Virus 2fiy

re..


Merci pour ta reponse ,voilà les rapports


info.txt logfile of random's system information tool 1.05 2009-03-03 10:25:53

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Reader 8 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A80000000002}
Allah Remembrance Screen Saver-->C:\WINDOWS\system32\RemoveScr.exe Allah Remembrance
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
AutoSketch-->C:\WINDOWS\unin040c.exe -f"C:\Program Files\Autodesk\AutoSketch\DeIsL1.isu"
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
EPSON Logiciel imprimante-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /r
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Guide de référence LQ590 LQ2090-->C:\Program Files\EPSON\TPMANUAL\LQ590 LQ2090\REF_G\DOCUNINS.EXE
HijackThis 2.0.2-->"I:\MAMOUD (H)\monjack\HijackThis.exe" /uninstall
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Encarta 2007 - Collection-->MsiExec.exe /I{07180000-E9B4-4DF6-A845-CAAFD093E477}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{CC1DB186-550F-3CFE-A2A9-EBA5E5A34BC1}
Mjuice Components-->"C:\Program Files\MJuice Media Player\MJUninst.exe"
MSXML 6.0 Parser-->MsiExec.exe /I{AEB9948B-4FF2-47C9-990E-47014492A0FE}
PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe"
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Recuva (remove only)-->"E:\Program Files\Recuva\uninst.exe"
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sony Ericsson PC Suite 1.20.173-->MsiExec.exe /I{C5ADA65A-7828-4D85-B071-ECC52B51F794}
Systran Professional Premium 4.0-->C:\WINDOWS\unvise32.exe C:\Program Files\Systran\4_0\Premium\uninstal.log
Telecatalog 2005-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{37C0FFFE-BD5A-4368-8C08-44041D6E83B6}\setup.exe" Add_Remove prog
Total Video Converter 3.02-->"C:\Program Files\Total Video Converter\unins000.exe"
VIA Platform Device Manager-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
VIA Rhine-Family Fast Ethernet Adapter-->Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
VIA/S3G Display Driver 6.14.10.0326-->C:\PROGRA~1\S3\UChromeP\s3minset.exe /u UChromeP.uns
Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

=====HijackThis Backups=====

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [E07FDXRC_4464437] "" -m
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O16 - DPF: {38D6D77C-5EC1-4A4A-AFEB-85FE780CD61A} (FontDownloaderIE Class) - http://www.qurancomplex.org/downloads/FontDown.cab
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKCU\..\Run: [E07FDXRC_13771750] "C:\Program Files\Microsoft Encarta\Microsoft Encarta 2007 - Collection\EDICT.EXE" -m
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
R3 - Default URLSearchHook is missing

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: Avira AntiVir PersonalEdition Classic (outdated)

System event log

Computer Name: RI-8FE4E3DEDF50
Event Code: 7036
Message: Le service Service de la passerelle de la couche Application est entré dans l'état : en cours d'exécution.

Record Number: 5
Source Name: Service Control Manager
Time Written: 20081214134339.000000+060
Event Type: information
User:

Computer Name: RI-8FE4E3DEDF50
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Service de la passerelle de la couche Application.

Record Number: 4
Source Name: Service Control Manager
Time Written: 20081214134339.000000+060
Event Type: information
User: AUTORITE NT\SYSTEM

Computer Name: RI-8FE4E3DEDF50
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service avast! Mail Scanner.

Record Number: 3
Source Name: Service Control Manager
Time Written: 20081214134339.000000+060
Event Type: information
User: AUTORITE NT\SYSTEM

Computer Name: RI-8FE4E3DEDF50
Event Code: 6005
Message: Le service d'Enregistrement d'événement a démarré.

Record Number: 2
Source Name: EventLog
Time Written: 20081214134334.000000+060
Event Type: information
User:

Computer Name: RI-8FE4E3DEDF50
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 2 Multiprocessor Free.

Record Number: 1
Source Name: EventLog
Time Written: 20081214134334.000000+060
Event Type: information
User:

Application event log

Computer Name: RI-8FE4E3DEDF50
Event Code: 1517
Message: Windows a sauvegardé le Registre utilisateur RI-8FE4E3DEDF50\rza alors qu'une application ou un service utilisait toujours le Registre pendant la fermeture de la session. La mémoire utilisée par le Registre de l'utilisateur n'a pas été libérée. le Registre sera déchargé lorsqu'il ne sera plus utilisé.


Cela est souvent causé par des services s'exécutant en tant que compte d'utilisateur, essayez de configurer les services pour s'exécuter dans le compte service réseau ou service local.

Record Number: 1261
Source Name: Userenv
Time Written: 20080607154247.000000+120
Event Type: warning
User: AUTORITE NT\SYSTEM

Computer Name: RI-8FE4E3DEDF50
Event Code: 5000
Message: EventType clr20r3, P1 encarta.exe, P2 16.0.4026.610, P3 448a7867, P4 mscorlib, P5 2.0.0.0, P6 4333ab80, P7 180, P8 190, P9 system.io.filenotfoundexception, P10 NIL.

Record Number: 1260
Source Name: .NET Runtime 2.0 Error Reporting
Time Written: 20080607150552.000000+120
Event Type: error
User:

Computer Name: RI-8FE4E3DEDF50
Event Code: 5000
Message: EventType clr20r3, P1 encarta.exe, P2 16.0.4026.610, P3 448a7867, P4 mscorlib, P5 2.0.0.0, P6 4333ab80, P7 180, P8 190, P9 system.io.filenotfoundexception, P10 NIL.

Record Number: 1259
Source Name: .NET Runtime 2.0 Error Reporting
Time Written: 20080607135529.000000+120
Event Type: error
User:

Computer Name: RI-8FE4E3DEDF50
Event Code: 5000
Message: EventType clr20r3, P1 encarta.exe, P2 16.0.4026.610, P3 448a7867, P4 mscorlib, P5 2.0.0.0, P6 4333ab80, P7 180, P8 190, P9 system.io.filenotfoundexception, P10 NIL.

Record Number: 1258
Source Name: .NET Runtime 2.0 Error Reporting
Time Written: 20080607111050.000000+120
Event Type: error
User:

Computer Name: RI-8FE4E3DEDF50
Event Code: 101
Message: wuauclt (2852) Le moteur de base de données est arrêté.

Record Number: 1257
Source Name: ESENT
Time Written: 20080607082020.000000+120
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Program Files\Fichiers communs\Teleca Shared
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 6 Stepping 5, GenuineIntel
"PROCESSOR_REVISION"=0605
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

salut ,


je ne peux pas faire ça actuellement , par ce que c'est l'ordi de mon bureau qui ya ce problème ,


merci ,

re..


wé j'utilise ma clé usb , d'ailleurs j'ai telechargé hier des fichiers et je les enregistré dans mon pc de domicile,

donc c'est possible qu'il est infecté ??


qu'est ce tu me conseil à faire ?

MERCI


@+++

re..

voilà les deux rapports rsit ,



Logfile of random's system information tool 1.05 (written by random/random)
Run by Brahim at 2009-03-11 20:43:36
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 11 GB (54%) free of 20 GB
Total RAM: 447 MB (34% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:43:38, on 11/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Athan\Athan.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
E:\Program Files\Microsoft Encarta\Microsoft Encarta 2007 - Collection\EDICT.EXE
E:\prhyper.exe
C:\Program Files\Huawei Technologies\Huawei SmartAX MT810\dslmon.exe
C:\Documents and Settings\Brahim\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Brahim.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60341
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60341
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo Messengger] C:\WINDOWS\system32\winfiles.exe
O4 - HKCU\..\Run: [E07FDXRC_5940625] "E:\Program Files\Microsoft Encarta\Microsoft Encarta 2007 - Collection\EDICT.EXE" -m
O4 - HKCU\..\Run: [Le Petit Robert Hyperappel] E:\prhyper.exe
O4 - HKUS\S-1-5-21-329068152-573735546-299502267-1003\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Mamoud')
O4 - HKUS\S-1-5-21-329068152-573735546-299502267-1003\..\Run: [Le Petit Robert Hyperappel] E:\prhyper.exe (User 'Mamoud')
O4 - HKUS\S-1-5-21-329068152-573735546-299502267-1003\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Mamoud')
O4 - HKUS\S-1-5-21-329068152-573735546-299502267-1003\..\Run: [filehippo.com] "C:\Program Files\filehippo.com\UpdateChecker.exe" /background (User 'Mamoud')
O4 - HKUS\S-1-5-21-329068152-573735546-299502267-1003\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Mamoud')
O4 - HKUS\S-1-5-21-329068152-573735546-299502267-1003\..\Run: [E07FDXRC_28209203] "E:\Program Files\Microsoft Encarta\Microsoft Encarta 2007 - Collection\EDICT.EXE" -m (User 'Mamoud')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - S-1-5-21-329068152-573735546-299502267-1003 Startup: SparkAngels.lnk = ? (User 'Mamoud')
O4 - S-1-5-21-329068152-573735546-299502267-1003 User Startup: SparkAngels.lnk = ? (User 'Mamoud')
O4 - S-1-5-18 Startup: SparkAngels.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: SparkAngels.lnk = ? (User 'Default user')
O4 - Global Startup: DSLMON.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

bonjour


d'acc merci

re


ce travail c'est pour le pc du taff ??

re

tous les lien que tu m'as donne ne marchent pas , je les juste essayais

@+++

re


ok , je dois telecharger tout ça dans ma cle usb par ce que j'ai pas d'internet au bureau


@+++

bonjour ;


voilà le rapport de combofix ,


ComboFix 09-03-10.03 - rza 2009-03-14 9:21:02.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1256.966.1036.18.959.635 [GMT 1:00]
Running from: c:\documents and settings\rza\Bureau\ComboFix.exe
Command switches used :: c:\documents and settings\rza\Bureau\CFScript.txt
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Outdated)
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\2fiy.bat
C:\RECYCLER
C:\TB.txt
c:\windows\system32\nmdfgds0.dll
c:\windows\system32\olhrwef.exe
c:\windows\system32\winfiles.exe
H:\2fiy.bat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\2fiy.bat
C:\autorun.inf
c:\documents and settings\mamoud\Application Data\ezpinst.log
c:\documents and settings\rza\Application Data\ezpinst.log
c:\documents and settings\rza\Mes documents\mam09\ali\Ramzi Soft\_install.exe
c:\windows\system32\nmdfgds0.dll
c:\windows\system32\olhrwef.exe
D:\2fiy.bat
D:\Autorun.inf
E:\2fiy.bat
E:\Autorun.inf
E:\install.exe
F:\2fiy.bat
F:\Autorun.inf
H:\2fiy.bat
H:\autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-02-14 to 2009-03-14 )))))))))))))))))))))))))))))))
.

2009-03-11 11:00 . 2009-03-11 11:00 <REP> d-------- c:\program files\trend micro
2009-03-10 08:50 . 2009-03-10 08:50 <REP> d-------- c:\program files\Java
2009-03-10 08:50 . 2009-03-10 08:50 410,984 --a------ c:\windows\system32\deploytk.dll
2009-03-10 08:50 . 2009-03-10 08:50 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-03-07 10:23 . 2009-03-07 10:23 <REP> d-------- c:\documents and settings\rza\Application Data\Thinstall
2009-03-07 10:22 . 2009-03-08 08:08 <REP> d-------- c:\windows\SxsCaPendDel
2009-03-07 08:31 . 2009-03-07 08:31 <REP> d-------- C:\dalel v1
2009-03-03 10:25 . 2009-03-14 09:07 <REP> d-------- C:\rsit
2009-02-17 10:54 . 2009-02-28 09:47 <REP> d-------- c:\windows\ERUNT
2009-02-17 10:54 . 2009-02-17 10:59 <REP> d-------- C:\Backups
2009-02-16 08:43 . 2009-02-16 09:33 <REP> d---s---- c:\documents and settings\Administrateur\Historique
2009-02-16 08:43 . 2007-05-23 01:12 <REP> d-------- c:\documents and settings\Administrateur\Favoris
2009-02-16 08:43 . 2007-05-23 01:12 <REP> d-------- c:\documents and settings\Administrateur\Bureau
2009-02-16 08:43 . 2009-02-16 08:43 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Malwarebytes
2009-02-16 08:42 . 2007-05-23 01:12 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage réseau
2009-02-16 08:42 . 2007-05-23 01:12 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage d'impression
2009-02-16 08:42 . 2007-05-22 23:18 <REP> d--h----- c:\documents and settings\Administrateur\Modèles
2009-02-16 08:42 . 2009-02-16 09:33 <REP> d-------- c:\documents and settings\Administrateur\Mes documents
2009-02-16 08:42 . 2007-05-23 01:12 <REP> dr------- c:\documents and settings\Administrateur\Menu Démarrer
2009-02-16 08:42 . 2009-02-16 08:43 <REP> d-------- c:\documents and settings\Administrateur
2009-02-16 08:40 . 2009-02-16 08:40 <REP> d-------- c:\documents and settings\rza\Application Data\Malwarebytes
2009-02-16 08:34 . 2009-02-16 08:40 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-16 08:34 . 2009-02-16 08:34 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-16 08:34 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-16 08:34 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-10 07:51 --------- d-----w c:\program files\Yahoo!
2009-03-07 09:22 --------- d-----w c:\program files\Fichiers communs\Adobe
2009-02-28 08:17 --------- d-----w c:\program files\CCleaner
2009-01-31 13:40 --------- d-----w c:\program files\Elbashaar
.

------- Sigcheck -------

2004-08-18 08:09 359040 7b11118b078b88f87183fe69eda43137 c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"E07FDXRC_1355250"="c:\program files\Microsoft Encarta\Microsoft Encarta 2007 - Collection\EDICT.EXE" [2006-06-13 351000]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"WinampAgent"="c:\program files\Winamp\Winampa.exe" [2001-04-30 10752]
"Athan"="c:\program files\Athan\Athan.exe" [2005-09-12 937984]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-10 148888]
"VTTimer"="VTTimer.exe" [2005-03-07 c:\windows\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2006-07-10 c:\windows\system32\VTTrayp.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-12-19 c:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\rza\Menu D‚marrer\Programmes\D‚marrage\
SunClock5.lnk - c:\documents and settings\rza\Application Data\Map Maker\MMManager.exe [2008-01-20 95744]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
EPSON Status Monitor 3 Environment Check 2.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2008-01-20 131584]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Documents and Settings\\mamoud\\Local Settings\\Application Data\\Skype\\Phone\\Skype.exe"=

R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2007-05-23 17920]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-cdoosoft - c:\windows\system32\olhrwef.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.elebda3.net/
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-14 09:22:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-03-14 9:23:01
ComboFix-quarantined-files.txt 2009-03-14 08:22:59

Pre-Run: 15,030,415,360 octets libres
Post-Run: 15,031,132,160 octets libres

132


@+++