Program Files\McAfee\MQC\qcconf.bak"
Thu 6 Sep 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Fri 26 Jun 2009 4,096 A..H. --- "C:\Documents and Settings\Fanny\Bureau\MSNFix-1\incl\._banker.reg"
Fri 26 Jun 2009 4,096 A..H. --- "C:\Documents and Settings\Fanny\Bureau\MSNFix-1\incl\._banker.reg~"
Fri 26 Jun 2009 4,096 A..H. --- "C:\Documents and Settings\Fanny\Bureau\MSNFix-1\incl\._catchme.exe"
Fri 26 Jun 2009 4,096 A..H. --- "C:\Documents and Settings\Fanny\Bureau\MSNFix-1\incl\._Hostsclean.exe"
Fri 26 Jun 2009 4,096 A..H. --- "C:\Documents and Settings\Fanny\Bureau\MSNFix-1\incl\._MD5File.exe"
Fri 26 Jun 2009 4,096 A..H. --- "C:\Documents and Settings\Fanny\Bureau\MSNFix-1\incl\._Process.exe"
Fri 26 Jun 2009 4,096 A..H. --- "C:\Documents and Settings\Fanny\Bureau\MSNFix-1\incl\._setpath.exe"
Fri 26 Jun 2009 4,096 A..H. --- "C:\Documents and Settings\Fanny\Bureau\MSNFix-1\incl\._swreg.exe"
Fri 26 Jun 2009 4,096 A..H. --- "C:\Documents and Settings\Fanny\Bureau\MSNFix-1\incl\._zip.exe"
Sat 10 May 2008 1,095,680 ...H. --- "C:\Documents and Settings\Fanny\Mes documents\Cours\Cours 3äme DOC\Aviaire\~WRL0002.tmp"
Wed 11 Feb 2009 55,808 ...H. --- "C:\Documents and Settings\Fanny\Mes documents\Furets\Mes recherches\Etude surdite\~WRL0005.tmp"
Thu 12 Feb 2009 57,344 ...H. --- "C:\Documents and Settings\Fanny\Mes documents\Furets\Mes recherches\Etude surdite\~WRL0886.tmp"
Thu 12 Feb 2009 57,856 ...H. --- "C:\Documents and Settings\Fanny\Mes documents\Furets\Mes recherches\Etude surdite\~WRL2049.tmp"
Thu 12 Feb 2009 56,832 ...H. --- "C:\Documents and Settings\Fanny\Mes documents\Furets\Mes recherches\Etude surdite\~WRL2870.tmp"
Thu 12 Feb 2009 56,832 ...H. --- "C:\Documents and Settings\Fanny\Mes documents\Furets\Mes recherches\Etude surdite\~WRL2911.tmp"
Fri 9 Jan 2009 87,552 ...H. --- "C:\Documents and Settings\Fanny\Mes documents\Furets\Mes recherches\Article alimentation\PMCAC\~WRL0005.tmp"
Fri 9 Jan 2009 87,552 ...H. --- "C:\Documents and Settings\Fanny\Mes documents\Furets\Mes recherches\Article alimentation\PMCAC\~WRL2569.tmp"
Fri 9 Jan 2009 87,552 ...H. --- "C:\Documents and Settings\Fanny\Mes documents\Furets\Mes recherches\Article alimentation\PMCAC\~WRL3636.tmp"
Thu 12 Apr 2007 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp"
Thu 12 Apr 2007 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\lock.tmp"
Thu 12 Apr 2007 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\lock.tmp"
Thu 12 Apr 2007 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch4\lock.tmp"
Thu 12 Apr 2007 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch5\lock.tmp"
Thu 12 Apr 2007 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch6\lock.tmp"
Sat 15 Apr 2006 60,416 A..H. --- "C:\Documents and Settings\Fanny\Mes documents\Cours\Cours 2äme DOC\Biochimie\Vrac\BIOCHIMIE\~WRL2438.tmp"
[b]Finished!/b
Alors..... c'est grave docteur ? Comment on traite ça ?
