Fenetre cid

apres bq de mal voila ce que jai
apres la reouverture windows ma dit : trouve pas le dossier
et il en ressort ce rapport et jen ai un autre de catchme je te lenvoi aussi
merci
a++
SDFix: Version 1.135

Run by Amélie on 02/02/2008 at 14:54

Microsoft Windows XP [version 5.1.2600]

Running From: C:\DOCUME~1\AMLIE~1\Bureau\SDFIX1~1\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

No Trojan Files Found






Removing Temp Files...

ADS Check:



Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-02 15:02:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

IPC error: 2 Le fichier spécifié est introuvable.
scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\uiohej]
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000000
"ImagePath"=str(2):"\??\C:\WINDOWS\system32\uiohej.log"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\uiohej\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\uiohej]
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000000
"ImagePath"=str(2):"\??\C:\WINDOWS\system32\uiohej.log"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\uiohej\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,..

scanning hidden registry entries ...

scanning hidden files ...


scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 44


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------


Files with Hidden Attributes:

Mon 20 Aug 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 22 Jan 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sat 1 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8b3179d71e82d8085d960408b16ae5bf\BIT7D.tmp"
Sat 1 Dec 2007 1,229,688 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\bc7043d60e692448b548f03d568309ab\BIT7C.tmp"

Finished!


catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-02 15:02:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

IPC error: 2 Le fichier spécifié est introuvable.
scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\uiohej]
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000000
"ImagePath"=str(2):"\??\C:\WINDOWS\system32\uiohej.log"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\uiohej\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\uiohej]
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000000
"ImagePath"=str(2):"\??\C:\WINDOWS\system32\uiohej.log"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\uiohej\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,..

scanning hidden registry entries ...

scanning hidden files ...


scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 44

bonsoir,

jai copier la ligne a lcoller , jai ouvert le site concerné - sur la case blche a coté de parcourir je n'ai pu coller la ligne car cette action nexiste pas - alors jai cliqué sur parcourir et collé en bas - evidemment ca ne souvre pas -!!!! que faire -


autrement le "submit" est grisé donc inserviable ....

je fait quoi alors ? peux tu m'aider ?
merci

jespere que tu ne men veux pas davoir appelé green day ...

car vu comme ca c passé au début !!!

merci pour ton conseil

Salut,
Tu peux suivre les conseils de Lyonnais car avec une telle infection...T'es pas aidée...
A+

bonsoir,

voila !

ComboFix 08-02.02.5 - Amélie 2008-02-04 21:41:23.8 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.591 [GMT 1:00]
Endroit: C:\Documents and Settings\Amélie\Bureau\ComboFix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

((((((((((((((((((((((((((((( Fichiers créés 2008-01-04 to 2008-02-04 ))))))))))))))))))))))))))))))))))))
.

2008-02-01 21:30 . 2008-02-01 21:30 <REP> d-------- C:\Documents and Settings\Amélie\Application Data\Grisoft
2008-02-01 18:54 . 2008-02-01 19:41 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-02-01 18:46 . 2008-02-01 18:48 121 --a------ C:\WINDOWS\bdagent.INI
2008-02-01 18:44 . 2008-02-01 18:49 <REP> d-------- C:\Program Files\BitDefender
2008-02-01 18:43 . 2008-02-01 18:49 <REP> d-------- C:\Program Files\Fichiers communs\BitDefender
2008-02-01 17:36 . 2008-02-01 17:36 <REP> d-------- C:\_OTMoveIt
2008-02-01 17:36 . 2008-02-01 17:36 268 --ah----- C:\sqmdata11.sqm
2008-02-01 17:36 . 2008-02-01 17:36 244 --ah----- C:\sqmnoopt11.sqm
2008-02-01 17:08 . 2008-02-01 17:08 268 --ah----- C:\sqmdata10.sqm
2008-02-01 17:08 . 2008-02-01 17:08 244 --ah----- C:\sqmnoopt10.sqm
2008-02-01 16:43 . 2008-02-01 16:43 <REP> d-------- C:\WINDOWS\ERUNT
2008-02-01 16:37 . 2008-02-01 16:37 268 --ah----- C:\sqmdata09.sqm
2008-02-01 16:37 . 2008-02-01 16:37 244 --ah----- C:\sqmnoopt09.sqm
2008-02-01 16:34 . 2008-02-01 20:17 <REP> d-------- C:\SDFix
2008-02-01 14:34 . 2008-02-01 14:34 268 --ah----- C:\sqmdata08.sqm
2008-02-01 14:34 . 2008-02-01 14:34 244 --ah----- C:\sqmnoopt08.sqm
2008-02-01 14:09 . 2008-02-01 14:09 268 --ah----- C:\sqmdata07.sqm
2008-02-01 14:09 . 2008-02-01 14:09 244 --ah----- C:\sqmnoopt07.sqm
2008-02-01 09:24 . 2008-02-01 09:24 268 --ah----- C:\sqmdata06.sqm
2008-02-01 09:24 . 2008-02-01 09:24 244 --ah----- C:\sqmnoopt06.sqm
2008-02-01 02:11 . 2008-02-01 02:11 268 --ah----- C:\sqmdata05.sqm
2008-02-01 02:11 . 2008-02-01 02:11 244 --ah----- C:\sqmnoopt05.sqm
2008-02-01 01:35 . 2008-02-01 01:35 268 --ah----- C:\sqmdata04.sqm
2008-02-01 01:35 . 2008-02-01 01:35 244 --ah----- C:\sqmnoopt04.sqm
2008-02-01 01:33 . 2008-02-01 01:33 19,952 --a------ C:\Documents and Settings\utilisateur\Application Data\GDIPFONTCACHEV1.DAT
2008-02-01 00:57 . 2008-02-01 00:57 268 --ah----- C:\sqmdata03.sqm
2008-02-01 00:57 . 2008-02-01 00:57 244 --ah----- C:\sqmnoopt03.sqm
2008-02-01 00:52 . 2008-02-01 00:55 <REP> d-------- C:\ComboFix[1]
2008-01-31 18:32 . 2008-01-31 18:32 <REP> d-------- C:\Documents and Settings\utilisateur\Application Data\Grisoft
2008-01-31 18:32 . 2008-01-31 18:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-31 18:32 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-31 17:28 . 2008-01-31 17:28 <REP> d-------- C:\Program Files\Trend Micro
2008-01-31 00:07 . 2008-02-02 11:13 <REP> d-------- C:\Program Files\Lopxp
2008-01-30 22:21 . 2008-01-31 22:31 <REP> d-------- C:\Program Files\Hijackthis Version Française
2008-01-30 21:16 . 2008-01-30 21:16 <REP> d-------- C:\Program Files\Sunbelt Software
2008-01-30 17:07 . 2008-01-30 17:07 <REP> d-------- C:\Program Files\CCleaner
2008-01-29 16:46 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-01-29 16:46 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-01-29 16:46 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-01-28 17:44 . 2006-03-29 15:05 32,768 --------- C:\WINDOWS\system32\IJRMF.exe
2008-01-28 16:44 . 2008-01-28 16:44 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Search Settings
2008-01-27 14:53 . 2008-01-27 14:53 <REP> d-------- C:\Documents and Settings\Invité\Application Data\Search Settings
2008-01-27 14:52 . 2004-08-03 22:59 34,688 --a------ C:\WINDOWS\system32\drivers\lbrtfdc.sys
2008-01-27 14:52 . 2004-08-03 22:59 34,688 --a--c--- C:\WINDOWS\system32\dllcache\lbrtfdc.sys
2008-01-27 14:52 . 2004-08-03 23:00 8,192 --a------ C:\WINDOWS\system32\drivers\i2omgmt.sys
2008-01-27 14:52 . 2004-08-03 23:00 8,192 --a------ C:\WINDOWS\system32\drivers\changer.sys
2008-01-27 14:52 . 2004-08-03 23:00 8,192 --a--c--- C:\WINDOWS\system32\dllcache\i2omgmt.sys
2008-01-27 14:52 . 2004-08-03 23:00 8,192 --a--c--- C:\WINDOWS\system32\dllcache\changer.sys
2008-01-21 22:09 . 2008-01-21 22:09 <REP> d-------- C:\Documents and Settings\Amélie\Application Data\MSNInstaller
2008-01-20 14:51 . 2008-01-20 14:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-01-20 12:03 . 2008-01-22 09:21 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-01-18 22:24 . 2008-01-18 22:24 <REP> d-------- C:\Program Files\Realtek AC97
2008-01-18 22:24 . 2006-11-17 05:40 18,804,736 --a------ C:\WINDOWS\system32\alsndmgr.cpl
2008-01-18 22:24 . 2006-12-08 15:20 10,528,768 --a------ C:\WINDOWS\system32\RTLCPL.exe
2008-01-18 22:24 . 2007-03-08 14:34 4,027,840 -ra------ C:\WINDOWS\system32\drivers\alcxwdm.sys
2008-01-18 22:24 . 2006-11-17 05:42 577,536 --a------ C:\WINDOWS\soundman.exe
2008-01-18 22:24 . 2006-07-31 11:19 315,392 --a------ C:\WINDOWS\alcupd.exe
2008-01-18 22:24 . 2006-07-31 11:27 217,088 --a------ C:\WINDOWS\Alcrmv.exe
2008-01-18 22:24 . 2006-10-18 02:53 147,456 --a------ C:\WINDOWS\system32\RtlCPAPI.dll
2008-01-18 22:24 . 2002-02-05 13:54 141,016 --a------ C:\WINDOWS\system32\alsndmgr.wav
2008-01-18 19:40 . 2007-06-07 12:25 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-01-18 19:40 . 2007-06-07 12:25 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-01-18 19:40 . 2007-06-07 14:02 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-01-18 19:40 . 2007-06-07 12:25 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-01-18 19:40 . 2007-06-07 12:25 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-01-18 19:40 . 2007-06-07 12:25 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-01-18 19:40 . 2007-06-07 12:25 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-01-14 18:32 . 2008-02-04 19:57 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-14 18:32 . 2008-01-14 18:32 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-14 18:02 . 2007-06-07 12:25 <REP> d--h----- C:\Documents and Settings\Invité\Voisinage réseau
2008-01-14 18:02 . 2007-06-07 12:25 <REP> d--h----- C:\Documents and Settings\Invité\Voisinage réseau
2008-01-14 18:02 . 2007-06-07 12:25 <REP> d--h----- C:\Documents and Settings\Invité\Voisinage d'impression
2008-01-14 18:02 . 2007-06-07 12:25 <REP> d--h----- C:\Documents and Settings\Invité\Voisinage d'impression
2008-01-14 18:02 . 2007-06-07 14:02 <REP> d--h----- C:\Documents and Settings\Invité\Modèles
2008-01-14 18:02 . 2007-06-07 14:02 <REP> d--h----- C:\Documents and Settings\Invité\Modèles
2008-01-14 18:02 . 2008-01-14 18:03 <REP> dr------- C:\Documents and Settings\Invité\Mes documents
2008-01-14 18:02 . 2008-01-14 18:03 <REP> dr------- C:\Documents and Settings\Invité\Mes documents
2008-01-14 18:02 . 2007-06-07 12:25 <REP> dr------- C:\Documents and Settings\Invité\Menu Démarrer
2008-01-14 18:02 . 2007-06-07 12:25 <REP> dr------- C:\Documents and Settings\Invité\Menu Démarrer
2008-01-14 18:02 . 2008-01-14 18:03 <REP> dr------- C:\Documents and Settings\Invité\Favoris
2008-01-14 18:02 . 2008-01-14 18:03 <REP> dr------- C:\Documents and Settings\Invité\Favoris
2008-01-14 18:02 . 2007-06-07 12:25 <REP> d-------- C:\Documents and Settings\Invité\Bureau
2008-01-14 18:02 . 2007-06-07 12:25 <REP> d-------- C:\Documents and Settings\Invité\Bureau
2008-01-09 15:01 . 2008-01-09 15:01 53,248 --a------ C:\WINDOWS\bdoscandel.exe
2008-01-09 15:01 . 2008-01-09 15:01 453 --a------ C:\WINDOWS\bdoscandellang.ini

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-29 22:54 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-28 17:09 --------- d-----w C:\Program Files\eMule
2008-01-27 20:50 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
2008-01-27 14:36 --------- d-----w C:\Program Files\MSN Messenger
2008-01-27 14:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-18 21:54 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-01-18 21:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-18 20:49 --------- d-----w C:\Documents and Settings\Amélie\Application Data\ford this default
2008-01-14 18:02 --------- d-----w C:\Program Files\GIMP-2.0
2008-01-14 17:58 --------- d-----w C:\Program Files\ABBYY FineReader 6.0 Sprint
2008-01-14 17:49 --------- d-----w C:\Program Files\Videora
2008-01-14 17:43 --------- d-----w C:\Program Files\BitComet
2008-01-14 17:40 --------- d-----w C:\Program Files\IncrediMail
2008-01-03 17:09 --------- d-----w C:\Program Files\Fichiers communs\AVSMedia
2008-01-03 17:08 --------- d-----w C:\Program Files\AVSMedia
2007-12-28 19:22 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-12-28 19:13 --------- d-----w C:\Program Files\Windows Live
2007-12-28 19:06 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2007-12-19 21:08 --------- d-----w C:\Documents and Settings\utilisateur\Application Data\Gestion Commerciale
2007-12-18 22:00 --------- d-----w C:\Documents and Settings\utilisateur\Application Data\Comptabilité
2007-12-16 17:32 21,920 ----a-w C:\Documents and Settings\Amélie\Application Data\GDIPFONTCACHEV1.DAT
2007-12-13 18:05 --------- d-----w C:\Program Files\Sony
2007-12-13 18:05 --------- d-----w C:\Program Files\Fichiers communs\Sony Shared
2007-12-13 18:05 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-12-13 18:01 --------- d-----w C:\Program Files\Common Files
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-01-12 13:23 3,956,736 ----a-w C:\Program Files\FoxitReader.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-10-10 20:49 7286784]
"nwiz"="nwiz.exe" [2005-10-10 20:49 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-10-10 20:49 86016]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-14 23:43 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 05:42 577536 C:\WINDOWS\soundman.exe]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

C:\Documents and Settings\utilisateur\Menu D‚marrer\Programmes\D‚marrage\
Pervasive.SQL Workgroup Engine.lnk - C:\PVSW\Bin\w3dbsmgr.exe [2004-11-26 18:31:32 106546]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 08:01:04 83360]

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 10:21]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 10:21]
R2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 10:21]
S1 uiohej;uiohej;C:\WINDOWS\system32\uiohej.log []
S2 NVSvcMSDTC;NVIDIA Display Driver Service NVSvcMSDTC;C:\WINDOWS\system32\alsndmgrj.exe srv []
S2 SwPrvAudioSrv;MS Software Shadow Copy Provider SwPrvAudioSrv;C:\WINDOWS\system32\alsndmgrx.exe srv []

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-01 18:52:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-04 21:45:59
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-02-04 21:47:56
ComboFix-quarantined-files.txt 2008-02-04 20:47:47
ComboFix2.txt 2008-02-03 00:19:51
ComboFix3.txt 2008-02-02 10:42:18
ComboFix4.txt 2008-02-01 16:16:00
ComboFix5.txt 2008-02-01 13:39:36
.
2008-01-10 02:02:03 --- E O F ---

ComboFix 08-02.02.5 - Amélie 2008-02-04 22:03:51.9 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.544 [GMT 1:00]
Endroit: C:\Documents and Settings\Amélie\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Amélie\Bureau\CFScript.txt.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

FILE
C:\WINDOWS\system32\uiohej.log
.

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-04 to 2008-02-04 ))))))))))))))))))))))))))))))))))))
.

2008-02-01 18:54 . 2008-02-01 19:41 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-02-01 18:46 . 2008-02-01 18:48 121 --a------ C:\WINDOWS\bdagent.INI
2008-02-01 18:44 . 2008-02-01 18:49 <REP> d-------- C:\Program Files\BitDefender
2008-02-01 18:43 . 2008-02-01 18:49 <REP> d-------- C:\Program Files\Fichiers communs\BitDefender
2008-02-01 17:36 . 2008-02-01 17:36 <REP> d-------- C:\_OTMoveIt
2008-02-01 17:36 . 2008-02-01 17:36 268 --ah----- C:\sqmdata11.sqm
2008-02-01 17:36 . 2008-02-01 17:36 244 --ah----- C:\sqmnoopt11.sqm
2008-02-01 17:08 . 2008-02-01 17:08 268 --ah----- C:\sqmdata10.sqm
2008-02-01 17:08 . 2008-02-01 17:08 244 --ah----- C:\sqmnoopt10.sqm
2008-02-01 16:43 . 2008-02-01 16:43 <REP> d-------- C:\WINDOWS\ERUNT
2008-02-01 16:37 . 2008-02-01 16:37 268 --ah----- C:\sqmdata09.sqm
2008-02-01 16:37 . 2008-02-01 16:37 244 --ah----- C:\sqmnoopt09.sqm
2008-02-01 16:34 . 2008-02-01 20:17 <REP> d-------- C:\SDFix
2008-02-01 14:34 . 2008-02-01 14:34 268 --ah----- C:\sqmdata08.sqm
2008-02-01 14:34 . 2008-02-01 14:34 244 --ah----- C:\sqmnoopt08.sqm
2008-02-01 14:09 . 2008-02-01 14:09 268 --ah----- C:\sqmdata07.sqm
2008-02-01 14:09 . 2008-02-01 14:09 244 --ah----- C:\sqmnoopt07.sqm
2008-02-01 09:24 . 2008-02-01 09:24 268 --ah----- C:\sqmdata06.sqm
2008-02-01 09:24 . 2008-02-01 09:24 244 --ah----- C:\sqmnoopt06.sqm
2008-02-01 02:11 . 2008-02-01 02:11 268 --ah----- C:\sqmdata05.sqm
2008-02-01 02:11 . 2008-02-01 02:11 244 --ah----- C:\sqmnoopt05.sqm
2008-02-01 01:35 . 2008-02-01 01:35 268 --ah----- C:\sqmdata04.sqm
2008-02-01 01:35 . 2008-02-01 01:35 244 --ah----- C:\sqmnoopt04.sqm
2008-02-01 01:33 . 2008-02-01 01:33 19,952 --a------ C:\Documents and Settings\utilisateur\Application Data\GDIPFONTCACHEV1.DAT
2008-02-01 00:57 . 2008-02-01 00:57 268 --ah----- C:\sqmdata03.sqm
2008-02-01 00:57 . 2008-02-01 00:57 244 --ah----- C:\sqmnoopt03.sqm
2008-02-01 00:52 . 2008-02-01 00:55 <REP> d-------- C:\ComboFix[1]
2008-01-31 18:32 . 2008-01-31 18:32 <REP> d-------- C:\Documents and Settings\utilisateur\Application Data\Grisoft
2008-01-31 18:32 . 2008-01-31 18:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-31 18:32 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-31 17:28 . 2008-01-31 17:28 <REP> d-------- C:\Program Files\Trend Micro
2008-01-31 00:07 . 2008-02-02 11:13 <REP> d-------- C:\Program Files\Lopxp
2008-01-30 22:21 . 2008-01-31 22:31 <REP> d-------- C:\Program Files\Hijackthis Version Fran‡aise
2008-01-30 21:16 . 2008-01-30 21:16 <REP> d-------- C:\Program Files\Sunbelt Software
2008-01-30 17:07 . 2008-01-30 17:07 <REP> d-------- C:\Program Files\CCleaner
2008-01-29 16:46 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-01-29 16:46 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-01-29 16:46 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-01-28 17:44 . 2006-03-29 15:05 32,768 --------- C:\WINDOWS\system32\IJRMF.exe
2008-01-28 16:44 . 2008-01-28 16:44 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Search Settings
2008-01-27 14:52 . 2004-08-03 22:59 34,688 --a------ C:\WINDOWS\system32\drivers\lbrtfdc.sys
2008-01-27 14:52 . 2004-08-03 22:59 34,688 --a--c--- C:\WINDOWS\system32\dllcache\lbrtfdc.sys
2008-01-27 14:52 . 2004-08-03 23:00 8,192 --a------ C:\WINDOWS\system32\drivers\i2omgmt.sys
2008-01-27 14:52 . 2004-08-03 23:00 8,192 --a------ C:\WINDOWS\system32\drivers\changer.sys
2008-01-27 14:52 . 2004-08-03 23:00 8,192 --a--c--- C:\WINDOWS\system32\dllcache\i2omgmt.sys
2008-01-27 14:52 . 2004-08-03 23:00 8,192 --a--c--- C:\WINDOWS\system32\dllcache\changer.sys
2008-01-20 14:51 . 2008-01-20 14:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-01-20 12:03 . 2008-01-22 09:21 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-01-18 22:24 . 2008-01-18 22:24 <REP> d-------- C:\Program Files\Realtek AC97
2008-01-18 22:24 . 2006-11-17 05:40 18,804,736 --a------ C:\WINDOWS\system32\alsndmgr.cpl
2008-01-18 22:24 . 2006-12-08 15:20 10,528,768 --a------ C:\WINDOWS\system32\RTLCPL.exe
2008-01-18 22:24 . 2007-03-08 14:34 4,027,840 -ra------ C:\WINDOWS\system32\drivers\alcxwdm.sys
2008-01-18 22:24 . 2006-11-17 05:42 577,536 --a------ C:\WINDOWS\soundman.exe
2008-01-18 22:24 . 2006-07-31 11:19 315,392 --a------ C:\WINDOWS\alcupd.exe
2008-01-18 22:24 . 2006-07-31 11:27 217,088 --a------ C:\WINDOWS\Alcrmv.exe
2008-01-18 22:24 . 2006-10-18 02:53 147,456 --a------ C:\WINDOWS\system32\RtlCPAPI.dll
2008-01-18 22:24 . 2002-02-05 13:54 141,016 --a------ C:\WINDOWS\system32\alsndmgr.wav
2008-01-18 19:40 . 2007-06-07 12:25 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-01-18 19:40 . 2007-06-07 12:25 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-01-18 19:40 . 2007-06-07 14:02 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2008-01-18 19:40 . 2007-06-07 12:25 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-01-18 19:40 . 2007-06-07 12:25 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-01-18 19:40 . 2007-06-07 12:25 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-01-18 19:40 . 2007-06-07 12:25 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-01-14 18:32 . 2008-02-04 22:11 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-14 18:32 . 2008-01-14 18:32 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-09 15:01 . 2008-01-09 15:01 53,248 --a------ C:\WINDOWS\bdoscandel.exe
2008-01-09 15:01 . 2008-01-09 15:01 453 --a------ C:\WINDOWS\bdoscandellang.ini

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-31 21:31 --------- d-----w C:\Program Files\Hijackthis Version Française
2008-01-29 22:54 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-28 17:09 --------- d-----w C:\Program Files\eMule
2008-01-27 20:50 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
2008-01-27 14:36 --------- d-----w C:\Program Files\MSN Messenger
2008-01-27 14:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-18 21:54 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-01-18 21:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-14 18:02 --------- d-----w C:\Program Files\GIMP-2.0
2008-01-14 17:58 --------- d-----w C:\Program Files\ABBYY FineReader 6.0 Sprint
2008-01-14 17:49 --------- d-----w C:\Program Files\Videora
2008-01-14 17:43 --------- d-----w C:\Program Files\BitComet
2008-01-14 17:40 --------- d-----w C:\Program Files\IncrediMail
2008-01-03 17:09 --------- d-----w C:\Program Files\Fichiers communs\AVSMedia
2008-01-03 17:08 --------- d-----w C:\Program Files\AVSMedia
2007-12-28 19:22 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-12-28 19:13 --------- d-----w C:\Program Files\Windows Live
2007-12-28 19:06 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2007-12-19 21:08 --------- d-----w C:\Documents and Settings\utilisateur\Application Data\Gestion Commerciale
2007-12-18 22:00 --------- d-----w C:\Documents and Settings\utilisateur\Application Data\Comptabilité
2007-12-13 18:05 --------- d-----w C:\Program Files\Sony
2007-12-13 18:05 --------- d-----w C:\Program Files\Fichiers communs\Sony Shared
2007-12-13 18:05 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-12-13 18:01 --------- d-----w C:\Program Files\Common Files
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-01-12 13:23 3,956,736 ----a-w C:\Program Files\FoxitReader.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-10-10 20:49 7286784]
"nwiz"="nwiz.exe" [2005-10-10 20:49 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-10-10 20:49 86016]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-14 23:43 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 05:42 577536 C:\WINDOWS\soundman.exe]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 10:21]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 10:21]
R2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 10:21]
S2 NVSvcMSDTC;NVIDIA Display Driver Service NVSvcMSDTC;C:\WINDOWS\system32\alsndmgrj.exe srv []
S2 SwPrvAudioSrv;MS Software Shadow Copy Provider SwPrvAudioSrv;C:\WINDOWS\system32\alsndmgrx.exe srv []

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-02-01 18:52:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-04 22:12:01
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-02-04 22:15:36 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-04 21:15:27
ComboFix2.txt 2008-02-04 20:47:58
ComboFix3.txt 2008-02-03 00:19:51
ComboFix4.txt 2008-02-02 10:42:18
ComboFix5.txt 2008-02-01 16:16:00
.
2008-01-10 02:02:03 --- E O F ---

ComboFix 08-02.02.5 - Amélie 2008-02-04 22:30:00.10 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.588 [GMT 1:00]
Endroit: C:\Documents and Settings\Amélie\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Amélie\Bureau\22h27\CFScript.txt.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

FILE
C:\WINDOWS\system32\alsndmgrx.exe
.

((((((((((((((((((((((((((((( Fichiers créés 2008-01-04 to 2008-02-04 ))))))))))))))))))))))))))))))))))))
.

2008-02-01 21:30 . 2008-02-01 21:30 <REP> d-------- C:\Documents and Settings\Amélie\Application Data\Grisoft
2008-02-01 18:54 . 2008-02-01 19:41 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-02-01 18:46 . 2008-02-01 18:48 121 --a------ C:\WINDOWS\bdagent.INI
2008-02-01 18:44 . 2008-02-01 18:49 <REP> d-------- C:\Program Files\BitDefender
2008-02-01 18:43 . 2008-02-01 18:49 <REP> d-------- C:\Program Files\Fichiers communs\BitDefender
2008-02-01 17:36 . 2008-02-01 17:36 <REP> d-------- C:\_OTMoveIt
2008-02-01 17:36 . 2008-02-01 17:36 268 --ah----- C:\sqmdata11.sqm
2008-02-01 17:36 . 2008-02-01 17:36 244 --ah----- C:\sqmnoopt11.sqm
2008-02-01 17:08 . 2008-02-01 17:08 268 --ah----- C:\sqmdata10.sqm
2008-02-01 17:08 . 2008-02-01 17:08 244 --ah----- C:\sqmnoopt10.sqm
2008-02-01 16:43 . 2008-02-01 16:43 <REP> d-------- C:\WINDOWS\ERUNT
2008-02-01 16:37 . 2008-02-01 16:37 268 --ah----- C:\sqmdata09.sqm
2008-02-01 16:37 . 2008-02-01 16:37 244 --ah----- C:\sqmnoopt09.sqm
2008-02-01 16:34 . 2008-02-01 20:17 <REP> d-------- C:\SDFix
2008-02-01 14:34 . 2008-02-01 14:34 268 --ah----- C:\sqmdata08.sqm
2008-02-01 14:34 . 2008-02-01 14:34 244 --ah----- C:\sqmnoopt08.sqm
2008-02-01 14:09 . 2008-02-01 14:09 268 --ah----- C:\sqmdata07.sqm
2008-02-01 14:09 . 2008-02-01 14:09 244 --ah----- C:\sqmnoopt07.sqm
2008-02-01 09:24 . 2008-02-01 09:24 268 --ah----- C:\sqmdata06.sqm
2008-02-01 09:24 . 2008-02-01 09:24 244 --ah----- C:\sqmnoopt06.sqm
2008-02-01 02:11 . 2008-02-01 02:11 268 --ah----- C:\sqmdata05.sqm
2008-02-01 02:11 . 2008-02-01 02:11 244 --ah----- C:\sqmnoopt05.sqm
2008-02-01 01:35 . 2008-02-01 01:35 268 --ah----- C:\sqmdata04.sqm
2008-02-01 01:35 . 2008-02-01 01:35 244 --ah----- C:\sqmnoopt04.sqm
2008-02-01 01:33 . 2008-02-01 01:33 19,952 --a------ C:\Documents and Settings\utilisateur\Application Data\GDIPFONTCACHEV1.DAT
2008-02-01 00:57 . 2008-02-01 00:57 268 --ah----- C:\sqmdata03.sqm
2008-02-01 00:57 . 2008-02-01 00:57 244 --ah----- C:\sqmnoopt03.sqm
2008-02-01 00:52 . 2008-02-01 00:55 <REP> d-------- C:\ComboFix[1]
2008-01-31 18:32 . 2008-01-31 18:32 <REP> d-------- C:\Documents and Settings\utilisateur\Application Data\Grisoft
2008-01-31 18:32 . 2008-01-31 18:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-31 18:32 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-31 17:28 . 2008-01-31 17:28 <REP> d-------- C:\Program Files\Trend Micro
2008-01-31 00:07 . 2008-02-02 11:13 <REP> d-------- C:\Program Files\Lopxp
2008-01-30 22:21 . 2008-01-31 22:31 <REP> d-------- C:\Program Files\Hijackthis Version Française
2008-01-30 21:16 . 2008-01-30 21:16 <REP> d-------- C:\Program Files\Sunbelt Software
2008-01-30 17:07 . 2008-01-30 17:07 <REP> d-------- C:\Program Files\CCleaner
2008-01-29 16:46 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-01-29 16:46 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-01-29 16:46 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-01-28 17:44 . 2006-03-29 15:05 32,768 --------- C:\WINDOWS\system32\IJRMF.exe
2008-01-28 16:44 . 2008-01-28 16:44 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Search Settings
2008-01-27 14:53 . 2008-01-27 14:53 <REP> d-------- C:\Documents and Settings\Invité\Application Data\Search Settings
2008-01-27 14:52 . 2004-08-03 22:59 34,688 --a------ C:\WINDOWS\system32\drivers\lbrtfdc.sys
2008-01-27 14:52 . 2004-08-03 22:59 34,688 --a--c--- C:\WINDOWS\system32\dllcache\lbrtfdc.sys
2008-01-27 14:52 . 2004-08-03 23:00 8,192 --a------ C:\WINDOWS\system32\drivers\i2omgmt.sys
2008-01-27 14:52 . 2004-08-03 23:00 8,192 --a------ C:\WINDOWS\system32\drivers\changer.sys
2008-01-27 14:52 . 2004-08-03 23:00 8,192 --a--c--- C:\WINDOWS\system32\dllcache\i2omgmt.sys
2008-01-27 14:52 . 2004-08-03 23:00 8,192 --a--c--- C:\WINDOWS\system32\dllcache\changer.sys
2008-01-21 22:09 . 2008-01-21 22:09 <REP> d-------- C:\Documents and Settings\Amélie\Application Data\MSNInstaller
2008-01-20 14:51 . 2008-01-20 14:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-01-20 12:03 . 2008-01-22 09:21 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-01-18 22:24 . 2008-01-18 22:24 <REP> d-------- C:\Program Files\Realtek AC97
2008-01-18 22:24 . 2006-11-17 05:40 18,804,736 --a------ C:\WINDOWS\system32\alsndmgr.cpl
2008-01-18 22:24 . 2006-12-08 15:20 10,528,768 --a------ C:\WINDOWS\system32\RTLCPL.exe
2008-01-18 22:24 . 2007-03-08 14:34 4,027,840 -ra------ C:\WINDOWS\system32\drivers\alcxwdm.sys
2008-01-18 22:24 . 2006-11-17 05:42 577,536 --a------ C:\WINDOWS\soundman.exe
2008-01-18 22:24 . 2006-07-31 11:19 315,392 --a------ C:\WINDOWS\alcupd.exe
2008-01-18 22:24 . 2006-07-31 11:27 217,088 --a------ C:\WINDOWS\Alcrmv.exe
2008-01-18 22:24 . 2006-10-18 02:53 147,456 --a------ C:\WINDOWS\system32\RtlCPAPI.dll
2008-01-18 22:24 . 2002-02-05 13:54 141,016 --a------ C:\WINDOWS\system32\alsndmgr.wav
2008-01-18 19:40 . 2007-06-07 12:25 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-01-18 19:40 . 2007-06-07 12:25 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-01-18 19:40 . 2007-06-07 14:02 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-01-18 19:40 . 2007-06-07 12:25 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-01-18 19:40 . 2007-06-07 12:25 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-01-18 19:40 . 2007-06-07 12:25 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-01-18 19:40 . 2007-06-07 12:25 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-01-14 18:32 . 2008-02-04 22:11 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-14 18:32 . 2008-01-14 18:32 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-14 18:02 . 2007-06-07 12:25 <REP> d--h----- C:\Documents and Settings\Invité\Voisinage réseau
2008-01-14 18:02 . 2007-06-07 12:25 <REP> d--h----- C:\Documents and Settings\Invité\Voisinage réseau
2008-01-14 18:02 . 2007-06-07 12:25 <REP> d--h----- C:\Documents and Settings\Invité\Voisinage d'impression
2008-01-14 18:02 . 2007-06-07 12:25 <REP> d--h----- C:\Documents and Settings\Invité\Voisinage d'impression
2008-01-14 18:02 . 2007-06-07 14:02 <REP> d--h----- C:\Documents and Settings\Invité\Modèles
2008-01-14 18:02 . 2007-06-07 14:02 <REP> d--h----- C:\Documents and Settings\Invité\Modèles
2008-01-14 18:02 . 2008-01-14 18:03 <REP> dr------- C:\Documents and Settings\Invité\Mes documents
2008-01-14 18:02 . 2008-01-14 18:03 <REP> dr------- C:\Documents and Settings\Invité\Mes documents
2008-01-14 18:02 . 2007-06-07 12:25 <REP> dr------- C:\Documents and Settings\Invité\Menu Démarrer
2008-01-14 18:02 . 2007-06-07 12:25 <REP> dr------- C:\Documents and Settings\Invité\Menu Démarrer
2008-01-14 18:02 . 2008-01-14 18:03 <REP> dr------- C:\Documents and Settings\Invité\Favoris
2008-01-14 18:02 . 2008-01-14 18:03 <REP> dr------- C:\Documents and Settings\Invité\Favoris
2008-01-14 18:02 . 2007-06-07 12:25 <REP> d-------- C:\Documents and Settings\Invité\Bureau
2008-01-14 18:02 . 2007-06-07 12:25 <REP> d-------- C:\Documents and Settings\Invité\Bureau
2008-01-09 15:01 . 2008-01-09 15:01 53,248 --a------ C:\WINDOWS\bdoscandel.exe
2008-01-09 15:01 . 2008-01-09 15:01 453 --a------ C:\WINDOWS\bdoscandellang.ini

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-29 22:54 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-28 17:09 --------- d-----w C:\Program Files\eMule
2008-01-27 20:50 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
2008-01-27 14:36 --------- d-----w C:\Program Files\MSN Messenger
2008-01-27 14:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-18 21:54 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-01-18 21:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-18 20:49 --------- d-----w C:\Documents and Settings\Amélie\Application Data\ford this default
2008-01-14 18:02 --------- d-----w C:\Program Files\GIMP-2.0
2008-01-14 17:58 --------- d-----w C:\Program Files\ABBYY FineReader 6.0 Sprint
2008-01-14 17:49 --------- d-----w C:\Program Files\Videora
2008-01-14 17:43 --------- d-----w C:\Program Files\BitComet
2008-01-14 17:40 --------- d-----w C:\Program Files\IncrediMail
2008-01-03 17:09 --------- d-----w C:\Program Files\Fichiers communs\AVSMedia
2008-01-03 17:08 --------- d-----w C:\Program Files\AVSMedia
2007-12-28 19:22 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-12-28 19:13 --------- d-----w C:\Program Files\Windows Live
2007-12-28 19:06 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2007-12-19 21:08 --------- d-----w C:\Documents and Settings\utilisateur\Application Data\Gestion Commerciale
2007-12-18 22:00 --------- d-----w C:\Documents and Settings\utilisateur\Application Data\Comptabilité
2007-12-16 17:32 21,920 ----a-w C:\Documents and Settings\Amélie\Application Data\GDIPFONTCACHEV1.DAT
2007-12-13 18:05 --------- d-----w C:\Program Files\Sony
2007-12-13 18:05 --------- d-----w C:\Program Files\Fichiers communs\Sony Shared
2007-12-13 18:05 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-12-13 18:01 --------- d-----w C:\Program Files\Common Files
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-01-12 13:23 3,956,736 ----a-w C:\Program Files\FoxitReader.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-10-10 20:49 7286784]
"nwiz"="nwiz.exe" [2005-10-10 20:49 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-10-10 20:49 86016]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-14 23:43 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 05:42 577536 C:\WINDOWS\soundman.exe]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

C:\Documents and Settings\utilisateur\Menu D‚marrer\Programmes\D‚marrage\
Pervasive.SQL Workgroup Engine.lnk - C:\PVSW\Bin\w3dbsmgr.exe [2004-11-26 18:31:32 106546]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 08:01:04 83360]

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 10:21]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 10:21]
R2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 10:21]
S2 NVSvcMSDTC;NVIDIA Display Driver Service NVSvcMSDTC;C:\WINDOWS\system32\alsndmgrj.exe srv []
S2 SwPrvAudioSrv;MS Software Shadow Copy Provider SwPrvAudioSrv;C:\WINDOWS\system32\alsndmgrx.exe srv []

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-01 18:52:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-04 22:34:22
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-02-04 22:36:19
ComboFix-quarantined-files.txt 2008-02-04 21:36:11
ComboFix2.txt 2008-02-04 21:15:38
ComboFix3.txt 2008-02-04 20:47:58
ComboFix4.txt 2008-02-03 00:19:51
ComboFix5.txt 2008-02-02 10:42:18
.
2008-01-10 02:02:03 --- E O F ---

analyse rapide faite :

pas de virus détecté

alors j'ai fais une analyse complete :

cas particulier une fenetre est apparue a partir de ce fichier :

C:\Documents and Settings\Amélie\Application Data\ford this default\wubykeqt.exe
infecté par Trojan.Inject.573 .... desinfecté?

j'ai fais ....... non pour tout


C.bat;C:\ComboFix[1];Probablement BATCH.Virus;Quarantaine.;
psexec.cfexe;C:\ComboFix[1];Program.PsExec.171;Quarantaine.;
Process.exe;C:\Documents and Settings\Amélie\Bureau\sdfix14h49\SDFix\apps;Tool.Prockill;Quarantaine.;
Process.exe;C:\Documents and Settings\utilisateur\Bureau\virus310108\MSNFix\MSNFix\incl;Tool.Prockill;Quarantaine.;
superfindout.dll.vir;C:\QooBox\Quarantine\C\Program Files\Helper;Trojan.BhoBot;Quarantaine.;
DefLib.sys.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.NtRootKit.312;Quarantaine.;
Process.exe;C:\SDFix\apps;Tool.Prockill;Quarantaine.;
A0033991.dll;C:\System Volume Information\_restore{7EA0A1BF-4602-48A4-A189-DBE351C23264}\RP208;Trojan.BhoBot;Quarantaine.;
A0034001.dll;C:\System Volume Information\_restore{7EA0A1BF-4602-48A4-A189-DBE351C23264}\RP208;Trojan.BhoBot;Quarantaine.;
A0034026.dll;C:\System Volume Information\_restore{7EA0A1BF-4602-48A4-A189-DBE351C23264}\RP208;Trojan.BhoBot;Quarantaine.;
A0034275.dll;C:\System Volume Information\_restore{7EA0A1BF-4602-48A4-A189-DBE351C23264}\RP217;Trojan.BhoBot;Quarantaine.;
A0038562.exe;C:\System Volume Information\_restore{7EA0A1BF-4602-48A4-A189-DBE351C23264}\RP223;Trojan.Stars.184;Quarantaine.;
A0039805.exe;C:\System Volume Information\_restore{7EA0A1BF-4602-48A4-A189-DBE351C23264}\RP225;Tool.Prockill;Quarantaine.;
A0039872.dll;C:\System Volume Information\_restore{7EA0A1BF-4602-48A4-A189-DBE351C23264}\RP226;Trojan.BhoBot;Quarantaine.;
A0039903.bat;C:\System Volume Information\_restore{7EA0A1BF-4602-48A4-A189-DBE351C23264}\RP226;Probablement BATCH.Virus;Quarantaine.;
A0039963.bat;C:\System Volume Information\_restore{7EA0A1BF-4602-48A4-A189-DBE351C23264}\RP226;Probablement BATCH.Virus;Quarantaine.;
A0040021.bat;C:\System Volume Information\_restore{7EA0A1BF-4602-48A4-A189-DBE351C23264}\RP226;Probablement BATCH.Virus;Quarantaine.;
A0040072.bat;C:\System Volume Information\_restore{7EA0A1BF-4602-48A4-A189-DBE351C23264}\RP227;Probablement BATCH.Virus;Quarantaine.;
A0040185.bat;C:\System Volume Information\_restore{7EA0A1BF-4602-48A4-A189-DBE351C23264}\RP227;Probablement BATCH.Virus;Quarantaine.;
A0040793.bat;C:\System Volume Information\_restore{7EA0A1BF-4602-48A4-A189-DBE351C23264}\RP229;Probablement BATCH.Virus;Quarantaine.;
A0040835.sys;C:\System Volume Information\_restore{7EA0A1BF-4602-48A4-A189-DBE351C23264}\RP229;Trojan.NtRootKit.312;Quarantaine.;
A0040860.bat;C:\System Volume Information\_restore{7EA0A1BF-4602-48A4-A189-DBE351C23264}\RP229;Probablement BATCH.Virus;Quarantaine.;
A0040904.exe;C:\System Volume Information\_restore{7EA0A1BF-4602-48A4-A189-DBE351C23264}\RP229;Trojan.Packed.155;Quarantaine.;
A0040922.exe;C:\System Volume Information\_restore{7EA0A1BF-4602-48A4-A189-DBE351C23264}\RP229;Trojan.Packed.155;Quarantaine.;
A0040958.exe;C:\System Volume Information\_restore{7EA0A1BF-4602-48A4-A189-DBE351C23264}\RP229;Trojan.Packed.155;Quarantaine.;
A0040975.exe;C:\System Volume Information\_restore{7EA0A1BF-4602-48A4-A189-DBE351C23264}\RP229;Trojan.Packed.155;Quarantaine.;
A0041040.exe;C:\System Volume Information\_restore{7EA0A1BF-4602-48A4-A189-DBE351C23264}\RP229;Trojan.Packed.155;Quarantaine.;
A0041079.exe;C:\System Volume Information\_restore{7EA0A1BF-4602-48A4-A189-DBE351C23264}\RP229;Trojan.Packed.155;Quarantaine.;
A0041084.exe;C:\System Volume Information\_restore{7EA0A1BF-4602-48A4-A189-DBE351C23264}\RP229;Trojan.Packed.155;Quarantaine.;
A0041197.exe;C:\System Volume Information\_restore{7EA0A1BF-4602-48A4-A189-DBE351C23264}\RP229;Trojan.Packed.155;Quarantaine.;
A0041246.exe;C:\System Volume Information\_restore{7EA0A1BF-4602-48A4-A189-DBE351C23264}\RP229;Tool.Prockill;Quarantaine.;
A0041378.bat;C:\System Volume Information\_restore{7EA0A1BF-4602-48A4-A189-DBE351C23264}\RP230;Probablement BATCH.Virus;Quarantaine.;
A0041531.bat;C:\System Volume Information\_restore{7EA0A1BF-4602-48A4-A189-DBE351C23264}\RP231;Probablement BATCH.Virus;Quarantaine.;
A0041594.bat;C:\System Volume Information\_restore{7EA0A1BF-4602-48A4-A189-DBE351C23264}\RP232;Probablement BATCH.Virus;Quarantaine.;
A0041643.bat;C:\System Volume Information\_restore{7EA0A1BF-4602-48A4-A189-DBE351C23264}\RP233;Probablement BATCH.Virus;Quarantaine.;
A0041693.exe;C:\System Volume Information\_restore{7EA0A1BF-4602-48A4-A189-DBE351C23264}\RP233;Trojan.Inject.573;Quarantaine.;

merci
a+