Bon j'ai fait se que tu ma dit:
le log de move_it:
Error: Unable to interpret <files> in the current context!
Error: Unable to interpret <C:\WINDOWS\system32nvideo.dll> in the current context!
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\CHANT4~1.CHA\LOCALS~1\Temp\etilqs_d8cuJ1ORO34abEPOmgvV scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\CHANT4~1.CHA\LOCALS~1\Temp\Perflib_Perfdata_41c.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\CHANT4~1.CHA\LOCALS~1\Temp\~DFAB0D.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\chant49.CHANTAL\Local Settings\Application Data\Mozilla\Firefox\Profiles\u66f3fg9.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\chant49.CHANTAL\Local Settings\Application Data\Mozilla\Firefox\Profiles\u66f3fg9.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\chant49.CHANTAL\Local Settings\Application Data\Mozilla\Firefox\Profiles\u66f3fg9.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\chant49.CHANTAL\Local Settings\Application Data\Mozilla\Firefox\Profiles\u66f3fg9.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\chant49.CHANTAL\Local Settings\Application Data\Mozilla\Firefox\Profiles\u66f3fg9.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\chant49.CHANTAL\Local Settings\Application Data\Mozilla\Firefox\Profiles\u66f3fg9.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11252008_163250
Files moved on Reboot...
File C:\DOCUME~1\CHANT4~1.CHA\LOCALS~1\Temp\etilqs_d8cuJ1ORO34abEPOmgvV not found!
File C:\DOCUME~1\CHANT4~1.CHA\LOCALS~1\Temp\Perflib_Perfdata_41c.dat not found!
C:\DOCUME~1\CHANT4~1.CHA\LOCALS~1\Temp\~DFAB0D.tmp moved successfully.
C:\Documents and Settings\chant49.CHANTAL\Local Settings\Application Data\Mozilla\Firefox\Profiles\u66f3fg9.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\chant49.CHANTAL\Local Settings\Application Data\Mozilla\Firefox\Profiles\u66f3fg9.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\chant49.CHANTAL\Local Settings\Application Data\Mozilla\Firefox\Profiles\u66f3fg9.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\chant49.CHANTAL\Local Settings\Application Data\Mozilla\Firefox\Profiles\u66f3fg9.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\chant49.CHANTAL\Local Settings\Application Data\Mozilla\Firefox\Profiles\u66f3fg9.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\chant49.CHANTAL\Local Settings\Application Data\Mozilla\Firefox\Profiles\u66f3fg9.default\XUL.mfl moved successfully.
le log de malware:
Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1423
Windows 5.1.2600 Service Pack 3
2008-11-25 19:00:22
mbam-log-2008-11-25 (19-00-15).txt
Type de recherche: Examen complet (C:\|D:\|E:\|F:\|)
Eléments examinés: 186873
Temps écoulé: 1 hour(s), 23 minute(s), 40 second(s)
Processus
mémoire infecté(s): 0
Module(s)
mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 7
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 6
Processus
mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s)
mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\nvideo.nvideosupport (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\nvideo.nvideosupport.1 (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{15c3f151-cc22-4146-8f73-05d0cd987982} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{f8fb8ac9-3fcf-41b4-aad5-5f1050cd1679} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{41ec1928-7982-4e1f-b181-8e43b5e0c3f2} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{1813785d-9cfb-45a0-9cbc-3e84f7a8471f} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1813785d-9cfb-45a0-9cbc-3e84f7a8471f} (Trojan.BHO) -> No action taken.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\Local Page (Hijack.Search) -> Bad: (
http://www.iesearch.com/) Good: (
http://www.google.com/) -> No action taken.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\Documents and Settings\chant49.CHANTAL\Bureau\backups\backup-20081125-163034-523.dll (Trojan.BHO) -> No action taken.
C:\My Games\Ranch Rush\ijl15.dll (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{DAF1054A-9D85-4E93-AA01-E409DC8F9D97}\RP212\A0020884.dll (Trojan.BHO) -> No action taken.
C:\WINDOWS\system32GSearchTB.dll (Trojan.BHO) -> No action taken.
C:\WINDOWS\system32\alert.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\msupdte.exe (Backdoor.Bot) -> No action taken.
le log de HijackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:04:57, on 2008-11-25
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\iWin Games\iWinGamesInstaller.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\chant49.CHANTAL\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.sophiequenneville.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R3 - URLSearchHook: (no name) - {f592709f-ff4a-4862-b659-4afabda56312} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) -
http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cabO16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) -
http://support.asus.com/common/asusTek_sys_ctrl.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) -
http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cabO16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) -
http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1216754112250O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) -
http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) -
http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cabO16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) -
http://zone.msn.com/binframework/v10/StProxy.cab55579.cabO18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iWinGamesInstaller - iWin Inc. - C:\Program Files\iWin Games\iWinGamesInstaller.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
--
End of file - 7220 bytes
merci
chantal