Salut ,


j'ai oublier de dire qu'il y a un tiret en haut de l'ecran à gauche qui clignote ,


@+++

Salut,


voilà l'histoire comment c'est passé pour mon pc ,

Ce matin à la rentre de mon bureau , j'ai allumer le pc , il a démarrer comme d'habitude normal bien , ensuite j'ai placé une clé usb d'un collègue , avant de l'ouvrir je l'ai analysé avec RAV il a détecte des virus et il les a supprimes , ensuite j'ai arrêter l'analyse et j'ai ouvert la cle usb , hop déja le fichier qu'on voulait ouvrir il a mit du temps pour s'ouvrir , enfin j'ai fermer tout et j'ai enlevé la cle usb et j'ai redémarrer le pc là qui commença le problème , après le bip il s'étteind et un tiret en haut de l'écran clignote ,

Maintenant je veux bien que tu m'aide pour régler ce problème et j'aimerai éviter le formatage j'ai des fichiers très important dedans , et je te remercie


non je ne peux pas démarrer en mode sans échec

@+++

Re..


non je ne peux pas acceder au bios par ce que juste au première lignes de bios il s'éteint

oui j'ai le CD d'installation , d'acc je vais essayé de faire une réparation de windows ,

le fichier qu'on a telecharger c'est l'autosketch un logiciel de dessin

@+++

Re..




ComboFix 09-03-29.04 - rza 2009-03-30 14:31:05.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.959.624 [GMT 2:00]
Lancé depuis: c:\documents and settings\rza\Bureau\moi.exe
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Outdated)
* Un nouveau point de restauration a été créé

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\em8tqm.cmd
c:\windows\system32\nmdfgds0.dll
c:\windows\system32\olhrwef.exe
D:\em8tqm.cmd
E:\em8tqm.cmd
F:\em8tqm.cmd
J:\em8tqm.cmd
J:\log.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-02-28 au 2009-03-30 ))))))))))))))))))))))))))))))))))))
.

2009-03-30 13:09 . 2009-03-30 13:09 <REP> d--hs---- c:\windows\system32\f
2009-03-30 13:09 . 2009-03-30 13:09 <REP> d--hs---- c:\windows\system32\bycool1
2009-03-30 13:09 . 2009-03-30 14:24 <REP> d--hs---- c:\windows\system32\bycool
2009-03-30 09:41 . 2009-03-30 09:41 <REP> d-------- C:\rsit
2009-03-29 15:05 . 2002-09-07 02:00 1,875,968 --a--c--- c:\windows\system32\dllcache\msir3jp.lex
2009-03-29 15:04 . 2002-09-07 02:00 13,463,552 --a--c--- c:\windows\system32\dllcache\hwxjpn.dll
2009-03-29 15:03 . 2004-08-04 06:54 221,184 --a------ c:\windows\system32\wmpns.dll
2009-03-29 15:02 . 2009-03-29 15:02 749 -rah----- c:\windows\WindowsShell.Manifest
2009-03-29 15:02 . 2009-03-29 15:02 749 -rah----- c:\windows\system32\wuaucpl.cpl.manifest
2009-03-29 15:02 . 2009-03-29 15:02 749 -rah----- c:\windows\system32\sapi.cpl.manifest
2009-03-29 15:02 . 2009-03-29 15:02 749 -rah----- c:\windows\system32\nwc.cpl.manifest
2009-03-29 15:02 . 2009-03-29 15:02 749 -rah----- c:\windows\system32\ncpa.cpl.manifest
2009-03-29 15:02 . 2009-03-29 15:02 488 -rah----- c:\windows\system32\logonui.exe.manifest
2009-03-28 08:59 . 2009-03-29 14:58 <REP> d-------- c:\program files\Folder Lock
2009-03-28 08:59 . 2002-12-25 10:44 380,928 --a------ c:\windows\system32\vaultskn.ocx
2009-03-28 08:59 . 2005-04-11 17:40 73,728 --a------ c:\windows\system32\FLKill.exe
2009-03-28 08:59 . 1999-04-23 23:22 20,992 --a------ c:\windows\system32\hhopen.ocx
2009-03-28 08:59 . 2009-03-29 09:00 256 --a------ C:\sccfg.sys
2009-03-28 08:57 . 2009-03-28 08:59 <REP> d-------- c:\program files\Google
2009-03-24 16:11 . 2009-03-24 16:11 <REP> d---s---- c:\documents and settings\NetworkService\Historique
2009-03-23 16:09 . 1996-01-24 12:27 244,496 --a------ c:\windows\system32\vbar2232.dll
2009-03-23 16:09 . 1999-08-16 23:22 240,944 --a------ c:\windows\system32\Riched.dll
2009-03-23 16:09 . 1998-06-24 01:00 198,456 --a------ c:\windows\system32\Mci32.ocx
2009-03-23 16:09 . 1998-06-24 01:00 164,144 --a------ c:\windows\system32\Comct232.ocx
2009-03-23 16:09 . 1998-06-24 01:00 137,000 --a------ c:\windows\system32\Msmapi32.ocx
2009-03-23 16:09 . 1998-06-18 01:00 89,360 --a------ c:\windows\system32\Vb5db.dll
2009-03-23 16:09 . 1997-09-17 18:23 29,696 --a------ c:\windows\system32\Vb5stkit.dll
2009-03-23 16:09 . 1998-05-07 01:00 111 --a------ c:\windows\system32\Richtext.srg
2009-03-23 16:08 . 2009-03-23 16:09 <REP> d-------- c:\windows\SPEECH
2009-03-23 16:08 . 2009-03-23 16:08 <REP> d-------- c:\windows\lhsp
2009-03-23 16:08 . 1998-06-24 01:00 525,352 --a------ c:\windows\system32\DBGRID32.OCX
2009-03-23 16:08 . 2004-11-07 05:28 389,120 --a------ c:\windows\system32\actskn43.ocx
2009-03-23 16:06 . 2009-03-23 16:08 <REP> d-------- c:\program files\ANHAR EL ARAB
2009-03-14 14:33 . 2009-03-25 09:34 157 --a------ C:\home.htm
2009-03-11 12:00 . 2009-03-11 12:00 <REP> d-------- c:\program files\trend micro
2009-03-10 09:50 . 2009-03-10 09:50 <REP> d-------- c:\program files\Java
2009-03-10 09:50 . 2009-03-10 09:50 410,984 --a------ c:\windows\system32\deploytk.dll
2009-03-10 09:50 . 2009-03-10 09:50 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-03-07 11:23 . 2009-03-07 11:23 <REP> d-------- c:\documents and settings\rza\Application Data\Thinstall
2009-03-07 11:22 . 2009-03-08 09:08 <REP> d-------- c:\windows\SxsCaPendDel
2009-03-07 09:31 . 2009-03-07 09:31 <REP> d-------- C:\dalel v1
2009-02-17 11:54 . 2009-02-28 10:47 <REP> d-------- c:\windows\ERUNT
2009-02-17 11:54 . 2009-02-17 11:59 <REP> d-------- C:\Backups
2009-02-16 09:43 . 2009-02-16 10:33 <REP> d---s---- c:\documents and settings\Administrateur\Historique
2009-02-16 09:43 . 2007-05-23 02:12 <REP> d-------- c:\documents and settings\Administrateur\Favoris
2009-02-16 09:43 . 2007-05-23 02:12 <REP> d-------- c:\documents and settings\Administrateur\Bureau
2009-02-16 09:43 . 2009-02-16 09:43 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Malwarebytes
2009-02-16 09:42 . 2007-05-23 02:12 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage réseau
2009-02-16 09:42 . 2007-05-23 02:12 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage d'impression
2009-02-16 09:42 . 2007-05-23 00:18 <REP> d--h----- c:\documents and settings\Administrateur\Modèles
2009-02-16 09:42 . 2009-02-16 10:33 <REP> d-------- c:\documents and settings\Administrateur\Mes documents
2009-02-16 09:42 . 2007-05-23 02:12 <REP> dr------- c:\documents and settings\Administrateur\Menu Démarrer
2009-02-16 09:42 . 2009-02-16 09:43 <REP> d-------- c:\documents and settings\Administrateur
2009-02-16 09:40 . 2009-02-16 09:40 <REP> d-------- c:\documents and settings\rza\Application Data\Malwarebytes
2009-02-16 09:34 . 2009-02-16 09:40 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-16 09:34 . 2009-02-16 09:34 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-16 09:34 . 2008-12-03 20:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-16 09:34 . 2008-12-03 20:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-24 14:15 94,208 ----a-w c:\windows\system32\ScrUnZip.dll
2009-03-23 08:20 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-10 07:51 --------- d-----w c:\program files\Yahoo!
2009-03-07 09:22 --------- d-----w c:\program files\Fichiers communs\Adobe
2009-02-28 08:17 --------- d-----w c:\program files\CCleaner
2009-01-31 13:40 --------- d-----w c:\program files\Elbashaar
2004-08-03 22:54 168,509 --sha-r c:\windows\system32\fraai.dll
2008-08-13 11:58 1,393,777 --sha-r c:\windows\system32\bycool1\windo.exe
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"E07FDXRC_1355250"="c:\program files\Microsoft Encarta\Microsoft Encarta 2007 - Collection\EDICT.EXE" [2006-06-13 351000]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"WinampAgent"="c:\program files\Winamp\Winampa.exe" [2001-04-30 10752]
"Athan"="c:\program files\Athan\Athan.exe" [2005-09-12 937984]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-10 148888]
"DRIVESYS1"="c:\windows\System32\bycool1\windo.exe" [2008-08-13 1393777]
"DRIVESYS"="c:\windows\System32\bycool\winacces.exe" [2008-08-13 1133622]
"VTTimer"="VTTimer.exe" [2005-03-07 c:\windows\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2006-07-10 c:\windows\system32\VTTrayp.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-12-19 c:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]

c:\documents and settings\rza\Menu D‚marrer\Programmes\D‚marrage\
SunClock5.lnk - c:\documents and settings\rza\Application Data\Map Maker\MMManager.exe [2008-01-20 95744]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
EPSON Status Monitor 3 Environment Check 2.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2008-01-20 131584]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Documents and Settings\\mamoud\\Local Settings\\Application Data\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3970:TCP"= 3970:TCP:locar

R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2007-05-23 17920]
S2 angzxq;suduc;c:\windows\system32\svchost.exe -k netsvcs [2004-08-04 14336]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1e45f991-ffec-11dd-aa26-00192129faf6}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL log.exe
\Shell\Ouvrir\command - I:\log.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9b367b8a-c36c-11dd-a9d2-00192129faf6}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL log.exe
\Shell\Ouvrir\command - H:\log.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb784f20-1922-11de-aa57-00192129faf6}]
\Shell\AutoRun\command - H:\em8tqm.cmd
\Shell\open\Command - H:\em8tqm.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f0cfe4fc-0ebb-11dd-a8eb-00192129faf6}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL log.exe
\Shell\Ouvrir\command - H:\log.exe
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-cdoosoft - c:\windows\system32\olhrwef.exe


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.elebda3.net/
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-30 14:36:15
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\angzxq]
"ServiceDll"="c:\windows\system32\fraai.dll"
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Fichiers communs\EPSON\EBAPI\eEBSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wscntfy.exe
c:\program files\Fichiers communs\Teleca Shared\CapabilityManager.exe
c:\windows\system32\bycool\myapp.exe
c:\program files\Fichiers communs\Teleca Shared\Generic.exe
c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
.
**************************************************************************
.
Heure de fin: 2009-03-30 14:37:25 - La machine a redémarré [rza]
ComboFix-quarantined-files.txt 2009-03-30 12:37:23

Avant-CF: 14 865 260 544 octets libres
Après-CF: 14,878,662,656 octets libres

184



merci ,

@+++



ps: la Console de récupération Microsoft Windows n'est pas installée et sa demmande une connexion internet donc se n'est pas possible de l'installer

Re


d'acc pour demain ,


@+++

Bonjour,


voilà le rapport de comboFix


ComboFix 09-03-29.04 - rza 2009-03-31 11:30:34.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.959.624 [GMT 2:00]
Lancé depuis: c:\documents and settings\rza\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\rza\Bureau\CFScript.txt
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Outdated)
* Un nouveau point de restauration a été créé

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

FILE ::
C:\sccfg.sys
c:\windows\system32\actskn43.ocx
c:\windows\system32\bycool
c:\windows\system32\bycool1
c:\windows\system32\f
c:\windows\system32\FLKill.exe
c:\windows\system32\vaultskn.ocx
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\sccfg.sys
c:\windows\system32\actskn43.ocx
c:\windows\system32\FLKill.exe
c:\windows\system32\vaultskn.ocx
J:\log.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-02-28 au 2009-03-31 ))))))))))))))))))))))))))))))))))))
.

2009-03-30 14:29 . 2009-03-30 14:37 <REP> d-------- C:\moi
2009-03-30 13:09 . 2009-03-30 13:09 <REP> d--hs---- c:\windows\system32\f
2009-03-30 13:09 . 2009-03-30 13:09 <REP> d--hs---- c:\windows\system32\bycool1
2009-03-30 13:09 . 2009-03-30 14:24 <REP> d--hs---- c:\windows\system32\bycool
2009-03-30 09:41 . 2009-03-30 09:41 <REP> d-------- C:\rsit
2009-03-29 15:05 . 2002-09-07 02:00 1,875,968 --a--c--- c:\windows\system32\dllcache\msir3jp.lex
2009-03-29 15:04 . 2002-09-07 02:00 13,463,552 --a--c--- c:\windows\system32\dllcache\hwxjpn.dll
2009-03-29 15:03 . 2004-08-04 06:54 221,184 --a------ c:\windows\system32\wmpns.dll
2009-03-29 15:02 . 2009-03-29 15:02 749 -rah----- c:\windows\WindowsShell.Manifest
2009-03-29 15:02 . 2009-03-29 15:02 749 -rah----- c:\windows\system32\wuaucpl.cpl.manifest
2009-03-29 15:02 . 2009-03-29 15:02 749 -rah----- c:\windows\system32\sapi.cpl.manifest
2009-03-29 15:02 . 2009-03-29 15:02 749 -rah----- c:\windows\system32\nwc.cpl.manifest
2009-03-29 15:02 . 2009-03-29 15:02 749 -rah----- c:\windows\system32\ncpa.cpl.manifest
2009-03-29 15:02 . 2009-03-29 15:02 488 -rah----- c:\windows\system32\logonui.exe.manifest
2009-03-28 08:59 . 2009-03-29 14:58 <REP> d-------- c:\program files\Folder Lock
2009-03-28 08:59 . 1999-04-23 23:22 20,992 --a------ c:\windows\system32\hhopen.ocx
2009-03-28 08:57 . 2009-03-28 08:59 <REP> d-------- c:\program files\Google
2009-03-24 16:11 . 2009-03-24 16:11 <REP> d---s---- c:\documents and settings\NetworkService\Historique
2009-03-23 16:09 . 1996-01-24 12:27 244,496 --a------ c:\windows\system32\vbar2232.dll
2009-03-23 16:09 . 1999-08-16 23:22 240,944 --a------ c:\windows\system32\Riched.dll
2009-03-23 16:09 . 1998-06-24 01:00 198,456 --a------ c:\windows\system32\Mci32.ocx
2009-03-23 16:09 . 1998-06-24 01:00 164,144 --a------ c:\windows\system32\Comct232.ocx
2009-03-23 16:09 . 1998-06-24 01:00 137,000 --a------ c:\windows\system32\Msmapi32.ocx
2009-03-23 16:09 . 1998-06-18 01:00 89,360 --a------ c:\windows\system32\Vb5db.dll
2009-03-23 16:09 . 1997-09-17 18:23 29,696 --a------ c:\windows\system32\Vb5stkit.dll
2009-03-23 16:09 . 1998-05-07 01:00 111 --a------ c:\windows\system32\Richtext.srg
2009-03-23 16:08 . 2009-03-23 16:09 <REP> d-------- c:\windows\SPEECH
2009-03-23 16:08 . 2009-03-23 16:08 <REP> d-------- c:\windows\lhsp
2009-03-23 16:08 . 1998-06-24 01:00 525,352 --a------ c:\windows\system32\DBGRID32.OCX
2009-03-23 16:06 . 2009-03-23 16:08 <REP> d-------- c:\program files\ANHAR EL ARAB
2009-03-14 14:33 . 2009-03-25 09:34 157 --a------ C:\home.htm
2009-03-11 12:00 . 2009-03-11 12:00 <REP> d-------- c:\program files\trend micro
2009-03-10 09:50 . 2009-03-10 09:50 <REP> d-------- c:\program files\Java
2009-03-10 09:50 . 2009-03-10 09:50 410,984 --a------ c:\windows\system32\deploytk.dll
2009-03-10 09:50 . 2009-03-10 09:50 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-03-07 11:23 . 2009-03-07 11:23 <REP> d-------- c:\documents and settings\rza\Application Data\Thinstall
2009-03-07 11:22 . 2009-03-08 09:08 <REP> d-------- c:\windows\SxsCaPendDel
2009-03-07 09:31 . 2009-03-07 09:31 <REP> d-------- C:\dalel v1
2009-02-17 11:54 . 2009-02-28 10:47 <REP> d-------- c:\windows\ERUNT
2009-02-17 11:54 . 2009-02-17 11:59 <REP> d-------- C:\Backups
2009-02-16 09:43 . 2009-02-16 10:33 <REP> d---s---- c:\documents and settings\Administrateur\Historique
2009-02-16 09:43 . 2007-05-23 02:12 <REP> d-------- c:\documents and settings\Administrateur\Favoris
2009-02-16 09:43 . 2007-05-23 02:12 <REP> d-------- c:\documents and settings\Administrateur\Bureau
2009-02-16 09:43 . 2009-02-16 09:43 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Malwarebytes
2009-02-16 09:42 . 2007-05-23 02:12 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage réseau
2009-02-16 09:42 . 2007-05-23 02:12 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage d'impression
2009-02-16 09:42 . 2007-05-23 00:18 <REP> d--h----- c:\documents and settings\Administrateur\Modèles
2009-02-16 09:42 . 2009-02-16 10:33 <REP> d-------- c:\documents and settings\Administrateur\Mes documents
2009-02-16 09:42 . 2007-05-23 02:12 <REP> dr------- c:\documents and settings\Administrateur\Menu Démarrer
2009-02-16 09:42 . 2009-02-16 09:43 <REP> d-------- c:\documents and settings\Administrateur
2009-02-16 09:40 . 2009-02-16 09:40 <REP> d-------- c:\documents and settings\rza\Application Data\Malwarebytes
2009-02-16 09:34 . 2009-02-16 09:40 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-16 09:34 . 2009-02-16 09:34 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-16 09:34 . 2008-12-03 20:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-16 09:34 . 2008-12-03 20:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-24 14:15 94,208 ----a-w c:\windows\system32\ScrUnZip.dll
2009-03-23 08:20 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-10 07:51 --------- d-----w c:\program files\Yahoo!
2009-03-07 09:22 --------- d-----w c:\program files\Fichiers communs\Adobe
2009-02-28 08:17 --------- d-----w c:\program files\CCleaner
2009-01-31 13:40 --------- d-----w c:\program files\Elbashaar
2004-08-03 22:54 168,509 --sha-r c:\windows\system32\fraai.dll
2008-08-13 11:58 1,393,777 --sha-r c:\windows\system32\bycool1\windo.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-03-30_14.36.49.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-31 09:34:43 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_688.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"E07FDXRC_1355250"="c:\program files\Microsoft Encarta\Microsoft Encarta 2007 - Collection\EDICT.EXE" [2006-06-13 351000]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"WinampAgent"="c:\program files\Winamp\Winampa.exe" [2001-04-30 10752]
"Athan"="c:\program files\Athan\Athan.exe" [2005-09-12 937984]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-10 148888]
"DRIVESYS1"="c:\windows\System32\bycool1\windo.exe" [2008-08-13 1393777]
"DRIVESYS"="c:\windows\System32\bycool\winacces.exe" [2008-08-13 1133622]
"VTTimer"="VTTimer.exe" [2005-03-07 c:\windows\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2006-07-10 c:\windows\system32\VTTrayp.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-12-19 c:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]

c:\documents and settings\rza\Menu D‚marrer\Programmes\D‚marrage\
SunClock5.lnk - c:\documents and settings\rza\Application Data\Map Maker\MMManager.exe [2008-01-20 95744]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
EPSON Status Monitor 3 Environment Check 2.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2008-01-20 131584]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Documents and Settings\\mamoud\\Local Settings\\Application Data\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3970:TCP"= 3970:TCP:locar

R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2007-05-23 17920]
S2 angzxq;suduc;c:\windows\system32\svchost.exe -k netsvcs [2004-08-04 14336]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1e45f991-ffec-11dd-aa26-00192129faf6}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL log.exe
\Shell\Ouvrir\command - I:\log.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9b367b8a-c36c-11dd-a9d2-00192129faf6}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL log.exe
\Shell\Ouvrir\command - H:\log.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb784f20-1922-11de-aa57-00192129faf6}]
\Shell\AutoRun\command - H:\em8tqm.cmd
\Shell\open\Command - H:\em8tqm.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f0cfe4fc-0ebb-11dd-a8eb-00192129faf6}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL log.exe
\Shell\Ouvrir\command - H:\log.exe
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.elebda3.net/
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-31 11:35:35
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\angzxq]
"ServiceDll"="c:\windows\system32\fraai.dll"
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Fichiers communs\EPSON\EBAPI\eEBSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wscntfy.exe
c:\program files\Fichiers communs\Teleca Shared\CapabilityManager.exe
c:\windows\system32\bycool\myapp.exe
c:\program files\Fichiers communs\Teleca Shared\Generic.exe
c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
.
**************************************************************************
.
Heure de fin: 2009-03-31 11:36:40 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-03-31 09:36:37
ComboFix2.txt 2009-03-30 12:37:26

Avant-CF: 14 863 392 768 octets libres
Après-CF: 14,848,196,608 octets libres

190


@+++

Re..




========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
c:\windows\system32\f\d\e\d\h\rza_31_03_2009_11_35_03 moved successfully.
c:\windows\system32\f\d\e\d\h\rza_31_03_2009_07_51_41 moved successfully.
c:\windows\system32\f\d\e\d\h\rza_30_03_2009_14_35_51 moved successfully.
c:\windows\system32\f\d\e\d\h\rza_30_03_2009_13_09_06 moved successfully.
c:\windows\system32\f\d\e\d\h moved successfully.
c:\windows\system32\f\d\e\d moved successfully.
c:\windows\system32\f\d\e moved successfully.
c:\windows\system32\f\d moved successfully.
c:\windows\system32\f moved successfully.
c:\windows\system32\bycool1 moved successfully.
Folder move failed. c:\windows\system32\bycool scheduled to be moved on reboot.
File/Folder I:\log.exe not found.
File/Folder H:\log.exe not found.
File/Folder H:\em8tqm.cmd not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion­\Run\\Adobe Reader Speed Launcher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion­\Run\\SunJavaUpdateSched deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion­\Run\\DRIVESYS1 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion­\Run\\DRIVESYS deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion­\Run\\RTHDCPL deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\­explorer\mountpoints2\{1e45f991-ffec-11dd-aa26-00192129faf6}­\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\­explorer\mountpoints2\{9b367b8a-c36c-11dd-a9d2-00192129faf6}­\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\­explorer\mountpoints2\{bb784f20-1922-11de-aa57-00192129faf6}­\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\­explorer\mountpoints2\{f0cfe4fc-0ebb-11dd-a8eb-00192129faf6}­\\ deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\rza\LOCALS~1\Temp\~DFF211.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_688.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 03312009_121442

Files moved on Reboot...
c:\windows\system32\bycool moved successfully.
C:\DOCUME~1\rza\LOCALS~1\Temp\~DFF211.tmp moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_688.dat not found!



@+++

Re,


Logfile of random's system information tool 1.05 (written by random/random)
Run by rza at 2009-03-31 12:35:21
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 14 GB (47%) free of 30 GB
Total RAM: 959 MB (71% free)

HijackThis download failed

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersio­n\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersio­n\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersio­n\Explorer\Browser Helper Objects\{955BE0B8-BC85-4CAF-856E-8E0D8B610560}]
BHO pour Compagnon Web Encarta - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL [2006-06-13 256792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersio­n\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-10 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersio­n\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-10 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CFB25594-4D5F-11D6-AB7B-00B0D094B576} - Systran40premi.IEPlugIn - C:\Program Files\Systran\4_0\Premium\IEPlugIn.dll [2002-04-12 65536]
{147D6308-0614-4112-89B1-31402F9B82C4} - Compagnon Web Encarta - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL [2006-06-13 256792]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersio­n\Run]
"VTTimer"=C:\WINDOWS\system32\VTTimer.exe [2005-03-07 53248]
"VTTrayp"=C:\WINDOWS\system32\VTtrayp.exe [2006-07-10 176128]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2005-10-26 159744]
"WinampAgent"=C:\Program Files\Winamp\Winampa.exe [2001-04-30 10752]
"Athan"=C:\Program Files\Athan\Athan.exe [2005-09-12 937984]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"E07FDXRC_1355250"=C:\Program Files\Microsoft Encarta\Microsoft Encarta 2007 - Collection\EDICT.EXE [2006-06-13 351000]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-08-04 1667584]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
EPSON Status Monitor 3 Environment Check 2.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE

C:\Documents and Settings\rza\Menu Démarrer\Programmes\Démarrage
SunClock5.lnk - C:\Documents and Settings\rza\Application Data\Map Maker\MMManager.exe

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDrives"=0
"NoDriveTypeAutoRun"=323

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDriveAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\usmt\migwiz.exe"="C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Assistant Transfert de fichiers et de paramètres"
"C:\Documents and Settings\mamoud\Local Settings\Application Data\Skype\Phone\Skype.exe"="C:\Documents and Settings\mamoud\Local Settings\Application Data\Skype\Phone\Skype.exe:*:Disabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 2 months======

2009-03-31 12:35:21 ----D---- C:\rsit
2009-03-31 12:14:42 ----SHD---- C:\RECYCLER
2009-03-31 12:14:42 ----D---- C:\_OTMoveIt
2009-03-31 11:36:42 ----A---- C:\ComboFix.txt
2009-03-31 11:29:47 ----D---- C:\ComboFix
2009-03-30 14:29:57 ----D---- C:\moi
2009-03-30 14:29:55 ----D---- C:\Qoobox
2009-03-29 15:07:56 ----D---- C:\WINDOWS\Prefetch
2009-03-29 15:03:41 ----A---- C:\WINDOWS\system32\wmpns.dll
2009-03-29 15:03:34 ----A---- C:\WINDOWS\OEWABLog.txt
2009-03-29 15:02:48 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-03-29 14:53:51 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-03-29 14:53:51 ----A---- C:\WINDOWS\system32\irclass.dll
2009-03-29 14:53:27 ----RA---- C:\WINDOWS\SETCE.tmp
2009-03-29 14:53:24 ----RA---- C:\WINDOWS\SETC2.tmp
2009-03-29 14:53:22 ----RA---- C:\WINDOWS\SETBF.tmp
2009-03-29 14:52:47 ----A---- C:\WINDOWS\setuplog.txt
2009-03-28 08:59:32 ----D---- C:\Program Files\Folder Lock
2009-03-28 08:58:19 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2009-03-28 08:57:46 ----D---- C:\Program Files\Google
2009-03-24 16:16:05 ----A---- C:\WINDOWS\Athan Setup Log.txt
2009-03-23 16:09:32 ----A---- C:\WINDOWS\system32\Riched.dll
2009-03-23 16:09:31 ----A---- C:\WINDOWS\system32\vbar2232.dll
2009-03-23 16:09:31 ----A---- C:\WINDOWS\system32\Vb5stkit.dll
2009-03-23 16:09:31 ----A---- C:\WINDOWS\system32\Vb5db.dll
2009-03-23 16:08:46 ----D---- C:\WINDOWS\lhsp
2009-03-23 16:08:12 ----D---- C:\WINDOWS\SPEECH
2009-03-23 16:06:57 ----D---- C:\Program Files\ANHAR EL ARAB
2009-03-16 10:55:55 ----D---- C:\autorun.inf
2009-03-14 10:00:57 ----A---- C:\WINDOWS\zip.exe
2009-03-14 10:00:57 ----A---- C:\WINDOWS\VFIND.exe
2009-03-14 10:00:57 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-03-14 10:00:57 ----A---- C:\WINDOWS\SWSC.exe
2009-03-14 10:00:57 ----A---- C:\WINDOWS\SWREG.exe
2009-03-14 10:00:57 ----A---- C:\WINDOWS\sed.exe
2009-03-14 10:00:57 ----A---- C:\WINDOWS\NIRCMD.exe
2009-03-14 10:00:57 ----A---- C:\WINDOWS\grep.exe
2009-03-14 10:00:57 ----A---- C:\WINDOWS\fdsv.exe
2009-03-14 10:00:55 ----D---- C:\WINDOWS\ERDNT
2009-03-11 12:00:46 ----D---- C:\Program Files\trend micro
2009-03-10 09:50:26 ----A---- C:\WINDOWS\system32\javaws.exe
2009-03-10 09:50:26 ----A---- C:\WINDOWS\system32\javaw.exe
2009-03-10 09:50:26 ----A---- C:\WINDOWS\system32\java.exe
2009-03-10 09:50:26 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-03-10 09:50:07 ----D---- C:\Program Files\Java
2009-03-10 09:49:54 ----D---- C:\Documents and Settings\rza\Application Data\Sun
2009-03-07 11:23:36 ----D---- C:\Documents and Settings\rza\Application Data\Thinstall
2009-03-07 11:22:00 ----D---- C:\WINDOWS\SxsCaPendDel
2009-03-07 09:31:13 ----D---- C:\dalel v1
2009-02-17 11:54:25 ----D---- C:\WINDOWS\ERUNT
2009-02-17 11:54:24 ----D---- C:\Backups
2009-02-16 09:40:16 ----D---- C:\Documents and Settings\rza\Application Data\Malwarebytes
2009-02-16 09:34:25 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-02-16 09:34:25 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

======List of files/folders modified in the last 2 months======

2009-03-31 12:17:04 ----D---- C:\WINDOWS\system32
2009-03-31 12:15:53 ----D---- C:\WINDOWS\Temp
2009-03-31 12:15:06 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-03-31 11:36:43 ----D---- C:\WINDOWS\system32\drivers
2009-03-31 11:36:42 ----D---- C:\WINDOWS
2009-03-31 11:35:53 ----D---- C:\WINDOWS\system32\CatRoot2
2009-03-31 11:35:36 ----A---- C:\WINDOWS\system.ini
2009-03-31 11:31:10 ----D---- C:\WINDOWS\AppPatch
2009-03-31 11:31:08 ----D---- C:\Program Files\Fichiers communs
2009-03-29 16:51:30 ----D---- C:\WINDOWS\system
2009-03-29 16:51:29 ----D---- C:\WINDOWS\system32\Setup
2009-03-29 16:51:28 ----D---- C:\WINDOWS\Help
2009-03-29 16:51:22 ----D---- C:\WINDOWS\system32\usmt
2009-03-29 16:51:13 ----D---- C:\WINDOWS\ime
2009-03-29 16:51:13 ----D---- C:\WINDOWS\ehome
2009-03-29 16:51:12 ----RSD---- C:\WINDOWS\Fonts
2009-03-29 16:51:11 ----D---- C:\WINDOWS\Media
2009-03-29 16:51:01 ----D---- C:\WINDOWS\PeerNet
2009-03-29 16:50:49 ----D---- C:\WINDOWS\system32\npp
2009-03-29 16:50:43 ----D---- C:\WINDOWS\msagent
2009-03-29 16:49:03 ----D---- C:\WINDOWS\system32\1036
2009-03-29 16:48:57 ----D---- C:\WINDOWS\twain_32
2009-03-29 16:48:45 ----D---- C:\WINDOWS\system32\icsxml
2009-03-29 16:48:16 ----D---- C:\WINDOWS\system32\1033
2009-03-29 16:47:27 ----D---- C:\WINDOWS\Driver Cache
2009-03-29 15:39:06 ----D---- C:\WINDOWS\security
2009-03-29 15:09:39 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-03-29 15:09:33 ----D---- C:\WINDOWS\Registration
2009-03-29 15:08:56 ----HD---- C:\WINDOWS\inf
2009-03-29 15:08:01 ----SHD---- C:\System Volume Information
2009-03-29 15:08:01 ----D---- C:\WINDOWS\system32\Restore
2009-03-29 15:07:30 ----D---- C:\WINDOWS\system32\config
2009-03-29 15:06:16 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-03-29 15:03:30 ----A---- C:\WINDOWS\ODBCINST.INI
2009-03-29 15:03:11 ----D---- C:\WINDOWS\system32\ias
2009-03-29 15:02:50 ----RD---- C:\WINDOWS\Web
2009-03-29 15:02:50 ----RD---- C:\Program Files
2009-03-29 15:02:43 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-03-29 15:02:35 ----A---- C:\WINDOWS\win.ini
2009-03-29 15:02:32 ----D---- C:\WINDOWS\system32\oobe
2009-03-29 15:01:57 ----D---- C:\WINDOWS\system32\Com
2009-03-29 15:01:36 ----D---- C:\WINDOWS\system32\wbem
2009-03-29 15:00:58 ----SH---- C:\boot.ini
2009-03-29 14:53:41 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2009-03-29 14:53:28 ----D---- C:\WINDOWS\system32\CatRoot
2009-03-28 08:59:05 ----SHD---- C:\WINDOWS\Installer
2009-03-28 08:59:05 ----SD---- C:\WINDOWS\Tasks
2009-03-24 16:15:45 ----A---- C:\WINDOWS\system32\ScrUnZip.dll
2009-03-23 16:08:50 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared
2009-03-23 10:20:58 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-18 14:56:50 ----A---- C:\WINDOWS\winamp.ini
2009-03-17 11:48:30 ----SHD---- C:\Config.Msi
2009-03-16 15:21:44 ----D---- C:\WINDOWS\system32\NtmsData
2009-03-10 09:51:42 ----D---- C:\Program Files\Yahoo!
2009-03-07 11:22:30 ----D---- C:\Program Files\Fichiers communs\Adobe
2009-03-07 11:22:21 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-03-07 11:22:09 ----D---- C:\Program Files\Adobe
2009-03-03 10:31:37 ----D---- C:\WINDOWS\UfdApp
2009-02-28 10:17:00 ----D---- C:\Program Files\CCleaner
2009-02-16 13:31:47 ----D---- C:\Documents and Settings

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-10-30 75072]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 40320]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2005-11-16 42496]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-12-21 4405248]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 viagfx;viagfx; C:\WINDOWS\system32\DRIVERS\vtmini.sys [2006-08-02 264192]
S3 FETNDIS;Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet; C:\WINDOWS\system32\DRIVERS\fetnd5.sys []
S3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5b.sys [2004-04-15 42496]
S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2002-09-07 9600]
S3 NTSIM;NTSIM; \??\C:\WINDOWS\system32\ntsim.sys []
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 w810bus;Sony Ericsson W810 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\w810bus.sys [2006-02-20 58288]
S3 w810mdfl;Sony Ericsson W810 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\w810mdfl.sys [2006-02-20 8336]
S3 w810mdm;Sony Ericsson W810 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\w810mdm.sys [2006-02-20 94064]
S3 w810mgmt;Sony Ericsson W810 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\w810mgmt.sys [2006-02-20 85408]
S3 w810obex;Sony Ericsson W810 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\w810obex.sys [2006-02-20 83344]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;Planificateur Avira AntiVir Personal - Free Antivirus; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
R2 EpsonBidirectionalService;EpsonBidirectionalService; C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe [2002-01-29 77824]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-10 152984]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.05 2009-03-31 12:35:23

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Reader 8.1.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003}
Allah Remembrance Screen Saver-->C:\WINDOWS\system32\RemoveScr.exe Allah Remembrance
ALMOGHNY-->C:\PROGRA~1\ANHARE~1\UNWISE.EXE C:\PROGRA~1\ANHARE~1\INSTALL.LOG
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
AutoSketch-->C:\WINDOWS\unin040c.exe -f"C:\Program Files\Autodesk\AutoSketch\DeIsL1.isu"
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
EPSON Logiciel imprimante-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /r
Guide de référence LQ590 LQ2090-->C:\Program Files\EPSON\TPMANUAL\LQ590 LQ2090\REF_G\DOCUNINS.EXE
HijackThis 2.0.2-->"I:\MAMOUD (H)\monjack\HijackThis.exe" /uninstall
Java(TM) 6 Update 12-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
Lernout & Hauspie TruVoice American English TTS Engine-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tv_enua.inf, Uninstall
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Encarta 2007 - Collection-->MsiExec.exe /I{07180000-E9B4-4DF6-A845-CAAFD093E477}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Microsoft Text-to-Speech Engine 4.0 (English)-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msTTSm22.inf, Uninstall
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{CC1DB186-550F-3CFE-A2A9-EBA5E5A34BC1}
Mjuice Components-->"C:\Program Files\MJuice Media Player\MJUninst.exe"
MSXML 6.0 Parser-->MsiExec.exe /I{AEB9948B-4FF2-47C9-990E-47014492A0FE}
PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe"
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Recuva (remove only)-->"E:\Program Files\Recuva\uninst.exe"
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sony Ericsson PC Suite 1.20.173-->MsiExec.exe /I{C5ADA65A-7828-4D85-B071-ECC52B51F794}
Systran Professional Premium 4.0-->C:\WINDOWS\unvise32.exe C:\Program Files\Systran\4_0\Premium\uninstal.log
Telecatalog 2005-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{37C0FFFE-BD5A-4368-8C08-44041D6E83B6}\setup.exe" Add_Remove prog
Total Video Converter 3.02-->"C:\Program Files\Total Video Converter\unins000.exe"
VIA Platform Device Manager-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
VIA Rhine-Family Fast Ethernet Adapter-->Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
VIA/S3G Display Driver 6.14.10.0326-->C:\PROGRA~1\S3\UChromeP\s3minset.exe /u UChromeP.uns
Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL

======Security center information======

AV: Avira AntiVir PersonalEdition Classic (disabled) (outdated)

System event log

Computer Name: RI-8FE4E3DEDF50
Event Code: 7036
Message: Le service Compatibilité avec le Changement rapide d'utilisateur est entré dans l'état : en cours d'exécution.

Record Number: 930
Source Name: Service Control Manager
Time Written: 20090114092455.000000+060
Event Type: Informations
User:

Computer Name: RI-8FE4E3DEDF50
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Compatibilité avec le Changement rapide d'utilisateur.

Record Number: 929
Source Name: Service Control Manager
Time Written: 20090114092455.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: RI-8FE4E3DEDF50
Event Code: 7036
Message: Le service Services Terminal Server est entré dans l'état : en cours d'exécution.

Record Number: 928
Source Name: Service Control Manager
Time Written: 20090114092455.000000+060
Event Type: Informations
User:

Computer Name: RI-8FE4E3DEDF50
Event Code: 7036
Message: Le service Explorateur d'ordinateur est entré dans l'état : arrêté.

Record Number: 927
Source Name: Service Control Manager
Time Written: 20090114092451.000000+060
Event Type: Informations
User:

Computer Name: RI-8FE4E3DEDF50
Event Code: 7036
Message: Le service Service de la passerelle de la couche Application est entré dans l'état : en cours d'exécution.

Record Number: 926
Source Name: Service Control Manager
Time Written: 20090114092451.000000+060
Event Type: Informations
User:

Application event log

Computer Name: RI-8FE4E3DEDF50
Event Code: 1800
Message: Le service Centre de sécurité Windows a démarré.

Record Number: 1768
Source Name: SecurityCenter
Time Written: 20080805095016.000000+120
Event Type: Informations
User:

Computer Name: RI-8FE4E3DEDF50
Event Code: 102
Message: wuaueng.dll (3472) SUS20ClientDataStore: Le moteur de base de données a démarré une nouvelle instance (0).

Record Number: 1767
Source Name: ESENT
Time Written: 20080805094933.000000+120
Event Type: Informations
User:

Computer Name: RI-8FE4E3DEDF50
Event Code: 100
Message: wuauclt (3472) Le moteur de base de données 5.01.2600.2180 est démarré.

Record Number: 1766
Source Name: ESENT
Time Written: 20080805094933.000000+120
Event Type: Informations
User:

Computer Name: RI-8FE4E3DEDF50
Event Code: 1517
Message: Windows a sauvegardé le Registre utilisateur RI-8FE4E3DEDF50\rza alors qu'une application ou un service utilisait toujours le Registre pendant la fermeture de la session. La mémoire utilisée par le Registre de l'utilisateur n'a pas été libérée. le Registre sera déchargé lorsqu'il ne sera plus utilisé.


Cela est souvent causé par des services s'exécutant en tant que compte d'utilisateur, essayez de configurer les services pour s'exécuter dans le compte service réseau ou service local.

Record Number: 1765
Source Name: Userenv
Time Written: 20080805094932.000000+120
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: RI-8FE4E3DEDF50
Event Code: 101
Message: wuauclt (2864) Le moteur de base de données est arrêté.

Record Number: 1764
Source Name: ESENT
Time Written: 20080805084428.000000+120
Event Type: Informations
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Fichiers communs\Teleca Shared
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 6 Stepping 5, GenuineIntel
"PROCESSOR_REVISION"=0605
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------


@+++

Salut , gen-hacman , fred



voilà le rapport rsit



========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
C:\WINDOWS\SETCE.tmp moved successfully.
C:\WINDOWS\SETC2.tmp moved successfully.
C:\WINDOWS\SETBF.tmp moved successfully.
Folder move failed. C:\autorun.inf scheduled to be moved on reboot.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersio­­n\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\\ not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\rza\LOCALS~1\Temp\~DF1D52.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_648.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 03312009_142245

Files moved on Reboot...
Folder move failed. C:\autorun.inf scheduled to be moved on reboot.
C:\DOCUME~1\rza\LOCALS~1\Temp\~DF1D52.tmp moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_648.dat not found!


ps:je crois que j'aioublié de copier le 2eme rapport dans ma clé usb ,

pour la clé usb infecté , c'est regler , apres avoir scaner avec combofix et ma clé branché , le virus a été supprimé ,


@+++

Re,



je ne sais pas , je doit verifier ça demain ,


@+++

Re,


wé , je l'ai fait ,il a rien detecter


@+++

Re


ché pas à koi sert ce dossier à ton avis ,

@+++

Re..


je vérifierai tout ça demain , merci gen-hackman


bonne soirée ,


@+++

Bonjour ,




voillà ce que j'ai trouvé dans le dossier <gras>c:/autorun.inf lpt.This folder was created by Flash_Desinfector


est ce que je le supprime ??


@+++

Re


d'acc , alors c'est bon

merci gen-hackman pour ton aide , mais il reste toujours l'autre pc dont impossible d'installer un antivirus

@+++