Trojan horse quoi faire

maria -  
 maria76 -
Bonjour,
infecter par un trojan horse dans le fichier c/program~1/textow:1/tbu05949/sfr~ to1dll mon anti virus n'arrive pas a l'enlever je n'y connai rien comment m'en debarrasser
merci
Configuration: Windows XP
Internet Explorer 6.0

10 réponses

  1. adelgdaim
     
    re
    desinstalle norton et installe antivr--> https://com.com
    voice le tutorial-----> https://www.malekal.com/avira-free-security-antivirus-gratuit/
    - Après l'installation, mets le à jour - si ton firewall fait une alerte.. accepte la connexion.
    - Assure toi qu'Antivir est bien à jour, vérifie la date d'update.

    -- Redémarre en mode sans échec, pour cela, redémarre l'ordinateur, avant le logo Windows, tapote sur la touche F8, un menu va apparaître, choisis Mode sans échec et appuye sur la touche entrée du clavier.

    - Ouvre Antivir par le menu Démarrer / Programmes
    - Cliquez sur l'onglet Scanner.
    - Sélectionne Manual Selection
    - Sélectionne le disque C
    - Lance le scan - Mets en quarantaine tous les éléments détectés.
    - Une fois le scan terminé Enregistre le rapport.

    Redémarre en mode normal.

    Poste le rapport ici.
    à plus.
    1
  2. adelgdaim
     
    salut
    t'as quoi comme anti virus ?
    à plus
    0
  3. maria
     
    norton et j'ai aussi essayer avc pc tool spyware doctor
    0
  4. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  5. maria76 Messages postés 2 Statut Membre
     
    voivi le scan du pc

    Réglages Scan:

    Objets: Mémoire, Traces, Cookies, C:\
    Scan archives: Marche
    Heuristiques: Marche
    Scan ADS: Marche

    Début du scan: 04/02/2008 19:09:07

    C:\Documents and Settings\Administrateur\Cookies\administrateur@adserver.aol[1].txt Détecter: Trace.TrackingCookie
    C:\Documents and Settings\Administrateur\Cookies\administrateur@commentcamarche[2].txt Détecter: Trace.TrackingCookie
    C:\Documents and Settings\Administrateur\Cookies\administrateur@incredimail[1].txt Détecter: Trace.TrackingCookie
    C:\Documents and Settings\Administrateur\Cookies\administrateur@linkup-coaching[1].txt Détecter: Trace.TrackingCookie
    C:\Documents and Settings\Administrateur\Cookies\administrateur@mediaservices.myspace[1].txt Détecter: Trace.TrackingCookie
    C:\Documents and Settings\Administrateur\Cookies\administrateur@tripod[1].txt Détecter: Trace.TrackingCookie
    C:\Documents and Settings\Administrateur\Cookies\administrateur@weborama[1].txt Détecter: Trace.TrackingCookie
    C:\Program Files\TextoWeb_F6\sfr_toolbar_f6.dll Détecter: Adware.SideSearch.g
    C:\Program Files\TextoWeb_F6\tbu05949\sfr_toolbar_f6.dll Détecter: Adware.SideSearch.g

    Scanné

    Fichiers: 148790
    Traces: 367309
    Cookies: 310
    Processus: 59

    Trouver

    Fichiers: 2
    Traces: 0
    Cookies: 7
    Processus: 0
    Clés de Registre: 0

    Fin du Scan: 04/02/2008 20:38:08
    0
  6. adelgdaim
     
    Fichiers: 148790
    Traces: 367309
    Cookies: 310
    Processus: 59

    Trouver

    Fichiers: 2
    Traces: 0
    Cookies: 7
    Processus: 0
    Clés de Registre: 0


    je croix que l'antivirus a fait son travai
    telecharge hijacthis ici ------> http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe
    tu l'installe sur le disque C:\ directement la dessus
    fais un scan puis poste le log sur ta prochaine reponse pour etre sur
    a+
    0
  7. maria76 Messages postés 2 Statut Membre
     
    nouvo scan effectuer voila ce que ca donne
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:58:27, on 04/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
    C:\WINDOWS\system32\sstray.exe
    C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Micro Application\TrueImage\TrueImageMonitor.exe
    C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
    C:\WINDOWS\System32\LVCOMSX.EXE
    C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\WlanCU.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
    C:\WINDOWS\system32\dllcache\winmga.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\SiSWLSvc.exe
    C:\WINDOWS\system32\slserv.exe
    C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\Program Files\a-squared Anti-Malware\a2service.exe
    C:\Program Files\a-squared Anti-Malware\a2guard.exe
    C:\Program Files\a-squared Anti-Malware\a2scan.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=D4322FEE7CF74A348CB9CE970F098EF5
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: (no name) - Software - (no file)
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O2 - BHO: XBTB05715 Class - {BFEDE0E4-93B8-4e48-918B-0026C10AA7E4} - C:\PROGRA~1\TEXTOW~1\tbu05949\SFR_TO~1.DLL
    O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
    O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
    O3 - Toolbar: TextoWeb_F6 - {B574D419-5BDA-454F-B2E5-49C74EEAAF6D} - C:\Program Files\TextoWeb_F6\tbu05949\sfr_toolbar_f6.dll
    O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
    O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Micro Application\TrueImage\TrueImageMonitor.exe
    O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [Acronis Schedule] C:\Program Files\Fichiers communs\Acronis\Schedule\schedule.exe
    O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60
    O4 - HKLM\..\RunOnce: [getPlusUninstall_ocx] rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Configuration de la C-BOX] C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.lnk = ?
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O4 - Global Startup: Wireless Configuration Utility HW.32.lnk = ?
    O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
    O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
    O23 - Service: Microsoft Genuine Advantage - Unknown owner - C:\WINDOWS\system32\dllcache\winmga.exe
    O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: SiS WirelessLan Service (SiSWLSvc) - Unknown owner - C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\SiSWLSvc.exe
    O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
    O24 - Desktop Component 0: (no name) - http://storage.canalblog.com/70/20/87333/9364467_p.jpg
    0
  8. adelgdaim
     
    MARIE ou marie76

    Désolé mais y a un probleme.
    et je ne peux pas suivre avec vous.
    ceci ressemble à un rapport antivir alors que sur votre log HJTHS antivir n'existe pas

    AntiVir PersonalEdition Classic
    Report file date: lundi 4 février 2008 20:21

    Scanning for 1092160 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Username: SYSTEM
    Computer name: HABIB

    Version information:
    BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
    LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
    LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 19:16:41
    ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 19:16:44
    ANTIVIR2.VDF : 7.0.2.49 1339904 Bytes 25/01/2008 19:16:44
    ANTIVIR3.VDF : 7.0.2.90 296448 Bytes 4/02/2008 19:16:44
    AVEWIN32.DLL : 7.6.0.62 3240448 Bytes 4/02/2008 19:16:55
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
    AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
    AVPACK32.DLL : 7.6.0.3 360488 Bytes 4/02/2008 19:16:56
    AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
    AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
    NETNT.DLL : 7.0.0.0 7720 Bytes 8/03/2007 11:09:42
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 7/08/2007 12:38:13
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: off
    Scan boot sector.................: on
    Boot sectors.....................: D:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: lundi 4 février 2008 20:21

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
    Scan process 'InCD.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    22 processes with 22 modules were scanned

    Start scanning boot sectors:
    Boot sector 'C:\'
    [NOTE] No virus was found!
    Boot sector 'D:\'
    [NOTE] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '23' files ).

    Starting the file scan:

    Begin scan in 'C:\'
    C:\hiberfil.sys
    [WARNING] The file could not be opened!
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchSmallM1.zip
    [DETECTION] Contains suspicious code GEN/PwdZIP
    [INFO] The file was moved to '481666c4.qua'!
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ElitumEliteBar.zip
    [DETECTION] Contains suspicious code GEN/PwdZIP
    [INFO] The file was moved to '481066cb.qua'!
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ElitumElitebarPokapoka1.zip
    [DETECTION] Contains suspicious code GEN/PwdZIP
    [INFO] The file was moved to '481066d0.qua'!
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ElitumElitebarPokapoka4.zip
    [DETECTION] Contains suspicious code GEN/PwdZIP
    [INFO] The file was moved to '481066d3.qua'!
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant4.zip
    [DETECTION] Contains suspicious code GEN/PwdZIP
    [INFO] The file was moved to '481366e0.qua'!
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsAdToolsSolutions2.zip
    [DETECTION] Contains suspicious code GEN/PwdZIP
    [INFO] The file was moved to '481566da.qua'!
    C:\Program Files\nero551042\keygenerator.exe
    [DETECTION] Is the Trojan horse TR/PSW.Delf.ZJ
    [INFO] The file was moved to '482068b5.qua'!
    C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064688.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Small.QD
    [INFO] The file was moved to '47d7690a.qua'!
    C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064689.exe
    [DETECTION] Contains detection pattern of the dropper DR/180Solutions
    [INFO] The file was moved to '47d7690b.qua'!
    C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064691.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Agent.IS
    [INFO] The file was moved to '47d7690c.qua'!
    C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064692.exe
    [DETECTION] Contains detection pattern of the dial-up program DIAL/Generic
    [INFO] The file was moved to '46bf6ed5.qua'!
    C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064693.exe
    [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
    [INFO] The file was moved to '47d7690e.qua'!
    C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064694.exe
    [DETECTION] Contains detection pattern of the worm WORM/SdBot.169472
    [INFO] The file was moved to '47d7690d.qua'!
    C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064695.exe
    [DETECTION] Contains detection pattern of the worm WORM/SdBot.169472
    [INFO] The file was moved to '46bf6ed6.qua'!
    C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064696.exe
    [DETECTION] Contains detection pattern of the worm WORM/SdBot.169472
    [INFO] The file was moved to '46bf6ed7.qua'!
    C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064697.exe
    [DETECTION] Contains detection pattern of the worm WORM/Korgo.R
    [INFO] The file was moved to '47d76900.qua'!
    C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064698.exe
    [DETECTION] Contains detection pattern of the worm WORM/Korgo.R
    [INFO] The file was moved to '47d7690f.qua'!
    C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064699.exe
    [DETECTION] Is the Trojan horse TR/Proxy.Bobax.C
    [INFO] The file was moved to '46bf6ec8.qua'!
    C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064700.exe
    [DETECTION] Is the Trojan horse TR/StartPage.NK
    [INFO] The file was moved to '47d76910.qua'!
    C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064701.exe
    [DETECTION] Is the Trojan horse TR/StartPage.NK
    [INFO] The file was moved to '46bf6ec9.qua'!
    C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064702.exe
    [DETECTION] Is the Trojan horse TR/StartPage.NK.5
    [INFO] The file was moved to '47d76912.qua'!
    C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064703.exe
    [DETECTION] Is the Trojan horse TR/StartPage.NK
    [INFO] The file was moved to '47d76911.qua'!
    C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064704.exe
    [DETECTION] Is the Trojan horse TR/StartPage.NK
    [INFO] The file was moved to '46bf6eca.qua'!
    C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064705.exe
    [DETECTION] Is the Trojan horse TR/StartPage.NK
    [INFO] The file was moved to '47d76913.qua'!
    C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064706.exe
    [DETECTION] Is the Trojan horse TR/StartPage.NK.5
    [INFO] The file was moved to '46bf6ecb.qua'!
    C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064707.exe
    [DETECTION] Is the Trojan horse TR/StartPage.NK
    [INFO] The file was moved to '47d76914.qua'!
    C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064708.exe
    [DETECTION] Is the Trojan horse TR/StartPage.NK.5
    [INFO] The file was moved to '46bf6ecd.qua'!
    C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064709.exe
    [DETECTION] Is the Trojan horse TR/StartPage.NK
    [INFO] The file was moved to '46bf6ecc.qua'!
    C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064710.exe
    [DETECTION] Is the Trojan horse TR/StartPage.NK
    [INFO] The file was moved to '47d76915.qua'!
    C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064711.exe
    [DETECTION] Is the Trojan horse TR/StartPage.NK
    [INFO] The file was moved to '46bf6ece.qua'!
    C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064712.exe
    [DETECTION] Is the Trojan horse TR/StartPage.NK.5
    [INFO] The file was moved to '47d76916.qua'!
    C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064713.exe
    [DETECTION] Is the Trojan horse TR/StartPage.NK
    [INFO] The file was moved to '46bf6ecf.qua'!
    C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064714.exe
    [DETECTION] Is the Trojan horse TR/StartPage.NK
    [INFO] The file was moved to '47d76908.qua'!
    C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064715.exe
    [DETECTION] Is the Trojan horse TR/StartPage.NK
    [INFO] The file was moved to '47d76917.qua'!
    C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064716.exe
    [DETECTION] Is the Trojan horse TR/StartPage.NK
    [INFO] The file was moved to '46bf6ec0.qua'!
    C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064717.exe
    [DETECTION] Contains detection pattern of the worm WORM/Rbot.BU
    [INFO] The file was moved to '47d76919.qua'!
    C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064718.exe
    [DETECTION] Contains detection pattern of the worm WORM/Rbot.AAM
    [INFO] The file was moved to '46bf6ed1.qua'!
    C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064719.exe
    [DETECTION] Contains detection pattern of the worm WORM/AgoBot.69120
    [INFO] The file was moved to '46bf6ed3.qua'!
    C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064720.exe
    [DETECTION] Contains detection pattern of the worm WORM/SdBot.JT
    [INFO] The file was moved to '46bf6ec2.qua'!
    C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064721.exe
    [DETECTION] Contains detection pattern of the worm WORM/Rbot.92672
    [INFO] The file was moved to '47d7691b.qua'!
    C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064722.exe
    [DETECTION] Contains detection pattern of the worm WORM/Plexus.A
    [INFO] The file was moved to '47d76918.qua'!
    C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064723.exe
    [DETECTION] Contains detection pattern of the worm WORM/SdBot.153088
    [INFO] The file was moved to '46bf6ec1.qua'!
    C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064724.exe
    [DETECTION] Contains detection pattern of the worm WORM/Rbot.BE
    [INFO] The file was moved to '46bf6ec4.qua'!
    C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064725.exe
    [DETECTION] Is the Trojan horse TR/StartPage.NK.3
    [INFO] The file was moved to '47d7691d.qua'!
    C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064726.exe
    [DETECTION] Is the Trojan horse TR/StartPage.NK.3
    [INFO] The file was moved to '46bf6ec6.qua'!
    C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064727.exe
    [DETECTION] Is the Trojan horse TR/StartPage.NK.3
    [INFO] The file was moved to '47d7691a.qua'!
    C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064728.exe
    [DETECTION] Is the Trojan horse TR/StartPage.NK.3
    [INFO] The file was moved to '46bf6ec3.qua'!
    C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064729.exe
    [DETECTION] Is the Trojan horse TR/StartPage.NK.3
    [INFO] The file was moved to '47d7691f.qua'!
    C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064730.exe
    [DETECTION] Is the Trojan horse TR/StartPage.NK.3
    [INFO] The file was moved to '46bf6ef8.qua'!
    C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064731.exe
    [DETECTION] Contains detection pattern of the worm WORM/SdBot.148656
    [INFO] The file was moved to '47d76921.qua'!
    C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064732.exe
    [DETECTION] Is the Trojan horse TR/StartPage.NK.3
    [INFO] The file was moved to '47d7691c.qua'!
    C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064733.exe
    [DETECTION] Is the Trojan horse TR/StartPage.NK.3
    [INFO] The file was moved to '46bf6ec5.qua'!
    C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064734.exe
    [DETECTION] Is the Trojan horse TR/StartPage.NK.3
    [INFO] The file was moved to '46bf6efa.qua'!
    C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064735.exe
    [DETECTION] Contains detection pattern of the worm WORM/Rbot.JV
    [INFO] The file was moved to '47d76923.qua'!
    C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064736.exe
    [DETECTION] Contains detection pattern of the worm WORM/SdBot.169472
    [INFO] The file was moved to '46bf6efc.qua'!
    C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064737.exe
    [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Webdor.P Backdoor server programs
    [INFO] The file was moved to '47d7691e.qua'!
    C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064738.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Small.QD
    [INFO] The file was moved to '46bf6ec7.qua'!
    C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064739.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Small.QD
    [INFO] The file was moved to '47d76925.qua'!
    C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0065638.dll
    [DETECTION] Is the Trojan horse TR/EliteBar.H.2
    [INFO] The file was moved to '46bf6efe.qua'!
    C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0065646.exe
    [DETECTION] Is the Trojan horse TR/EliteBar.H.1
    [INFO] The file was moved to '47d76920.qua'!
    C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0065755.exe
    [DETECTION] Contains detection pattern of the dial-up program DIAL/57896.A
    [INFO] The file was moved to '47d7692b.qua'!
    C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0065756.exe
    [DETECTION] Contains detection pattern of the dial-up program DIAL/57896.A
    [INFO] The file was moved to '46bf6ef4.qua'!
    C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0065769.dll
    [DETECTION] Is the Trojan horse TR/EliteBar.H.2
    [INFO] The file was moved to '47d7692d.qua'!
    C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0065774.exe
    [DETECTION] Is the Trojan horse TR/EliteBar.H.1
    [INFO] The file was moved to '46bf6ef6.qua'!
    C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0065775.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Agent.GD.1
    [INFO] The file was moved to '47d7692f.qua'!
    C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP124\A0065875.exe
    [DETECTION] Contains detection pattern of the dial-up program DIAL/79728.A
    [INFO] The file was moved to '47d7693f.qua'!
    C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP124\A0065876.exe
    [DETECTION] Contains detection pattern of the dial-up program DIAL/56696.A
    [INFO] The file was moved to '47d76940.qua'!
    C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP124\A0065877.exe
    [DETECTION] Contains detection pattern of the dial-up program DIAL/Generic
    [INFO] The file was moved to '46bf6e99.qua'!
    C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP124\A0065879.exe
    [DETECTION] Contains detection pattern of the dial-up program DIAL/Generic
    [INFO] The file was moved to '47d76941.qua'!
    C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP124\A0065881.exe
    [DETECTION] Contains detection pattern of the dial-up program DIAL/78520.A
    [INFO] The file was moved to '47d76942.qua'!
    C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP124\A0065882.exe
    [DETECTION] Contains detection pattern of the dial-up program DIAL/57896.A
    [INFO] The file was moved to '47d76943.qua'!
    C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP124\A0065883.exe
    [DETECTION] Contains detection pattern of the dial-up program DIAL/57896.A
    [INFO] The file was moved to '46bf6e9c.qua'!
    C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP124\A0065884.exe
    [DETECTION] Contains detection pattern of the dial-up program DIAL/57896.A
    [INFO] The file was moved to '47d76944.qua'!
    C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP124\A0065885.exe
    [DETECTION] Contains detection pattern of the dial-up program DIAL/57896.A
    [INFO] The file was moved to '46bf6e9d.qua'!
    C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP124\A0065886.exe
    [DETECTION] Contains detection pattern of the dial-up program DIAL/57896.A
    [INFO] The file was moved to '47d76946.qua'!
    C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP124\A0065887.exe
    [DETECTION] Contains detection pattern of the dial-up program DIAL/57896.A
    [INFO] The file was moved to '47d76945.qua'!
    C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP124\A0065888.exe
    [DETECTION] Contains detection pattern of the dial-up program DIAL/57896.A
    [INFO] The file was moved to '46bf6e9e.qua'!
    C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP124\A0065889.exe
    [DETECTION] Contains detection pattern of the dial-up program DIAL/57896.A
    [INFO] The file was moved to '46bf6e9f.qua'!
    C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP124\A0065890.exe
    [DETECTION] Contains detection pattern of the dial-up program DIAL/57896.A
    [INFO] The file was moved to '47d76978.qua'!
    C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP124\A0065891.exe
    [DETECTION] Contains detection pattern of the dial-up program DIAL/57896.A
    [INFO] The file was moved to '46bf6ea1.qua'!
    C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP124\A0065892.exe
    [DETECTION] Contains detection pattern of the dial-up program DIAL/57896.A
    [INFO] The file was moved to '47d76947.qua'!
    C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP124\A0065893.exe
    [DETECTION] Contains detection pattern of the dial-up program DIAL/57896.A
    [INFO] The file was moved to '46bf6e90.qua'!
    C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP124\A0065894.exe
    [DETECTION] Contains detection pattern of the dial-up program DIAL/57896.A
    [INFO] The file was moved to '47d76949.qua'!
    C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP124\A0065895.exe
    [DETECTION] Contains detection pattern of the dial-up program DIAL/57896.A
    [INFO] The file was moved to '47d76948.qua'!
    C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP124\A0065896.exe
    [DETECTION] Contains detection pattern of the dial-up program DIAL/000228
    [INFO] The file was moved to '46bf6e91.qua'!
    C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP124\A0065897.exe
    [DETECTION] Contains detection pattern of the dial-up program DIAL/57896.A
    [INFO] The file was moved to '46bf6e92.qua'!
    C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP135\A0070166.exe
    [DETECTION] Contains detection pattern of the worm WORM/SdBot.105472.4
    [INFO] The file was moved to '47d76a3c.qua'!
    C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP135\A0070167.exe
    [DETECTION] Contains detection pattern of the worm WORM/Rbot.210944
    [INFO] The file was moved to '47d76a3d.qua'!
    C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP142\A0070773.exe
    [DETECTION] Is the Trojan horse TR/PSW.Delf.ZJ
    [INFO] The file was moved to '47d76a72.qua'!
    C:\temp\SearchRelevancy.exe
    [DETECTION] Contains detection pattern of the dropper DR/Relevance.A
    [INFO] The file was moved to '48086aaa.qua'!
    Begin scan in 'D:\' <SYSTEM_SAV>

    End of the scan: lundi 4 février 2008 21:26
    Used time: 1:05:32 min

    The scan has been done completely.

    2171 Scanning directories
    147698 Files were scanned
    84 viruses and/or unwanted programs were found
    6 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    90 files were moved to quarantine
    0 files were renamed
    2 Files cannot be scanned
    147614 Files not concerned
    6502 Archives were scanned
    2 Warnings
    0 Notes

    au revoir bey
    0
    1. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
       
      Salut

      d'où vient ce log ? de ton ordi ?

      post 2

      erreur 2
      0
      1. adelgdaim > Lyonnais92 Messages postés 25708 Statut Contributeur sécurité
         
        lol
        la on dirait que t'as rien lu de cette discussion
        0
  9. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Bonsoir,

    Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
    http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
    Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
    • Redémarre ton ordinateur
    • Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
    • A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
    • Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
    • Choisis ton compte.
    Déroule la liste des instructions ci-dessous :
    • Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.cmd pour lancer le scrïpt.
    • Appuie sur Y pour commencer le processus de nettoyage.
    • Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
    • Appuie sur une touche pour redémarrer le PC.
    • Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
    • Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
    • Appuie sur une touche pour finir l'exécution du scrïpt et charger les icônes de ton Bureau.
    • Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
    • Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !
    0
  10. maria76
     
    slt !! dsl mais je n'ai pas pu repondre plus tot /

    alor apres le avoir lancer le processus de nettoyage en cliquant sur runthis.cmd j'ai plusieur dossier :
    apps
    backupreg
    backups
    attrib
    find
    findstr
    regedit
    testned0
    testnotif
    testnotif1
    testnotif3
    mais pas de dossier report.terxt.
    kan a hijackthis il plante avant que j'ai pu enregistrer le log
    0