Bonjour a tous!
Voila en attendant ma new machine ^^ mes parents mon refiler leurs pc portable (bien plus puissant que celui dont je disposer avant ) , mais voila comme defense mon pere avait mis Avast j'ai donc installer antivir et jetico mais je suis presque sur qu'il y ait des virus ^^ (juste a l'ouverture du disque dur il y a vait 2 fichier sous word quiq n'avait rien a fair ici j'en ai selectionner 1 et antivir ma sonner un trojan ^^)
voici les rapport :
DiagHelp version v1.4 - http://www.malekal.com
excute le 12/01/2008 à 21:42:01,39
Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
C:\WINDOWS\prefetch\SLRUNDLL.EXE-0A50E51B.pf -->12/01/2008 21:23:20
C:\WINDOWS\prefetch\POLLINGMODULE.EXE-2C738EAB.pf -->12/01/2008 21:23:06
C:\WINDOWS\prefetch\ALERTM~1.EXE-1C0AE839.pf -->12/01/2008 21:23:06
C:\WINDOWS\prefetch\TOASTER.EXE-1CBF7015.pf -->12/01/2008 21:23:05
C:\WINDOWS\prefetch\INACTIVITY.EXE-054B684A.pf -->12/01/2008 21:23:05
C:\WINDOWS\prefetch\SHELL.EXE-3189A993.pf -->12/01/2008 21:22:58
C:\WINDOWS\prefetch\NET.EXE-171DB0D9.pf -->12/01/2008 21:22:58
C:\WINDOWS\prefetch\GESTMAJ.EXE-2B68B2D2.pf -->12/01/2008 21:22:49
C:\WINDOWS\prefetch\WMIPRVSE.EXE-28F301A9.pf -->12/01/2008 21:22:21
C:\WINDOWS\prefetch\ALG.EXE-0F138680.pf -->12/01/2008 21:21:50
C:\WINDOWS\System32\drivers\avipbb.sys -->12/01/2008 20:21:30
C:\WINDOWS\System32\drivers\Adtc56.sys -->05/12/2007 11:08:08
C:\WINDOWS\System32\drivers\aswRdr.sys -->04/12/2007 15:53:39
C:\WINDOWS\System32\drivers\symavc32.sys -->01/11/2007 00:47:12
C:\WINDOWS\System32\drivers\Uaje25.sys -->31/10/2007 22:41:24
C:\WINDOWS\System32\drivers\avgntdd.sys -->09/08/2007 13:04:11
C:\WINDOWS\System32\drivers\avgntmgr.sys -->18/07/2007 14:22:19
C:\WINDOWS\System32\wpa.dbl -->12/01/2008 21:18:37
C:\WINDOWS\System32\87354753411123211122534452667798.data -->12/01/2008 21:10:52
C:\WINDOWS\System32\CONFIG.NT -->12/01/2008 20:16:41
C:\WINDOWS\System32\lvcoinst.log -->22/12/2007 20:52:42
C:\WINDOWS\System32\aswBoot.exe -->04/12/2007 14:04:28
C:\WINDOWS\System32\QuickTimeVR.qtx -->14/11/2007 23:43:22
C:\WINDOWS\System32\QuickTime.qts -->14/11/2007 23:43:22
C:\WINDOWS\System32\87354753411123211122534452667798.log -->11/11/2007 11:25:18
C:\WINDOWS\System32\perfh00C.dat -->10/11/2007 12:12:42
C:\WINDOWS\System32\perfh009.dat -->10/11/2007 12:12:42
C:\WINDOWS\System32\perfc00C.dat -->10/11/2007 12:12:42
C:\WINDOWS\System32\perfc009.dat -->10/11/2007 12:12:42
C:\WINDOWS\System32\PerfStringBackup.INI -->10/11/2007 12:12:41
C:\WINDOWS\System32\toijwiv -->01/11/2007 21:38:11
C:\WINDOWS\System32\RunOnce3.tmp -->01/11/2007 10:11:47
C:\WINDOWS\System32\RunOnce3.t__ -->01/11/2007 00:46:53
C:\WINDOWS\System32\update288.exe -->01/11/2007 00:46:52
C:\WINDOWS\System32\update285.exe -->01/11/2007 00:46:33
C:\WINDOWS\System32\update289.exe -->31/10/2007 23:09:33
C:\WINDOWS\System32\0_exception.nls -->31/10/2007 22:45:28
C:\WINDOWS\System32\ofiseifw.tmp -->31/10/2007 22:42:22
C:\WINDOWS\System32\update306.exe -->31/10/2007 22:41:44
C:\WINDOWS\System32\rmoc3260.dll -->30/08/2007 16:16:40
C:\WINDOWS\System32\pndx5032.dll -->30/08/2007 16:16:14
C:\WINDOWS\System32\pndx5016.dll -->30/08/2007 16:16:14
C:\WINDOWS\0.log -->12/01/2008 21:21:29
C:\WINDOWS\WindowsUpdate.log -->12/01/2008 21:20:07
C:\WINDOWS\QTFont.qfn -->12/01/2008 21:19:43
C:\WINDOWS\wiadebug.log -->12/01/2008 21:18:52
C:\WINDOWS\wiaservc.log -->12/01/2008 21:18:51
C:\WINDOWS\bootstat.dat -->12/01/2008 21:18:09
C:\WINDOWS\SchedLgU.Txt -->12/01/2008 21:17:11
C:\WINDOWS\setupapi.log -->12/01/2008 21:08:24
C:\WINDOWS\_delis32.ini -->12/01/2008 21:08:01
C:\WINDOWS\QTFont.for -->12/01/2008 21:02:03
C:\WINDOWS\DPINST.LOG -->12/01/2008 20:42:17
C:\WINDOWS\kit.ini -->12/01/2008 19:56:48
C:\WINDOWS\setupact.log -->12/01/2008 19:42:15
C:\WINDOWS\OEWABLog.txt -->12/01/2008 18:22:58
C:\WINDOWS\wmsetup.log -->12/01/2008 18:22:57
winlogon.exe
Verified: Signed
svchost.exe
Verified: Signed
ws2_32.dll
Verified: Signed
user32.dll
Verified: Signed
tcpip.sys
Verified: Signed
ndis.sys
Verified: Signed
null.sys
Verified: Signed
ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - http://www.sysinternals.com
------------------------------------------------------------------------------
explorer.exe pid: 208
Command line: C:\WINDOWS\Explorer.EXE
Base Size Version Path
0x76f80000 0x7f000 2001.12.4414.0258 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x7d200000 0x2b2000 3.00.3790.2180 C:\WINDOWS\system32\msi.dll
0x10000000 0x7000 1.00.0000.0001 C:\PROGRA~1\Wanadoo\Inactivity.dll
0x012c0000 0x1c000 7.00.0000.0000 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
0x01ba0000 0x37000 3.00.0000.2082 C:\WINDOWS\system32\igfxpph.dll
0x01be0000 0x1e000 3.00.0000.2082 C:\WINDOWS\system32\hccutils.DLL
0x01c10000 0x28000 3.00.0000.2082 C:\WINDOWS\system32\igfxres.dll
0x01c50000 0x50000 3.00.0000.2082 C:\WINDOWS\system32\igfxsrvc.dll
0x01cb0000 0x26000 3.00.0000.2082 C:\WINDOWS\system32\igfxdev.dll
0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
0x01f50000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x00b20000 0x2e000 C:\Program Files\WinRAR\rarext.dll
0x01240000 0x2a000 7.05.0001.0036 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll
0x00b80000 0x11000 7.00.0000.0010 C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll
0x7c250000 0x102000 7.10.3077.0000 C:\Program Files\Avira\AntiVir PersonalEdition Classic\MFC71U.DLL
0x018f0000 0x56000 7.10.3052.0004 C:\Program Files\Avira\AntiVir PersonalEdition Classic\MSVCR71.dll
0x01730000 0x13000 7.05.0001.0036 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
0x01210000 0xd000 7.00.0009.0050 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - http://www.sysinternals.com
------------------------------------------------------------------------------
winlogon.exe pid: 484
Command line: winlogon.exe
Base Size Version Path
0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe
0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x76f80000 0x7f000 2001.12.4414.0258 C:\WINDOWS\system32\CLBCATQ.DLL
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 44E3-889D
Répertoire de C:\WINDOWS\temp
20/12/2007 11:27 40 960 rtdrvmon.exe
1 fichier(s) 40 960 octets
0 Rép(s) 31 401 750 528 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 44E3-889D
Répertoire de C:\WINDOWS\system32
02/03/2006 13:00 6 144 csrss.exe
1 fichier(s) 6 144 octets
0 Rép(s) 31 401 750 528 octets libres
Contenu de Downloaded Program Files
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 44E3-889D
Répertoire de C:\WINDOWS\Downloaded Program Files
10/01/2008 18:04 <REP> .
10/01/2008 18:04 <REP> ..
18/08/2007 12:58 65 desktop.ini
25/07/2002 17:13 24 576 dwusplay.dll
25/07/2002 17:13 196 608 dwusplay.exe
25/07/2002 17:05 172 032 isusweb.dll
14/02/2007 16:30 144 setup.inf
5 fichier(s) 393 425 octets
Total des fichiers listés :
5 fichier(s) 393 425 octets
2 Rép(s) 31 401 750 528 octets libres
Recherche de rootkit! (Merci S!Ri)
Recherche d'infections connues
Export des clefs sensibles..
Liste des fichiers en exception sur le pare-feu XP SP2
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\LEXPPS.EXE"="C:\\WINDOWS\\system32\\LEXPPS.EXE:*:Disabled:LEXPPS.EXE"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Documents and Settings\\JF\\Bureau\\cerhost2.exe"="C:\\Documents and Settings\\JF\\Bureau\\cerhost2.exe:*:Enabled:cerhost2"
"C:\\Documents and Settings\\Muriel\\Bureau\\cerhost2.exe"="C:\\Documents and Settings\\Muriel\\Bureau\\cerhost2.exe:*:Enabled:cerhost2"
"C:\\WINDOWS\\system32\\taskmgr.exe"="C:\\WINDOWS\\system32\\taskmgr.exe:*:Disabled:Gestionnaire des tâches de Windows"
"C:\\Program Files\\Wanadoo\\WOOBrowser\\WOOBrowser.exe"="C:\\Program Files\\Wanadoo\\WOOBrowser\\WOOBrowser.exe:*:Enabled:Navigateur Internet"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Export de la clef SharedTaskScheduler
[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
exports des policies
REGEDIT4
[system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
Export des clefs sensibles..
Rechercher adresses sensibles dans le fichier HOSTS...
catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-12 21:43:18
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden services: 0
hidden files: 0
KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (http://www.security.org.sg)
Process list by traversal of KiWaitListHead
4 - System
208 - explorer.exe
440 - sched.exe
456 - csrss.exe
464 - AppleMobileDevi
484 - winlogon.exe
524 - guard.exe
656 - services.exe
668 - lsass.exe
684 - slserv.exe
900 - svchost.exe
936 - svchost.exe
1064 - svchost.exe
1280 - avgnt.exe
1344 - avgas.exe
1352 - TaskBarIcon.exe
1368 - iTunesHelper.ex
1624 - avguard.exe
2708 - iPodService.exe
2904 - GestionnaireInt
3120 - cmd.exe
3128 - ComComp.exe
3188 - firefox.exe
3264 - Toaster.exe
3272 - Inactivity.exe
3280 - PollingModule.e
3400 - ALERTM~1.EXE
3580 - alg.exe
3648 - Watch.exe
Total number of processes = 29
NOTE: Under WinXP, this will not show all processes.
KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (http://www.security.org.sg)
Driver/Module list by traversal of PsLoadedModuleList
804D7000 - \WINDOWS\system32\ntoskrnl.exe
806EC000 - \WINDOWS\system32\hal.dll
F9A28000 - \WINDOWS\system32\KDCOM.DLL
F9938000 - \WINDOWS\system32\BOOTVID.dll
F94D8000 - ACPI.sys
F9A2A000 - \WINDOWS\system32\DRIVERS\WMILIB.SYS
F94C7000 - pci.sys
F9528000 - isapnp.sys
F993C000 - compbatt.sys
F9940000 - \WINDOWS\system32\DRIVERS\BATTC.SYS
F9AF0000 - pciide.sys
F97A8000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
F9A2C000 - intelide.sys
F9538000 - MountMgr.sys
F94A8000 - ftdisk.sys
F9944000 - ACPIEC.sys
F9AF1000 - \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
F97B0000 - PartMgr.sys
F9548000 - VolSnap.sys
F9490000 - atapi.sys
F9558000 - disk.sys
F9568000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
F9471000 - fltMgr.sys
F945A000 - KSecDD.sys
F93CD000 - Ntfs.sys
F93A0000 - NDIS.sys
F9385000 - Mup.sys
F9638000 - \SystemRoot\system32\DRIVERS\intelppm.sys
F9326000 - \SystemRoot\system32\DRIVERS\ialmnt5.sys
F9312000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
F97D8000 - \SystemRoot\system32\DRIVERS\usbuhci.sys
F92EF000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS
F97E0000 - \SystemRoot\system32\DRIVERS\usbehci.sys
F9648000 - \SystemRoot\system32\DRIVERS\i8042prt.sys
F97E8000 - \SystemRoot\system32\DRIVERS\kbdclass.sys
F97F0000 - \SystemRoot\system32\DRIVERS\mouclass.sys
F92DB000 - \SystemRoot\system32\DRIVERS\parport.sys
F9658000 - \SystemRoot\system32\DRIVERS\imapi.sys
F9668000 - \SystemRoot\system32\DRIVERS\cdrom.sys
F9678000 - \SystemRoot\system32\DRIVERS\redbook.sys
F92B8000 - \SystemRoot\system32\DRIVERS\ks.sys
F97F8000 - \SystemRoot\System32\Drivers\GEARAspiWDM.sys
F9286000 - \SystemRoot\system32\drivers\viaudios.sys
F9262000 - \SystemRoot\system32\drivers\portcls.sys
F9688000 - \SystemRoot\system32\drivers\drmk.sys
F9212000 - \SystemRoot\system32\DRIVERS\slntamr.sys
F9800000 - \SystemRoot\system32\DRIVERS\SlWdmSup.sys
F8E16000 - \SystemRoot\system32\DRIVERS\Mtlmnt5.sys
F9808000 - \SystemRoot\System32\Drivers\Modem.SYS
F99F0000 - \SystemRoot\system32\DRIVERS\CmBatt.sys
F9C20000 - \SystemRoot\system32\DRIVERS\audstub.sys
F96A8000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys
F99F4000 - \SystemRoot\system32\DRIVERS\ndistapi.sys
F8DFF000 - \SystemRoot\system32\DRIVERS\ndiswan.sys
F96B8000 - \SystemRoot\system32\DRIVERS\raspppoe.sys
F96C8000 - \SystemRoot\system32\DRIVERS\raspptp.sys
F9810000 - \SystemRoot\system32\DRIVERS\TDI.SYS
F8DEE000 - \SystemRoot\system32\DRIVERS\psched.sys
F96D8000 - \SystemRoot\system32\DRIVERS\msgpc.sys
F9818000 - \SystemRoot\system32\DRIVERS\ptilink.sys
F9820000 - \SystemRoot\system32\DRIVERS\raspti.sys
F96E8000 - \SystemRoot\system32\DRIVERS\termdd.sys
F9A3C000 - \SystemRoot\system32\DRIVERS\swenum.sys
F8DBA000 - \SystemRoot\system32\DRIVERS\update.sys
F99FC000 - \SystemRoot\system32\DRIVERS\mssmbios.sys
F9A0C000 - \SystemRoot\system32\drivers\MODEMCSA.sys
F96F8000 - \SystemRoot\System32\Drivers\NDProxy.SYS
F0CD6000 - \SystemRoot\system32\drivers\ialmkchw.sys
F0CBA000 - \SystemRoot\system32\drivers\ialmsbw.sys
F9718000 - \SystemRoot\system32\DRIVERS\usbhub.sys
F9A3E000 - \SystemRoot\system32\DRIVERS\USBD.SYS
F9728000 - \SystemRoot\system32\drivers\A310.sys
F9349000 - \SystemRoot\System32\Drivers\bc_ngn.SYS
F9738000 - \SystemRoot\system32\drivers\A311.sys
F9840000 - \SystemRoot\System32\Drivers\bc_filter.SYS
F9850000 - \SystemRoot\System32\Drivers\bc_ip_f.SYS
F99B8000 - \SystemRoot\system32\DRIVERS\hidusb.sys
F9768000 - \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
F9858000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
F9A44000 - \SystemRoot\System32\Drivers\bc_pat_f.SYS
F9A48000 - \SystemRoot\System32\Drivers\bc_prt_f.SYS
F99C4000 - \SystemRoot\System32\Drivers\bc_tdi_f.SYS
F9A4A000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS
F9B18000 - \SystemRoot\System32\Drivers\Null.SYS
F9A4C000 - \SystemRoot\System32\Drivers\Beep.SYS
F9B1A000 - \SystemRoot\System32\DRIVERS\AvgAsCln.sys
F9868000 - \SystemRoot\System32\drivers\vga.sys
F9A4E000 - \SystemRoot\System32\Drivers\mnmdd.SYS
F9A50000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys
F9870000 - \SystemRoot\System32\Drivers\Msfs.SYS
F9878000 - \SystemRoot\System32\Drivers\Npfs.SYS
F99D0000 - \SystemRoot\system32\DRIVERS\rasacd.sys
F0BBA000 - \SystemRoot\system32\DRIVERS\ipsec.sys
F0B62000 - \SystemRoot\system32\DRIVERS\tcpip.sys
F9778000 - \SystemRoot\System32\Drivers\bcftdi.SYS
F0B41000 - \SystemRoot\system32\DRIVERS\ipnat.sys
F9788000 - \SystemRoot\system32\DRIVERS\wanarp.sys
F0B19000 - \SystemRoot\system32\DRIVERS\netbt.sys
F0AF7000 - \SystemRoot\System32\drivers\afd.sys
F9798000 - \SystemRoot\system32\DRIVERS\netbios.sys
F9888000 - \SystemRoot\system32\DRIVERS\ssmdrv.sys
F0AA3000 - \SystemRoot\system32\DRIVERS\rdbss.sys
F0A34000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys
F9598000 - \SystemRoot\System32\Drivers\Fips.SYS
F95A8000 - \SystemRoot\system32\DRIVERS\avipbb.sys
F9A54000 - \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys
F9B3C000 - \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
F0931000 - \SystemRoot\system32\DRIVERS\WlanBZXP.sys
F8D8A000 - \SystemRoot\system32\DRIVERS\mouhid.sys
F95E8000 - \SystemRoot\System32\Drivers\Cdfs.SYS
F08F1000 - \SystemRoot\System32\Drivers\dump_atapi.sys
F9A66000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS
BF800000 - \SystemRoot\System32\win32k.sys
F98A8000 - \SystemRoot\System32\watchdog.sys
F99C0000 - \SystemRoot\System32\drivers\Dxapi.sys
BF9C1000 - \SystemRoot\System32\drivers\dxg.sys
F9B91000 - \SystemRoot\System32\drivers\dxgthk.sys
BF9E0000 - \SystemRoot\System32\ialmdnt5.dll
BF9D3000 - \SystemRoot\System32\ialmrnt5.dll
BFA02000 - \SystemRoot\System32\ialmdev5.DLL
BFA32000 - \SystemRoot\System32\ialmdd5.DLL
F07E2000 - \SystemRoot\system32\DRIVERS\ndisuio.sys
F0451000 - \SystemRoot\system32\DRIVERS\mrxdav.sys
F03EC000 - \SystemRoot\system32\drivers\wdmaud.sys
F0566000 - \SystemRoot\system32\drivers\sysaudio.sys
F01F4000 - \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys
F9A56000 - \SystemRoot\System32\Drivers\ParVdm.SYS
EFEA9000 - \SystemRoot\system32\DRIVERS\srv.sys
BFFA0000 - \SystemRoot\System32\ATMFD.DLL
EFBE8000 - \SystemRoot\System32\Drivers\HTTP.sys
F98B8000 - \SystemRoot\System32\Drivers\ZDPSp50.sys
EFAC6000 - \??\C:\WINDOWS\system32\PCANDIS5.SYS
EF822000 - \SystemRoot\system32\drivers\kmixer.sys
F9BD0000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys
Total number of drivers = 134
Liste des programmes installes
Adobe Reader 7.0.9 - Français
Adobe Shockwave Player
Apple Mobile Device Support
Apple Software Update
Archiveur WinRAR
AVG Anti-Spyware 7.5
Avira AntiVir PersonalEdition Classic
Generic 3-in-1 USB Card Reader Driver v1.8b
Gestionnaire Internet
Google Earth
Hotfix for Windows XP (KB909394)
Intel(R) Extreme Graphics Driver
iTunes
Jetico Personal Firewall 1.0
livebox
livebox
MFCDLL Shared Library - Retail Version
Microsoft (R) C Runtime Library
Microsoft (R) C++ Runtime Library
Microsoft Office 2000 Premium
Mise à jour pour Windows XP (KB911164)
Mozilla Firefox (2.0.0.9)
MSXML 3.0
Navigateur Orange
Office Mouse Driver
QuickTime
RealPlayer
Sagem Wi-Fi 11g USB adapter (driver)
Sagem Wi-Fi 11g USB adapter (utility)
Smart Link 56K Modem
VIA Audio Driver Setup Program
VideoLAN VLC media player 0.8.6d
WebFldrs XP
Windows Live Messenger
Windows Live Sign-in Assistant
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 44E3-889D
Répertoire de C:\Program Files
12/01/2008 21:28 <REP> .
12/01/2008 21:28 <REP> ..
23/08/2007 19:00 <REP> ABBYY FineReader 6.0
30/08/2007 11:06 <REP> Adobe
01/11/2007 00:22 <REP> Alwil Software
12/01/2008 20:55 <REP> Apple Software Update
12/01/2008 20:18 <REP> Avira
18/08/2007 12:56 <REP> ComPlus Applications
12/01/2008 20:54 <REP> Fichiers communs
18/08/2007 14:38 <REP> Generic
27/10/2007 09:59 <REP> Google
12/01/2008 20:39 <REP> Grisoft
18/08/2007 14:39 <REP> Intel
22/08/2007 21:44 <REP> Internet Explorer
12/01/2008 21:00 <REP> iPod
12/01/2008 21:05 <REP> iTunes
12/01/2008 21:26 <REP> Jetico
23/08/2007 19:15 <REP> microsoft frontpage
23/08/2007 19:15 <REP> Microsoft Office
23/08/2007 19:20 <REP> Microsoft Visual Studio
18/08/2007 12:57 <REP> Movie Maker
12/01/2008 21:29 <REP> Mozilla Firefox
04/12/2007 20:18 <REP> MSN
18/08/2007 12:54 <REP> MSN Gaming Zone
12/01/2008 20:41 <REP> MSN Messenger
18/08/2007 12:57 <REP> NetMeeting
29/12/2007 18:02 <REP> Office Mouse Driver
18/08/2007 12:55 <REP> Online Services
18/08/2007 12:57 <REP> Outlook Express
12/01/2008 20:59 <REP> QuickTime
30/08/2007 16:15 <REP> Real
22/08/2007 21:39 <REP> SAGEM
12/01/2008 19:53 <REP> SAGEM WiFi manager
22/08/2007 21:38 <REP> Securitoo
18/08/2007 12:58 <REP> Services en ligne
18/08/2007 14:33 <REP> VIA Technologies, Inc
12/01/2008 20:39 <REP> VideoLAN
12/01/2008 21:23 <REP> Wanadoo
18/08/2007 13:00 <REP> Windows Media Player
18/08/2007 12:54 <REP> Windows NT
12/01/2008 21:29 <REP> WinRAR
18/08/2007 13:01 <REP> xerox
0 fichier(s) 0 octets
42 Rép(s) 31 401 246 720 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 44E3-889D
Répertoire de C:\Program Files\fichiers communs
12/01/2008 20:54 <REP> .
12/01/2008 20:54 <REP> ..
05/09/2007 16:04 <REP> Adobe
12/01/2008 20:54 <REP> Apple
23/08/2007 19:04 <REP> Cisco Systems
23/08/2007 19:20 <REP> Designer
20/12/2007 16:31 <REP> InstallShield
12/01/2008 21:08 <REP> Labtec
12/01/2008 20:41 <REP> Microsoft Shared
18/08/2007 12:57 <REP> MSSoap
18/08/2007 14:47 <REP> ODBC
30/08/2007 16:16 <REP> Real
18/08/2007 12:57 <REP> Services
18/08/2007 14:46 <REP> SpeechEngines
23/08/2007 19:20 <REP> System
30/08/2007 16:16 <REP> xing shared
0 fichier(s) 0 octets
16 Rép(s) 31 401 246 720 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 44E3-889D
Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders
21/10/2007 19:50 <REP> .
21/10/2007 19:50 <REP> ..
18/05/2001 14:57 561 209 MSONSEXT.DLL
03/06/1999 11:09 122 937 MSOWS409.DLL
07/03/2001 06:00 127 033 MSOWS40c.DLL
18/03/1999 05:37 593 977 RAGENT.DLL
4 fichier(s) 1 405 156 octets
2 Rép(s) 31 401 246 720 octets libres
c:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.5.0.20\iTunesSetupAdmin.exe
c:\Documents and Settings\All Users\Documents\Dossier partagé Divers\evadeo gps\Mise a jour 2 03 07\evadeo_update_2602035_to_2602093.exe
c:\Documents and Settings\Choupinou\Application Data\U3\temp\cleanup.exe
c:\Documents and Settings\Choupinou\Bureau\HiJackThis.exe
c:\Documents and Settings\Choupinou\Bureau\DiagHelp\catchme.exe
c:\Documents and Settings\Choupinou\Bureau\DiagHelp\diff.exe
c:\Documents and Settings\Choupinou\Bureau\DiagHelp\dumphive.exe
c:\Documents and Settings\Choupinou\Bureau\DiagHelp\FilesInfoCmd.exe
c:\Documents and Settings\Choupinou\Bureau\DiagHelp\find2.exe
c:\Documents and Settings\Choupinou\Bureau\DiagHelp\Fport.exe
c:\Documents and Settings\Choupinou\Bureau\DiagHelp\grep.exe
c:\Documents and Settings\Choupinou\Bureau\DiagHelp\gzip.exe
c:\Documents and Settings\Choupinou\Bureau\DiagHelp\KProcCheck.exe
c:\Documents and Settings\Choupinou\Bureau\DiagHelp\LFiles.exe
c:\Documents and Settings\Choupinou\Bureau\DiagHelp\LISTDLLS.exe
c:\Documents and Settings\Choupinou\Bureau\DiagHelp\md5sums.exe
c:\Documents and Settings\Choupinou\Bureau\DiagHelp\pslist.exe
c:\Documents and Settings\Choupinou\Bureau\DiagHelp\sigcheck.exe
c:\Documents and Settings\Choupinou\Bureau\DiagHelp\streams.exe
c:\Documents and Settings\Choupinou\Bureau\DiagHelp\swreg.exe
c:\Documents and Settings\Choupinou\Bureau\DiagHelp\tar.exe
c:\Documents and Settings\Choupinou\Bureau\Java\jre1.5.0_09\bin\java.exe
c:\Documents and Settings\Choupinou\Bureau\Java\jre1.5.0_09\bin\javacpl.exe
c:\Documents and Settings\Choupinou\Bureau\Java\jre1.5.0_09\bin\javaw.exe
c:\Documents and Settings\Choupinou\Bureau\Java\jre1.5.0_09\bin\javaws.exe
c:\Documents and Settings\Choupinou\Bureau\Java\jre1.5.0_09\bin\jucheck.exe
c:\Documents and Settings\Choupinou\Bureau\Java\jre1.5.0_09\bin\jusched.exe
c:\Documents and Settings\Choupinou\Bureau\Java\jre1.5.0_09\bin\keytool.exe
c:\Documents and Settings\Choupinou\Bureau\Java\jre1.5.0_09\bin\kinit.exe
c:\Documents and Settings\Choupinou\Bureau\Java\jre1.5.0_09\bin\klist.exe
c:\Documents and Settings\Choupinou\Bureau\Java\jre1.5.0_09\bin\ktab.exe
c:\Documents and Settings\Choupinou\Bureau\Java\jre1.5.0_09\bin\orbd.exe
c:\Documents and Settings\Choupinou\Bureau\Java\jre1.5.0_09\bin\pack200.exe
c:\Documents and Settings\Choupinou\Bureau\Java\jre1.5.0_09\bin\policytool.exe
c:\Documents and Settings\Choupinou\Bureau\Java\jre1.5.0_09\bin\rmid.exe
c:\Documents and Settings\Choupinou\Bureau\Java\jre1.5.0_09\bin\rmiregistry.exe
c:\Documents and Settings\Choupinou\Bureau\Java\jre1.5.0_09\bin\servertool.exe
c:\Documents and Settings\Choupinou\Bureau\Java\jre1.5.0_09\bin\tnameserv.exe
c:\Documents and Settings\Choupinou\Bureau\Java\jre1.5.0_09\bin\unpack200.exe
c:\Documents and Settings\Choupinou\Bureau\Java\jre1.6.0_03\bin\java.exe
c:\Documents and Settings\Choupinou\Bureau\Java\jre1.6.0_03\bin\javacpl.exe
c:\Documents and Settings\Choupinou\Bureau\Java\jre1.6.0_03\bin\java-rmi.exe
c:\Documents and Settings\Choupinou\Bureau\Java\jre1.6.0_03\bin\javaw.exe
c:\Documents and Settings\Choupinou\Bureau\Java\jre1.6.0_03\bin\javaws.exe
c:\Documents and Settings\Choupinou\Bureau\Java\jre1.6.0_03\bin\jucheck.exe
c:\Documents and Settings\Choupinou\Bureau\Java\jre1.6.0_03\bin\jureg.exe
c:\Documents and Settings\Choupinou\Bureau\Java\jre1.6.0_03\bin\jusched.exe
c:\Documents and Settings\Choupinou\Bureau\Java\jre1.6.0_03\bin\keytool.exe
c:\Documents and Settings\Choupinou\Bureau\Java\jre1.6.0_03\bin\kinit.exe
c:\Documents and Settings\Choupinou\Bureau\Java\jre1.6.0_03\bin\klist.exe
c:\Documents and Settings\Choupinou\Bureau\Java\jre1.6.0_03\bin\ktab.exe
c:\Documents and Settings\Choupinou\Bureau\Java\jre1.6.0_03\bin\orbd.exe
c:\Documents and Settings\Choupinou\Bureau\Java\jre1.6.0_03\bin\pack200.exe
c:\Documents and Settings\Choupinou\Bureau\Java\jre1.6.0_03\bin\policytool.exe
c:\Documents and Settings\Choupinou\Bureau\Java\jre1.6.0_03\bin\rmid.exe
c:\Documents and Settings\Choupinou\Bureau\Java\jre1.6.0_03\bin\rmiregistry.exe
c:\Documents and Settings\Choupinou\Bureau\Java\jre1.6.0_03\bin\servertool.exe
c:\Documents and Settings\Choupinou\Bureau\Java\jre1.6.0_03\bin\tnameserv.exe
c:\Documents and Settings\Choupinou\Bureau\Java\jre1.6.0_03\bin\unpack200.exe
c:\Documents and Settings\Choupinou\Bureau\Yoann\Divers\Lime Wire PRO\Limewire Lime Wire Pro 4.12.3.exe
c:\Documents and Settings\Choupinou\Bureau\Yoann\dossier yoann\Install_Messenger.exe
c:\Documents and Settings\Choupinou\Bureau\Yoann\Sécurité\antivir-personal-edition-7_antivir_personal_edition_classic_7_7.06.00.270_anglais_10821.exe
c:\Documents and Settings\JF\Application Data\U3\temp\cleanup.exe
c:\Documents and Settings\JF\Bureau\cerhost2.exe
c:\Documents and Settings\JF\Bureau\JFM\anti virus\FixBmalE.exe
c:\Documents and Settings\JF\Bureau\JFM\anti virus\stinger.exe
c:\Documents and Settings\JF\Bureau\JFM\JFM1\Programme mis sur PC\google_earth_bzxd.exe
c:\Documents and Settings\JF\Bureau\JFM\JFM1\Programme mis sur PC\install_flash_player.exe
c:\Documents and Settings\JF\Bureau\JFM\JFM1\Programme mis sur PC\Install_Messenger.exe
c:\Documents and Settings\JF\Bureau\JFM\JFM1\Programme mis sur PC\quicktimeinstaller.exe
c:\Documents and Settings\JF\Bureau\JFM\JFM1\Programme mis sur PC\realplayer10-5gold_fr.exe
c:\Documents and Settings\JF\Local Settings\Temp\_isA3.exe
c:\Documents and Settings\JF\Local Settings\Temp\_isA4.exe
c:\Documents and Settings\JF\Local Settings\Temp\adgmwvu.exe
c:\Documents and Settings\JF\Local Settings\Temp\Install_Messenger.exe
c:\Documents and Settings\JF\Local Settings\Temp\rtdrvmon.exe
c:\Documents and Settings\JF\Local Settings\Temp\setup_wm.exe
c:\Documents and Settings\JF\Local Settings\Temp\TFR6.exe
c:\Documents and Settings\JF\Local Settings\Temp\winlogon.exe
c:\Documents and Settings\JF\Local Settings\Temp\TEInst\Setup.exe
c:\Documents and Settings\JF\Local Settings\Temp\TEInst\SkylineGlobeShell.exe
c:\Documents and Settings\JF\Local Settings\Temp\TEInst\TerraExplorer.exe
c:\Documents and Settings\JF\Local Settings\Temp\TEInst\teutil.exe
c:\Documents and Settings\JF\Local Settings\Temp\TEInst\Tools\PyramidTool\PyramidTool.exe
c:\Documents and Settings\JF\Local Settings\Temp\WMC0000.tmp\WMPAU.exe
c:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4TQTK9E1\25319[1].exe
c:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4TQTK9E1\abbaa[1].exe
c:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4TQTK9E1\id4215[1].exe
c:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4TQTK9E1\id4215[2].exe
c:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4TQTK9E1\id4215[3].exe
c:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4TQTK9E1\install333[1].exe
c:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4TQTK9E1\install333[2].exe
c:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4TQTK9E1\install333[3].exe
c:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4TQTK9E1\packed_installer_cn[1].exe
c:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4TQTK9E1\u_f1_v31_40[1].exe
c:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4TQTK9E1\u_f1_v31_40[2].exe
c:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4TQTK9E1\u_f1_v31_40[3].exe
c:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\K98FA5UJ\25319[1].exe
c:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\K98FA5UJ\25319[2].exe
c:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\K98FA5UJ\25319[3].exe
c:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\K98FA5UJ\are123[1].exe
c:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\K98FA5UJ\eaglenew[1].exe
c:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\K98FA5UJ\id4215[1].exe
c:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\K98FA5UJ\id4215[2].exe
c:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\K98FA5UJ\id4215[3].exe
c:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\K98FA5UJ\id4215[4].exe
c:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\K98FA5UJ\id4215[5].exe
c:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\K98FA5UJ\install333[1].exe
c:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\K98FA5UJ\u_f1_v31_40[1].exe
c:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\K98FA5UJ\u_f1_v31_40[2].exe
c:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\K98FA5UJ\u_f1_v31_40[3].exe
c:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\K98FA5UJ\u_f1_v31_40[4].exe
c:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\K98FA5UJ\u_f1_v31_40[5].exe
c:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\MFCRGFUP\25319[1].exe
c:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\MFCRGFUP\25319[2].exe
c:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\MFCRGFUP\25319[3].exe
c:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\MFCRGFUP\25319[4].exe
c:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\MFCRGFUP\25319[5].exe
c:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\MFCRGFUP\eaglenew[1].exe
c:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\MFCRGFUP\eaglenew[2].exe
c:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\MFCRGFUP\id4215[1].exe
c:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\MFCRGFUP\id4215[2].exe
c:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\MFCRGFUP\install333[1].exe
c:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\SDW92XQ7\25319[1].exe
c:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\SDW92XQ7\25319[2].exe
c:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\SDW92XQ7\25319[3].exe
c:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\SDW92XQ7\eaglenew[1].exe
c:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\SDW92XQ7\id4215[1].exe
c:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\SDW92XQ7\install333[1].exe
c:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\SDW92XQ7\u_f1_v31_40[1].exe
c:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\SDW92XQ7\u_f1_v31_40[2].exe
c:\Documents and Settings\Muriel\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr709_fr_FR.exe
c:\Documents and Settings\Muriel\Bureau\cerhost2.exe
c:\Documents and Settings\Muriel\Local Settings\Temp\rtdrvmon.exe
c:\Documents and Settings\Propriétaire\Local Settings\Temp\ShowLogo.exe
c:\Documents and Settings\All Users\Application Data\Grisoft\AVG Anti-Spyware 7.5\Downloads\help.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll
****** Fin du rapport DiagHelp
Veuillez svp envoyer le fichier C:\upload_moi_USER-58CE52D2BC.tar.gz a l'adresse http://upload.malekal.com
__________
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:49:32, on 12/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Choupinou\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\i386kd.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [Disk Monitor] C:\Documents and Settings\JF\Disk_Monitor.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [JeticoPFStartup] "C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe"
O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O18 - Filter hijack: text/html - {A8981DB9-B2B3-47D7-A890-9C9D9F4C5552} - C:\WINDOWS\mf22.tmp
O20 - Winlogon Notify: Sideori - C:\WINDOWS\SYSTEM32\Sideori.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
--
End of file - 5575 bytes
rapport Antivir :
3 virus trouver avec DiagHelp :
- TR\Dropper.gen ==> C:\Windows\system32\update288.exe }
- TR\Crypt.XDR.Gen ==> C:\Windows\system32\update285.exe }Mis en quarantaine
- BDS\Medbot.Gen ==> C:\Windows\system32\update289.exe }
rapport AVG :
4 spyware trouver avec diagHelp :
-Trojan.Inject.mf ==> C:\DOCUME~1\CHOUPI~1\Temp\krfgepxsE52D2BC.dll }
-Trojan.Inject.mf ==> C:\DOCUME~1\CHOUPI~1\Temp\krfgepxsE52D2BC.dll }pareil que antivir
-Trojan.Inject.mf ==> C:\DOCUME~1\CHOUPI~1\Temp\krfgepxsE52D2BC.dll }pareil que antivir
-Trojan.Inject.mf ==> C:\DOCUME~1\CHOUPI~1\Temp\krfgepxsE52D2BC.dll }