serpent

Bonjour ! est-ce l'analyse est bonne? c'est terminée?

Bonsoir !!!! Voila toutes les etapes ont été suivies, voici les rapports: rapport Toolscleaner : -->- Recherche: C:\_OtMoveIt: trouvé ! C:\Documents and Settings\ADE\Bureau\OtMoveIt.exe: trouvé ! C:\Documents and Settings\ADE\Bureau\SmitFraudFix.exe: trouvé ! C:\Documents and Settings\ADE\Bureau\SmitFraudfix: trouvé ! C:\Documents and Settings\All Users\Bureau\Navilog1.lnk: trouvé ! C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1: trouvé ! C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: trouvé ! C:\Documents and Settings\FLO\Bureau\Navilog1.exe: trouvé ! C:\Program Files\Navilog1: trouvé ! C:\Program Files\Navilog1\Navilog1.bat: trouvé ! --------------------------------- -->- Suppression: C:\Documents and Settings\ADE\Bureau\OtMoveIt.exe: supprimé ! C:\Documents and Settings\ADE\Bureau\SmitFraudFix.exe: supprimé ! C:\Documents and Settings\All Users\Bureau\Navilog1.lnk: supprimé ! C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: supprimé ! C:\Documents and Settings\FLO\Bureau\Navilog1.exe: supprimé ! C:\Program Files\Navilog1\Navilog1.bat: supprimé ! C:\_OtMoveIt: supprimé ! C:\Documents and Settings\ADE\Bureau\SmitFraudfix: supprimé ! C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1: supprimé ! C:\Program Files\Navilog1: supprimé ! Rapport Antivir : Report file date: dimanche 2 décembre 2007 23:02 Jobname: 'Manual Selection' Scanning for 284303 virus strains and unwanted programs. Licensed to: AntiVir PersonalEdition Classic Serialnumber: 0000149996-WURGE-0001 Platform: Windows XP Windowsversion: (Service Pack 2) [5.1.2600] Username: ADE Computername: XPSP2-C0E0D18D8 Versioninformations: AVSCAN.EXE : 7.0.0.19 385064 23/01/2006 15:35:36 AVSCAN.DLL : 7.0.0.19 42536 23/01/2006 15:35:34 LUKE.DLL : 7.0.0.19 110632 23/01/2006 15:35:36 LUKERES.DLL : 7.0.0.19 27688 23/01/2006 15:35:36 ANTIVIR0.VDF : 6.32.0.60 4323840 06/12/2005 10:47:34 ANTIVIR1.VDF : 6.33.0.97 675328 18/01/2006 14:31:52 ANTIVIR2.VDF : 6.33.0.131 122880 18/01/2006 14:31:52 ANTIVIR3.VDF : 6.33.0.139 28160 18/01/2006 14:31:52 AVEWIN32.DLL : 6.33.0.30 1016320 20/01/2006 11:42:50 AVPREF.DLL : 6.34.0.0 33320 18/01/2006 12:05:46 AVREP.DLL : 6.33.0.100 1617960 06/01/2006 17:08:28 AVPACK32.DLL : 6.33.0.6 331816 09/01/2006 09:03:38 AVREG.DLL : 6.31.0.90 25128 28/07/2005 10:06:12 NETNT.DLL : 6.32.0.0 6696 27/09/2005 07:56:46 NETNW.DLL : 6.32.0.0 9768 27/09/2005 07:56:46 Start of the scan: dimanche 2 décembre 2007 23:02 Start scanning boot sectors: Boot sector 'C:' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( 18 files ). Starting the file scan: C:\pagefile.sys [WARNING] The file could not be opened! C:\44ba207c658417d5c5f79c6cff\mrt.exe._p [WARNING] The file could not be opened! C:\44ba207c658417d5c5f79c6cff\mrtstub.exe [WARNING] The file could not be opened! C:\Documents and Settings\ADE\NTUSER.DAT [WARNING] The file could not be opened! C:\Documents and Settings\ADE\ntuser.dat.LOG [WARNING] The file could not be opened! C:\Documents and Settings\ADE\Local Settings\Application Data\Microsoft\Messenger\[email protected]\Sharing Folders\[email protected]\Thumbs.dble [WARNING] The file could not be opened! C:\Documents and Settings\ADE\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{0F616C10-A53A-268C-B20C-68AEBE7FC2F4}1\10-{0F~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS [WARNING] The file could not be opened! C:\Documents and Settings\ADE\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{8E6AAF6B-20BF-7330-C0A3-AF29677FF2B0}1\27-{8E~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS [WARNING] The file could not be opened! C:\Documents and Settings\ADE\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{D58B38B9-E61C-BF76-BC01-97A33F1D9821}1\11-{D5~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS [WARNING] The file could not be opened! C:\Documents and Settings\ADE\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{D58B38B9-E61C-BF76-BC01-97A33F1D9821}\12\27-{B5~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS [WARNING] The file could not be opened! C:\Documents and Settings\ADE\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{D58B38B9-E61C-BF76-BC01-97A33F1D9821}\14\29-{B5~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS [WARNING] The file could not be opened! C:\Documents and Settings\ADE\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{D58B38B9-E61C-BF76-BC01-97A33F1D9821}\15\30-{B5~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS [WARNING] The file could not be opened! C:\Documents and Settings\ADE\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{D58B38B9-E61C-BF76-BC01-97A33F1D9821}\16\31-{B5~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS [WARNING] The file could not be opened! C:\Documents and Settings\ADE\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{D58B38B9-E61C-BF76-BC01-97A33F1D9821}\17\32-{B5~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS [WARNING] The file could not be opened! C:\Documents and Settings\ADE\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{D58B38B9-E61C-BF76-BC01-97A33F1D9821}\18\36-{B5~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS [WARNING] The file could not be opened! C:\Documents and Settings\ADE\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{D58B38B9-E61C-BF76-BC01-97A33F1D9821}\19\37-{B5~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS [WARNING] The file could not be opened! C:\Documents and Settings\ADE\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{D58B38B9-E61C-BF76-BC01-97A33F1D9821}\20\43-{B5~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS [WARNING] The file could not be opened! C:\Documents and Settings\ADE\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{D58B38B9-E61C-BF76-BC01-97A33F1D9821}\21\44-{B5~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS [WARNING] The file could not be opened! C:\Documents and Settings\ADE\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{D58B38B9-E61C-BF76-BC01-97A33F1D9821}\22\22-{FA~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS [WARNING] The file could not be opened! C:\Documents and Settings\ADE\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{D58B38B9-E61C-BF76-BC01-97A33F1D9821}\22\22-{FA~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 [WARNING] The file could not be opened! C:\Documents and Settings\ADE\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{D58B38B9-E61C-BF76-BC01-97A33F1D9821}\22\58-{B5~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS [WARNING] The file could not be opened! C:\Documents and Settings\ADE\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{D58B38B9-E61C-BF76-BC01-97A33F1D9821}\22\58-{B5~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 [WARNING] The file could not be opened! C:\Documents and Settings\ADE\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{D58B38B9-E61C-BF76-BC01-97A33F1D9821}\23\46-{B5~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS [WARNING] The file could not be opened! C:\Documents and Settings\ADE\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{D58B38B9-E61C-BF76-BC01-97A33F1D9821}\24\47-{B5~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS [WARNING] The file could not be opened! C:\Documents and Settings\ADE\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{D58B38B9-E61C-BF76-BC01-97A33F1D9821}\25\25-{FA~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS [WARNING] The file could not be opened! C:\Documents and Settings\ADE\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{D58B38B9-E61C-BF76-BC01-97A33F1D9821}\25\25-{FA~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 [WARNING] The file could not be opened! C:\Documents and Settings\ADE\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{D58B38B9-E61C-BF76-BC01-97A33F1D9821}\25\48-{B5~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS [WARNING] The file could not be opened! C:\Documents and Settings\ADE\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{D58B38B9-E61C-BF76-BC01-97A33F1D9821}\26\38-{B5~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS [WARNING] The file could not be opened! C:\Documents and Settings\ADE\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{D58B38B9-E61C-BF76-BC01-97A33F1D9821}\28\39-{B5~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS [WARNING] The file could not be opened! C:\Documents and Settings\ADE\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{D58B38B9-E61C-BF76-BC01-97A33F1D9821}\33\40-{B5~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS [WARNING] The file could not be opened! C:\Documents and Settings\ADE\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{D58B38B9-E61C-BF76-BC01-97A33F1D9821}\34\41-{B5~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS [WARNING] The file could not be opened! C:\Documents and Settings\ADE\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{D58B38B9-E61C-BF76-BC01-97A33F1D9821}\35\42-{B5~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS [WARNING] The file could not be opened! C:\Documents and Settings\ADE\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{D58B38B9-E61C-BF76-BC01-97A33F1D9821}\49\55-{B5~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS [WARNING] The file could not be opened! C:\Documents and Settings\ADE\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{D58B38B9-E61C-BF76-BC01-97A33F1D9821}\53\57-{B5~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS [WARNING] The file could not be opened! C:\Documents and Settings\ADE\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat [WARNING] The file could not be opened! C:\Documents and Settings\ADE\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG [WARNING] The file could not be opened! C:\Documents and Settings\ADE\Mes documents\Thumbs.dble [WARNING] The file could not be opened! C:\Documents and Settings\ADE\Mes documents\Mes images\Thumbs.dble [WARNING] The file could not be opened! C:\Documents and Settings\ADE\Mes documents\Mes images\vances-aout-2007\Thumbs.dble [WARNING] The file could not be opened! C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5bc87250ca4d6c27db725e5e3a020ab1_e6657f0a-a985-44f9-8836-d9274635d4f9 [WARNING] The file could not be opened! C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7e4feb050225e03243a3b9832c170460_e6657f0a-a985-44f9-8836-d9274635d4f9 [WARNING] The file could not be opened! C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a08af06c2df1380320de0f3a7ca9a657_e6657f0a-a985-44f9-8836-d9274635d4f9 [WARNING] The file could not be opened! C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a336320a5d95ea44a2fd47a8ddb761b5_e6657f0a-a985-44f9-8836-d9274635d4f9 [WARNING] The file could not be opened! C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a76a72ba5ff46c1c8fca13523eaa3692_e6657f0a-a985-44f9-8836-d9274635d4f9 [WARNING] The file could not be opened! C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d0f55da93c7788d5d5ccdfe5965d269a_e6657f0a-a985-44f9-8836-d9274635d4f9 [WARNING] The file could not be opened! C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dc1de35500683014e3a4dbed7b445bdf_e6657f0a-a985-44f9-8836-d9274635d4f9 [WARNING] The file could not be opened! C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\efab1cd254876d436e97854fa98d46d9_e6657f0a-a985-44f9-8836-d9274635d4f9 [WARNING] The file could not be opened! C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f96a41f407316ba647c0a2b66be7cbfe_e6657f0a-a985-44f9-8836-d9274635d4f9 [WARNING] The file could not be opened! C:\Documents and Settings\All Users\Documents\Mes images\Échantillons d'images\Thumbs.dble [WARNING] The file could not be opened! C:\Documents and Settings\FLO\Mes documents\Mes images\Thumbs.dble [WARNING] The file could not be opened! C:\Documents and Settings\NetworkService\NTUSER.DAT [WARNING] The file could not be opened! C:\Documents and Settings\NetworkService\ntuser.dat.LOG [WARNING] The file could not be opened! C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat [WARNING] The file could not be opened! C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG [WARNING] The file could not be opened! C:\WINDOWS\Thumbs.dble [WARNING] The file could not be opened! C:\WINDOWS\system32\config\default [WARNING] The file could not be opened! C:\WINDOWS\system32\config\default.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SAM [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SAM.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SECURITY [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SECURITY.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\software [WARNING] The file could not be opened! C:\WINDOWS\system32\config\software.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\system [WARNING] The file could not be opened! C:\WINDOWS\system32\config\system.LOG [WARNING] The file could not be opened! End of the scan: dimanche 2 décembre 2007 23:43 Used time: 40:51 min The scan has been done completely. 2061 Scanning directories 76236 Files were scanned 0 viruses and/or unwanted programs was found 0 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 768 Archives were scanned 130 Warnings 0 Notes Bonne nuit ...

Bonsoir , Voici le rapport cleannavi : Clean Navipromo version 3.3.6 commencé le 26/11/2007 à 19:34:12,62 Outil exécuté depuis C:\Program Files\navilog1 Mise à jour le 14.11.2007 à 18h00 par IL-MAFIOSO Microsoft Windows XP [version 5.1.2600] Internet Explorer : 7.0.5730.11 Mode suppression automatique *** Creation backups fichiers trouvés par Catchme *** Copie vers "C:\Program Files\navilog1\Backupnavi" Copie C:\WINDOWS\system32\fvoacay.dat réalisé avec succès ! Copie C:\WINDOWS\system32\fvoacay.exe réalisé avec succès ! Copie C:\WINDOWS\system32\fvoacay_nav.dat réalisé avec succès ! Copie C:\WINDOWS\system32\fvoacay_navps.dat réalisé avec succès ! *** Suppression des fichiers trouvés avec Catchme *** C:\WINDOWS\system32\fvoacay.dat supprimé ! C:\WINDOWS\system32\fvoacay.exe supprimé ! C:\WINDOWS\system32\fvoacay_nav.dat supprimé ! C:\WINDOWS\system32\fvoacay_navps.dat supprimé ! ** 2ème passage avec résultats Catchme ** C:\WINDOWS\prefetch\fvoacay*.pf trouvé ! Copie C:\WINDOWS\prefetch\fvoacay*.pf réalisé avec succès ! C:\WINDOWS\prefetch\fvoacay*.pf supprimé ! *** Suppression avec sauvegardes résultats GenericNaviSearch *** * Suppression dans C:\WINDOWS\System32 * * Suppression dans C:\DOCUME~1\ADE\LOCALS~1\APPLIC~1 * *** Suppression dossiers dans C:\WINDOWS *** *** Suppression dossiers dans C:\Program Files *** C:\Program Files\MessengerSkinner ...suppression... C:\Program Files\MessengerSkinner supprimé ! *** Suppression dossiers dans C:\Documents and Settings\All Users\Application Data *** *** Suppression dossiers dans C:\Documents and Settings\ADE\Application Data *** ...\Application Data\MessengerSkinner ...suppression... ...\Application Data\MessengerSkinner supprimé ! *** Suppression dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 *** *** Suppression fichiers *** C:\WINDOWS\pack.epk supprimé ! C:\WINDOWS\system32\nvs2.inf supprimé ! C:\WINDOWS\prefetch\MESSENGERSKINNER.EXE-0EE2A110.pf supprimé ! *** Suppression fichiers temporaires *** Nettoyage contenu C:\WINDOWS\Temp effectué ! Nettoyage contenu C:\Documents and Settings\ADE\Local Settings\Temp effectué ! *** Traitement Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche fichiers connus: 2)Recherche, création sauvegardes et suppression Heuristique : C:\WINDOWS\System32\iqpwuah.dat trouvé ! Copie C:\WINDOWS\system32\iqpwuah.dat réalisé avec succès ! C:\WINDOWS\system32\iqpwuah.dat supprimé ! C:\WINDOWS\System32\iqpwuah_nav.dat trouvé ! Copie C:\WINDOWS\system32\iqpwuah_nav.dat réalisé avec succès ! C:\WINDOWS\system32\iqpwuah_nav.dat supprimé ! C:\WINDOWS\System32\iqpwuah_navps.dat trouvé ! Copie C:\WINDOWS\system32\iqpwuah_navps.dat réalisé avec succès ! C:\WINDOWS\system32\iqpwuah_navps.dat supprimé ! C:\WINDOWS\system32\aluahwk.exe trouvé ! Copie C:\WINDOWS\system32\aluahwk.exe réalisé avec succès ! C:\WINDOWS\system32\aluahwk.exe supprimé ! C:\WINDOWS\system32\awndozln.exe trouvé ! Copie C:\WINDOWS\system32\awndozln.exe réalisé avec succès ! C:\WINDOWS\system32\awndozln.exe supprimé ! C:\WINDOWS\system32\bkehks.exe trouvé ! Copie C:\WINDOWS\system32\bkehks.exe réalisé avec succès ! C:\WINDOWS\system32\bkehks.exe supprimé ! C:\WINDOWS\system32\bptyoyv.exe trouvé ! Copie C:\WINDOWS\system32\bptyoyv.exe réalisé avec succès ! C:\WINDOWS\system32\bptyoyv.exe supprimé ! C:\WINDOWS\system32\dcsvme.exe trouvé ! Copie C:\WINDOWS\system32\dcsvme.exe réalisé avec succès ! C:\WINDOWS\system32\dcsvme.exe supprimé ! C:\WINDOWS\system32\iecsmp.exe trouvé ! Copie C:\WINDOWS\system32\iecsmp.exe réalisé avec succès ! C:\WINDOWS\system32\iecsmp.exe supprimé ! C:\WINDOWS\system32\khyxhsghcj.exe trouvé ! Copie C:\WINDOWS\system32\khyxhsghcj.exe réalisé avec succès ! C:\WINDOWS\system32\khyxhsghcj.exe supprimé ! C:\WINDOWS\system32\licdcrxxn.exe trouvé ! Copie C:\WINDOWS\system32\licdcrxxn.exe réalisé avec succès ! C:\WINDOWS\system32\licdcrxxn.exe supprimé ! C:\WINDOWS\system32\ttzbzubp.exe trouvé ! Copie C:\WINDOWS\system32\ttzbzubp.exe réalisé avec succès ! C:\WINDOWS\system32\ttzbzubp.exe supprimé ! C:\WINDOWS\system32\vvmqdlcz.exe trouvé ! Copie C:\WINDOWS\system32\vvmqdlcz.exe réalisé avec succès ! C:\WINDOWS\system32\vvmqdlcz.exe supprimé ! C:\WINDOWS\system32\iqpwuah.exe trouvé ! Copie C:\WINDOWS\system32\iqpwuah.exe réalisé avec succès ! C:\WINDOWS\system32\iqpwuah.exe supprimé ! *** Sauvegarde du Registre vers dossier Backupnavi *** sauvegarde du Registre réalisé avec succès ! *** Nettoyage Registre *** Nettoyage Registre Ok *** Certificats *** Certificat Egroup supprimé ! *** Nettoyage terminé le 26/11/2007 à 19:41:33,40 *** MERCI

Salut ! Je devais avoir une version Obsolète Mais ca va mieux Voci le Rapport SmitFraudfix: SmitFraudFix v2.253 Rapport fait à 19:10:35,87, 20/11/2007 Executé à partir de C:\Documents and Settings\ADE\Bureau\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\windows\system32\fvoacay.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\MessengerSkinner\MessengerSkinner.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe C:\WINDOWS\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts Fichier hosts corrompu ! 127.0.0.1 mpa.one.microsoft.com »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\ADE »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\ADE\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADE\Favoris »»»»»»»»»»»»»»»»»»»»»»»» Bureau »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Ma page d'accueil" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Rustock »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Carte réseau Fast Ethernet PCI Realtek RTL8139 Family - Miniport d'ordonnancement de paquets DNS Server Search Order: 212.27.54.252 DNS Server Search Order: 212.27.53.252 HKLM\SYSTEM\CCS\Services\Tcpip\..\{C8B71447-3470-4EF5-87D1-DEAAF12ED07A}: NameServer=212.27.54.252,212.27.53.252 HKLM\SYSTEM\CS1\Services\Tcpip\..\{C8B71447-3470-4EF5-87D1-DEAAF12ED07A}: NameServer=212.27.54.252,212.27.53.252 HKLM\SYSTEM\CS2\Services\Tcpip\..\{C8B71447-3470-4EF5-87D1-DEAAF12ED07A}: NameServer=212.27.54.252,212.27.53.252 »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin Bon j'espere que c'est pas trop grave !!!! A bentot

Bonsoir !!! voici l rapport OTMoveIt! C:\Program Files\MyWebSearch\SrchAstt moved successfully. Folder move failed. C:\Program Files\MyWebSearch\bar\History\search2 scheduled to be moved on reboot. C:\Program Files\MyWebSearch\bar\History moved successfully. Folder cleanup failed. C:\Program Files\MyWebSearch\bar scheduled to be deleted on reboot. Folder cleanup failed. C:\Program Files\MyWebSearch scheduled to be deleted on reboot. File/Folder not found. Created on 11/17/2007 13:26:22 pour ce qui est du rapport Smitfraudfix sa ne fonctionne pas il ouvre bien la fenetre il me dis apuyer sur une touche pour continuer et quand je le fais il ferme la fenetre et puis c'est tout !!!! merci et a bientot

Bonour, jai un souci avec mo PC pourriez vous m'aider SVP car il rame enormement Voilà mon rapport : Logfile of HijackThis v1.99.1 Scan saved at 09:57:54, on 17/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe C:\Program Files\Fichiers communs\DriveCleaner Free\udcsdr.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\DriveCleaner Free\udcwap.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0 O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O4 - HKLM\..\Run: [uDC6cw] "C:\Program Files\DriveCleaner Free\UDC6cw.exe" -c O4 - HKLM\..\Run: [sDR6V_Check] "C:\Program Files\Fichiers communs\DriveCleaner Free\udcsdr.exe" O4 - HKLM\..\Run: [WA6PV_Check] "C:\Program Files\Fichiers communs\DriveCleaner Free\udcwap.exe" O4 - HKLM\..\Run: [iqpwuah] c:\windows\system32\iqpwuah.exe iqpwuah O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZNxmk142YYFR O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{C8B71447-3470-4EF5-87D1-DEAAF12ED07A}: NameServer = 212.27.54.252,212.27.53.252 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AntiVir Scheduler (AntiVirScheduler) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe Voilà !! j'esere que ca n'est pas trop grave ????