A voir également:
- Trojan horse quoi faire
- Trojan remover - Télécharger - Antivirus & Antimalwares
- Anti trojan - Télécharger - Antivirus & Antimalwares
- Trojan b901 system32 win config 34 ✓ - Forum Virus
- Csrss.exe trojan fr ✓ - Forum Virus
- Virus trojan al11 ✓ - Forum Virus
10 réponses
re
desinstalle norton et installe antivr--> https://com.com
voice le tutorial-----> https://www.malekal.com/avira-free-security-antivirus-gratuit/
- Après l'installation, mets le à jour - si ton firewall fait une alerte.. accepte la connexion.
- Assure toi qu'Antivir est bien à jour, vérifie la date d'update.
-- Redémarre en mode sans échec, pour cela, redémarre l'ordinateur, avant le logo Windows, tapote sur la touche F8, un menu va apparaître, choisis Mode sans échec et appuye sur la touche entrée du clavier.
- Ouvre Antivir par le menu Démarrer / Programmes
- Cliquez sur l'onglet Scanner.
- Sélectionne Manual Selection
- Sélectionne le disque C
- Lance le scan - Mets en quarantaine tous les éléments détectés.
- Une fois le scan terminé Enregistre le rapport.
Redémarre en mode normal.
Poste le rapport ici.
à plus.
desinstalle norton et installe antivr--> https://com.com
voice le tutorial-----> https://www.malekal.com/avira-free-security-antivirus-gratuit/
- Après l'installation, mets le à jour - si ton firewall fait une alerte.. accepte la connexion.
- Assure toi qu'Antivir est bien à jour, vérifie la date d'update.
-- Redémarre en mode sans échec, pour cela, redémarre l'ordinateur, avant le logo Windows, tapote sur la touche F8, un menu va apparaître, choisis Mode sans échec et appuye sur la touche entrée du clavier.
- Ouvre Antivir par le menu Démarrer / Programmes
- Cliquez sur l'onglet Scanner.
- Sélectionne Manual Selection
- Sélectionne le disque C
- Lance le scan - Mets en quarantaine tous les éléments détectés.
- Une fois le scan terminé Enregistre le rapport.
Redémarre en mode normal.
Poste le rapport ici.
à plus.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
voivi le scan du pc
Réglages Scan:
Objets: Mémoire, Traces, Cookies, C:\
Scan archives: Marche
Heuristiques: Marche
Scan ADS: Marche
Début du scan: 04/02/2008 19:09:07
C:\Documents and Settings\Administrateur\Cookies\administrateur@adserver.aol[1].txt Détecter: Trace.TrackingCookie
C:\Documents and Settings\Administrateur\Cookies\administrateur@commentcamarche[2].txt Détecter: Trace.TrackingCookie
C:\Documents and Settings\Administrateur\Cookies\administrateur@incredimail[1].txt Détecter: Trace.TrackingCookie
C:\Documents and Settings\Administrateur\Cookies\administrateur@linkup-coaching[1].txt Détecter: Trace.TrackingCookie
C:\Documents and Settings\Administrateur\Cookies\administrateur@mediaservices.myspace[1].txt Détecter: Trace.TrackingCookie
C:\Documents and Settings\Administrateur\Cookies\administrateur@tripod[1].txt Détecter: Trace.TrackingCookie
C:\Documents and Settings\Administrateur\Cookies\administrateur@weborama[1].txt Détecter: Trace.TrackingCookie
C:\Program Files\TextoWeb_F6\sfr_toolbar_f6.dll Détecter: Adware.SideSearch.g
C:\Program Files\TextoWeb_F6\tbu05949\sfr_toolbar_f6.dll Détecter: Adware.SideSearch.g
Scanné
Fichiers: 148790
Traces: 367309
Cookies: 310
Processus: 59
Trouver
Fichiers: 2
Traces: 0
Cookies: 7
Processus: 0
Clés de Registre: 0
Fin du Scan: 04/02/2008 20:38:08
Réglages Scan:
Objets: Mémoire, Traces, Cookies, C:\
Scan archives: Marche
Heuristiques: Marche
Scan ADS: Marche
Début du scan: 04/02/2008 19:09:07
C:\Documents and Settings\Administrateur\Cookies\administrateur@adserver.aol[1].txt Détecter: Trace.TrackingCookie
C:\Documents and Settings\Administrateur\Cookies\administrateur@commentcamarche[2].txt Détecter: Trace.TrackingCookie
C:\Documents and Settings\Administrateur\Cookies\administrateur@incredimail[1].txt Détecter: Trace.TrackingCookie
C:\Documents and Settings\Administrateur\Cookies\administrateur@linkup-coaching[1].txt Détecter: Trace.TrackingCookie
C:\Documents and Settings\Administrateur\Cookies\administrateur@mediaservices.myspace[1].txt Détecter: Trace.TrackingCookie
C:\Documents and Settings\Administrateur\Cookies\administrateur@tripod[1].txt Détecter: Trace.TrackingCookie
C:\Documents and Settings\Administrateur\Cookies\administrateur@weborama[1].txt Détecter: Trace.TrackingCookie
C:\Program Files\TextoWeb_F6\sfr_toolbar_f6.dll Détecter: Adware.SideSearch.g
C:\Program Files\TextoWeb_F6\tbu05949\sfr_toolbar_f6.dll Détecter: Adware.SideSearch.g
Scanné
Fichiers: 148790
Traces: 367309
Cookies: 310
Processus: 59
Trouver
Fichiers: 2
Traces: 0
Cookies: 7
Processus: 0
Clés de Registre: 0
Fin du Scan: 04/02/2008 20:38:08
Fichiers: 148790
Traces: 367309
Cookies: 310
Processus: 59
Trouver
Fichiers: 2
Traces: 0
Cookies: 7
Processus: 0
Clés de Registre: 0
je croix que l'antivirus a fait son travai
telecharge hijacthis ici ------> http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe
tu l'installe sur le disque C:\ directement la dessus
fais un scan puis poste le log sur ta prochaine reponse pour etre sur
a+
Traces: 367309
Cookies: 310
Processus: 59
Trouver
Fichiers: 2
Traces: 0
Cookies: 7
Processus: 0
Clés de Registre: 0
je croix que l'antivirus a fait son travai
telecharge hijacthis ici ------> http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe
tu l'installe sur le disque C:\ directement la dessus
fais un scan puis poste le log sur ta prochaine reponse pour etre sur
a+
nouvo scan effectuer voila ce que ca donne
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:58:27, on 04/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\sstray.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Micro Application\TrueImage\TrueImageMonitor.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\WlanCU.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\WINDOWS\system32\dllcache\winmga.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\SiSWLSvc.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\a-squared Anti-Malware\a2guard.exe
C:\Program Files\a-squared Anti-Malware\a2scan.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=D4322FEE7CF74A348CB9CE970F098EF5
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - Software - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: XBTB05715 Class - {BFEDE0E4-93B8-4e48-918B-0026C10AA7E4} - C:\PROGRA~1\TEXTOW~1\tbu05949\SFR_TO~1.DLL
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O3 - Toolbar: TextoWeb_F6 - {B574D419-5BDA-454F-B2E5-49C74EEAAF6D} - C:\Program Files\TextoWeb_F6\tbu05949\sfr_toolbar_f6.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Micro Application\TrueImage\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [Acronis Schedule] C:\Program Files\Fichiers communs\Acronis\Schedule\schedule.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60
O4 - HKLM\..\RunOnce: [getPlusUninstall_ocx] rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Configuration de la C-BOX] C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Wireless Configuration Utility HW.32.lnk = ?
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Microsoft Genuine Advantage - Unknown owner - C:\WINDOWS\system32\dllcache\winmga.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SiS WirelessLan Service (SiSWLSvc) - Unknown owner - C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\SiSWLSvc.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O24 - Desktop Component 0: (no name) - http://storage.canalblog.com/70/20/87333/9364467_p.jpg
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:58:27, on 04/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\sstray.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Micro Application\TrueImage\TrueImageMonitor.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\WlanCU.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\WINDOWS\system32\dllcache\winmga.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\SiSWLSvc.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\a-squared Anti-Malware\a2guard.exe
C:\Program Files\a-squared Anti-Malware\a2scan.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=D4322FEE7CF74A348CB9CE970F098EF5
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - Software - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: XBTB05715 Class - {BFEDE0E4-93B8-4e48-918B-0026C10AA7E4} - C:\PROGRA~1\TEXTOW~1\tbu05949\SFR_TO~1.DLL
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O3 - Toolbar: TextoWeb_F6 - {B574D419-5BDA-454F-B2E5-49C74EEAAF6D} - C:\Program Files\TextoWeb_F6\tbu05949\sfr_toolbar_f6.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Micro Application\TrueImage\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [Acronis Schedule] C:\Program Files\Fichiers communs\Acronis\Schedule\schedule.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60
O4 - HKLM\..\RunOnce: [getPlusUninstall_ocx] rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Configuration de la C-BOX] C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Wireless Configuration Utility HW.32.lnk = ?
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Microsoft Genuine Advantage - Unknown owner - C:\WINDOWS\system32\dllcache\winmga.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SiS WirelessLan Service (SiSWLSvc) - Unknown owner - C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\SiSWLSvc.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O24 - Desktop Component 0: (no name) - http://storage.canalblog.com/70/20/87333/9364467_p.jpg
MARIE ou marie76
Désolé mais y a un probleme.
et je ne peux pas suivre avec vous.
ceci ressemble à un rapport antivir alors que sur votre log HJTHS antivir n'existe pas
AntiVir PersonalEdition Classic
Report file date: lundi 4 février 2008 20:21
Scanning for 1092160 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: HABIB
Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 19:16:41
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 19:16:44
ANTIVIR2.VDF : 7.0.2.49 1339904 Bytes 25/01/2008 19:16:44
ANTIVIR3.VDF : 7.0.2.90 296448 Bytes 4/02/2008 19:16:44
AVEWIN32.DLL : 7.6.0.62 3240448 Bytes 4/02/2008 19:16:55
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 4/02/2008 19:16:56
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 8/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 7/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: lundi 4 février 2008 20:21
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'InCD.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
22 processes with 22 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '23' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchSmallM1.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '481666c4.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ElitumEliteBar.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '481066cb.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ElitumElitebarPokapoka1.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '481066d0.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ElitumElitebarPokapoka4.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '481066d3.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant4.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '481366e0.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsAdToolsSolutions2.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '481566da.qua'!
C:\Program Files\nero551042\keygenerator.exe
[DETECTION] Is the Trojan horse TR/PSW.Delf.ZJ
[INFO] The file was moved to '482068b5.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064688.exe
[DETECTION] Is the Trojan horse TR/Dldr.Small.QD
[INFO] The file was moved to '47d7690a.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064689.exe
[DETECTION] Contains detection pattern of the dropper DR/180Solutions
[INFO] The file was moved to '47d7690b.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064691.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.IS
[INFO] The file was moved to '47d7690c.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064692.exe
[DETECTION] Contains detection pattern of the dial-up program DIAL/Generic
[INFO] The file was moved to '46bf6ed5.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064693.exe
[DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
[INFO] The file was moved to '47d7690e.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064694.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.169472
[INFO] The file was moved to '47d7690d.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064695.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.169472
[INFO] The file was moved to '46bf6ed6.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064696.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.169472
[INFO] The file was moved to '46bf6ed7.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064697.exe
[DETECTION] Contains detection pattern of the worm WORM/Korgo.R
[INFO] The file was moved to '47d76900.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064698.exe
[DETECTION] Contains detection pattern of the worm WORM/Korgo.R
[INFO] The file was moved to '47d7690f.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064699.exe
[DETECTION] Is the Trojan horse TR/Proxy.Bobax.C
[INFO] The file was moved to '46bf6ec8.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064700.exe
[DETECTION] Is the Trojan horse TR/StartPage.NK
[INFO] The file was moved to '47d76910.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064701.exe
[DETECTION] Is the Trojan horse TR/StartPage.NK
[INFO] The file was moved to '46bf6ec9.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064702.exe
[DETECTION] Is the Trojan horse TR/StartPage.NK.5
[INFO] The file was moved to '47d76912.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064703.exe
[DETECTION] Is the Trojan horse TR/StartPage.NK
[INFO] The file was moved to '47d76911.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064704.exe
[DETECTION] Is the Trojan horse TR/StartPage.NK
[INFO] The file was moved to '46bf6eca.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064705.exe
[DETECTION] Is the Trojan horse TR/StartPage.NK
[INFO] The file was moved to '47d76913.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064706.exe
[DETECTION] Is the Trojan horse TR/StartPage.NK.5
[INFO] The file was moved to '46bf6ecb.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064707.exe
[DETECTION] Is the Trojan horse TR/StartPage.NK
[INFO] The file was moved to '47d76914.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064708.exe
[DETECTION] Is the Trojan horse TR/StartPage.NK.5
[INFO] The file was moved to '46bf6ecd.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064709.exe
[DETECTION] Is the Trojan horse TR/StartPage.NK
[INFO] The file was moved to '46bf6ecc.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064710.exe
[DETECTION] Is the Trojan horse TR/StartPage.NK
[INFO] The file was moved to '47d76915.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064711.exe
[DETECTION] Is the Trojan horse TR/StartPage.NK
[INFO] The file was moved to '46bf6ece.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064712.exe
[DETECTION] Is the Trojan horse TR/StartPage.NK.5
[INFO] The file was moved to '47d76916.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064713.exe
[DETECTION] Is the Trojan horse TR/StartPage.NK
[INFO] The file was moved to '46bf6ecf.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064714.exe
[DETECTION] Is the Trojan horse TR/StartPage.NK
[INFO] The file was moved to '47d76908.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064715.exe
[DETECTION] Is the Trojan horse TR/StartPage.NK
[INFO] The file was moved to '47d76917.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064716.exe
[DETECTION] Is the Trojan horse TR/StartPage.NK
[INFO] The file was moved to '46bf6ec0.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064717.exe
[DETECTION] Contains detection pattern of the worm WORM/Rbot.BU
[INFO] The file was moved to '47d76919.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064718.exe
[DETECTION] Contains detection pattern of the worm WORM/Rbot.AAM
[INFO] The file was moved to '46bf6ed1.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064719.exe
[DETECTION] Contains detection pattern of the worm WORM/AgoBot.69120
[INFO] The file was moved to '46bf6ed3.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064720.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.JT
[INFO] The file was moved to '46bf6ec2.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064721.exe
[DETECTION] Contains detection pattern of the worm WORM/Rbot.92672
[INFO] The file was moved to '47d7691b.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064722.exe
[DETECTION] Contains detection pattern of the worm WORM/Plexus.A
[INFO] The file was moved to '47d76918.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064723.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.153088
[INFO] The file was moved to '46bf6ec1.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064724.exe
[DETECTION] Contains detection pattern of the worm WORM/Rbot.BE
[INFO] The file was moved to '46bf6ec4.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064725.exe
[DETECTION] Is the Trojan horse TR/StartPage.NK.3
[INFO] The file was moved to '47d7691d.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064726.exe
[DETECTION] Is the Trojan horse TR/StartPage.NK.3
[INFO] The file was moved to '46bf6ec6.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064727.exe
[DETECTION] Is the Trojan horse TR/StartPage.NK.3
[INFO] The file was moved to '47d7691a.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064728.exe
[DETECTION] Is the Trojan horse TR/StartPage.NK.3
[INFO] The file was moved to '46bf6ec3.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064729.exe
[DETECTION] Is the Trojan horse TR/StartPage.NK.3
[INFO] The file was moved to '47d7691f.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064730.exe
[DETECTION] Is the Trojan horse TR/StartPage.NK.3
[INFO] The file was moved to '46bf6ef8.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064731.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.148656
[INFO] The file was moved to '47d76921.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064732.exe
[DETECTION] Is the Trojan horse TR/StartPage.NK.3
[INFO] The file was moved to '47d7691c.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064733.exe
[DETECTION] Is the Trojan horse TR/StartPage.NK.3
[INFO] The file was moved to '46bf6ec5.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064734.exe
[DETECTION] Is the Trojan horse TR/StartPage.NK.3
[INFO] The file was moved to '46bf6efa.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064735.exe
[DETECTION] Contains detection pattern of the worm WORM/Rbot.JV
[INFO] The file was moved to '47d76923.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064736.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.169472
[INFO] The file was moved to '46bf6efc.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064737.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Webdor.P Backdoor server programs
[INFO] The file was moved to '47d7691e.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064738.exe
[DETECTION] Is the Trojan horse TR/Dldr.Small.QD
[INFO] The file was moved to '46bf6ec7.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064739.exe
[DETECTION] Is the Trojan horse TR/Dldr.Small.QD
[INFO] The file was moved to '47d76925.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0065638.dll
[DETECTION] Is the Trojan horse TR/EliteBar.H.2
[INFO] The file was moved to '46bf6efe.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0065646.exe
[DETECTION] Is the Trojan horse TR/EliteBar.H.1
[INFO] The file was moved to '47d76920.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0065755.exe
[DETECTION] Contains detection pattern of the dial-up program DIAL/57896.A
[INFO] The file was moved to '47d7692b.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0065756.exe
[DETECTION] Contains detection pattern of the dial-up program DIAL/57896.A
[INFO] The file was moved to '46bf6ef4.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0065769.dll
[DETECTION] Is the Trojan horse TR/EliteBar.H.2
[INFO] The file was moved to '47d7692d.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0065774.exe
[DETECTION] Is the Trojan horse TR/EliteBar.H.1
[INFO] The file was moved to '46bf6ef6.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0065775.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.GD.1
[INFO] The file was moved to '47d7692f.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP124\A0065875.exe
[DETECTION] Contains detection pattern of the dial-up program DIAL/79728.A
[INFO] The file was moved to '47d7693f.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP124\A0065876.exe
[DETECTION] Contains detection pattern of the dial-up program DIAL/56696.A
[INFO] The file was moved to '47d76940.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP124\A0065877.exe
[DETECTION] Contains detection pattern of the dial-up program DIAL/Generic
[INFO] The file was moved to '46bf6e99.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP124\A0065879.exe
[DETECTION] Contains detection pattern of the dial-up program DIAL/Generic
[INFO] The file was moved to '47d76941.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP124\A0065881.exe
[DETECTION] Contains detection pattern of the dial-up program DIAL/78520.A
[INFO] The file was moved to '47d76942.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP124\A0065882.exe
[DETECTION] Contains detection pattern of the dial-up program DIAL/57896.A
[INFO] The file was moved to '47d76943.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP124\A0065883.exe
[DETECTION] Contains detection pattern of the dial-up program DIAL/57896.A
[INFO] The file was moved to '46bf6e9c.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP124\A0065884.exe
[DETECTION] Contains detection pattern of the dial-up program DIAL/57896.A
[INFO] The file was moved to '47d76944.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP124\A0065885.exe
[DETECTION] Contains detection pattern of the dial-up program DIAL/57896.A
[INFO] The file was moved to '46bf6e9d.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP124\A0065886.exe
[DETECTION] Contains detection pattern of the dial-up program DIAL/57896.A
[INFO] The file was moved to '47d76946.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP124\A0065887.exe
[DETECTION] Contains detection pattern of the dial-up program DIAL/57896.A
[INFO] The file was moved to '47d76945.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP124\A0065888.exe
[DETECTION] Contains detection pattern of the dial-up program DIAL/57896.A
[INFO] The file was moved to '46bf6e9e.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP124\A0065889.exe
[DETECTION] Contains detection pattern of the dial-up program DIAL/57896.A
[INFO] The file was moved to '46bf6e9f.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP124\A0065890.exe
[DETECTION] Contains detection pattern of the dial-up program DIAL/57896.A
[INFO] The file was moved to '47d76978.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP124\A0065891.exe
[DETECTION] Contains detection pattern of the dial-up program DIAL/57896.A
[INFO] The file was moved to '46bf6ea1.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP124\A0065892.exe
[DETECTION] Contains detection pattern of the dial-up program DIAL/57896.A
[INFO] The file was moved to '47d76947.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP124\A0065893.exe
[DETECTION] Contains detection pattern of the dial-up program DIAL/57896.A
[INFO] The file was moved to '46bf6e90.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP124\A0065894.exe
[DETECTION] Contains detection pattern of the dial-up program DIAL/57896.A
[INFO] The file was moved to '47d76949.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP124\A0065895.exe
[DETECTION] Contains detection pattern of the dial-up program DIAL/57896.A
[INFO] The file was moved to '47d76948.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP124\A0065896.exe
[DETECTION] Contains detection pattern of the dial-up program DIAL/000228
[INFO] The file was moved to '46bf6e91.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP124\A0065897.exe
[DETECTION] Contains detection pattern of the dial-up program DIAL/57896.A
[INFO] The file was moved to '46bf6e92.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP135\A0070166.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.105472.4
[INFO] The file was moved to '47d76a3c.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP135\A0070167.exe
[DETECTION] Contains detection pattern of the worm WORM/Rbot.210944
[INFO] The file was moved to '47d76a3d.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP142\A0070773.exe
[DETECTION] Is the Trojan horse TR/PSW.Delf.ZJ
[INFO] The file was moved to '47d76a72.qua'!
C:\temp\SearchRelevancy.exe
[DETECTION] Contains detection pattern of the dropper DR/Relevance.A
[INFO] The file was moved to '48086aaa.qua'!
Begin scan in 'D:\' <SYSTEM_SAV>
End of the scan: lundi 4 février 2008 21:26
Used time: 1:05:32 min
The scan has been done completely.
2171 Scanning directories
147698 Files were scanned
84 viruses and/or unwanted programs were found
6 Files were classified as suspicious:
0 files were deleted
0 files were repaired
90 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
147614 Files not concerned
6502 Archives were scanned
2 Warnings
0 Notes
au revoir bey
Désolé mais y a un probleme.
et je ne peux pas suivre avec vous.
ceci ressemble à un rapport antivir alors que sur votre log HJTHS antivir n'existe pas
AntiVir PersonalEdition Classic
Report file date: lundi 4 février 2008 20:21
Scanning for 1092160 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: HABIB
Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 19:16:41
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 19:16:44
ANTIVIR2.VDF : 7.0.2.49 1339904 Bytes 25/01/2008 19:16:44
ANTIVIR3.VDF : 7.0.2.90 296448 Bytes 4/02/2008 19:16:44
AVEWIN32.DLL : 7.6.0.62 3240448 Bytes 4/02/2008 19:16:55
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 4/02/2008 19:16:56
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 8/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 7/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: lundi 4 février 2008 20:21
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'InCD.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
22 processes with 22 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '23' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchSmallM1.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '481666c4.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ElitumEliteBar.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '481066cb.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ElitumElitebarPokapoka1.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '481066d0.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ElitumElitebarPokapoka4.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '481066d3.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant4.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '481366e0.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsAdToolsSolutions2.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '481566da.qua'!
C:\Program Files\nero551042\keygenerator.exe
[DETECTION] Is the Trojan horse TR/PSW.Delf.ZJ
[INFO] The file was moved to '482068b5.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064688.exe
[DETECTION] Is the Trojan horse TR/Dldr.Small.QD
[INFO] The file was moved to '47d7690a.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064689.exe
[DETECTION] Contains detection pattern of the dropper DR/180Solutions
[INFO] The file was moved to '47d7690b.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064691.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.IS
[INFO] The file was moved to '47d7690c.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064692.exe
[DETECTION] Contains detection pattern of the dial-up program DIAL/Generic
[INFO] The file was moved to '46bf6ed5.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064693.exe
[DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
[INFO] The file was moved to '47d7690e.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064694.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.169472
[INFO] The file was moved to '47d7690d.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064695.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.169472
[INFO] The file was moved to '46bf6ed6.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064696.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.169472
[INFO] The file was moved to '46bf6ed7.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064697.exe
[DETECTION] Contains detection pattern of the worm WORM/Korgo.R
[INFO] The file was moved to '47d76900.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064698.exe
[DETECTION] Contains detection pattern of the worm WORM/Korgo.R
[INFO] The file was moved to '47d7690f.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064699.exe
[DETECTION] Is the Trojan horse TR/Proxy.Bobax.C
[INFO] The file was moved to '46bf6ec8.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064700.exe
[DETECTION] Is the Trojan horse TR/StartPage.NK
[INFO] The file was moved to '47d76910.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064701.exe
[DETECTION] Is the Trojan horse TR/StartPage.NK
[INFO] The file was moved to '46bf6ec9.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064702.exe
[DETECTION] Is the Trojan horse TR/StartPage.NK.5
[INFO] The file was moved to '47d76912.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064703.exe
[DETECTION] Is the Trojan horse TR/StartPage.NK
[INFO] The file was moved to '47d76911.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064704.exe
[DETECTION] Is the Trojan horse TR/StartPage.NK
[INFO] The file was moved to '46bf6eca.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064705.exe
[DETECTION] Is the Trojan horse TR/StartPage.NK
[INFO] The file was moved to '47d76913.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064706.exe
[DETECTION] Is the Trojan horse TR/StartPage.NK.5
[INFO] The file was moved to '46bf6ecb.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064707.exe
[DETECTION] Is the Trojan horse TR/StartPage.NK
[INFO] The file was moved to '47d76914.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064708.exe
[DETECTION] Is the Trojan horse TR/StartPage.NK.5
[INFO] The file was moved to '46bf6ecd.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064709.exe
[DETECTION] Is the Trojan horse TR/StartPage.NK
[INFO] The file was moved to '46bf6ecc.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064710.exe
[DETECTION] Is the Trojan horse TR/StartPage.NK
[INFO] The file was moved to '47d76915.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064711.exe
[DETECTION] Is the Trojan horse TR/StartPage.NK
[INFO] The file was moved to '46bf6ece.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064712.exe
[DETECTION] Is the Trojan horse TR/StartPage.NK.5
[INFO] The file was moved to '47d76916.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064713.exe
[DETECTION] Is the Trojan horse TR/StartPage.NK
[INFO] The file was moved to '46bf6ecf.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064714.exe
[DETECTION] Is the Trojan horse TR/StartPage.NK
[INFO] The file was moved to '47d76908.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064715.exe
[DETECTION] Is the Trojan horse TR/StartPage.NK
[INFO] The file was moved to '47d76917.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064716.exe
[DETECTION] Is the Trojan horse TR/StartPage.NK
[INFO] The file was moved to '46bf6ec0.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064717.exe
[DETECTION] Contains detection pattern of the worm WORM/Rbot.BU
[INFO] The file was moved to '47d76919.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064718.exe
[DETECTION] Contains detection pattern of the worm WORM/Rbot.AAM
[INFO] The file was moved to '46bf6ed1.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064719.exe
[DETECTION] Contains detection pattern of the worm WORM/AgoBot.69120
[INFO] The file was moved to '46bf6ed3.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064720.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.JT
[INFO] The file was moved to '46bf6ec2.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064721.exe
[DETECTION] Contains detection pattern of the worm WORM/Rbot.92672
[INFO] The file was moved to '47d7691b.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064722.exe
[DETECTION] Contains detection pattern of the worm WORM/Plexus.A
[INFO] The file was moved to '47d76918.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064723.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.153088
[INFO] The file was moved to '46bf6ec1.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064724.exe
[DETECTION] Contains detection pattern of the worm WORM/Rbot.BE
[INFO] The file was moved to '46bf6ec4.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064725.exe
[DETECTION] Is the Trojan horse TR/StartPage.NK.3
[INFO] The file was moved to '47d7691d.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064726.exe
[DETECTION] Is the Trojan horse TR/StartPage.NK.3
[INFO] The file was moved to '46bf6ec6.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064727.exe
[DETECTION] Is the Trojan horse TR/StartPage.NK.3
[INFO] The file was moved to '47d7691a.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064728.exe
[DETECTION] Is the Trojan horse TR/StartPage.NK.3
[INFO] The file was moved to '46bf6ec3.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064729.exe
[DETECTION] Is the Trojan horse TR/StartPage.NK.3
[INFO] The file was moved to '47d7691f.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064730.exe
[DETECTION] Is the Trojan horse TR/StartPage.NK.3
[INFO] The file was moved to '46bf6ef8.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064731.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.148656
[INFO] The file was moved to '47d76921.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064732.exe
[DETECTION] Is the Trojan horse TR/StartPage.NK.3
[INFO] The file was moved to '47d7691c.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064733.exe
[DETECTION] Is the Trojan horse TR/StartPage.NK.3
[INFO] The file was moved to '46bf6ec5.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064734.exe
[DETECTION] Is the Trojan horse TR/StartPage.NK.3
[INFO] The file was moved to '46bf6efa.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064735.exe
[DETECTION] Contains detection pattern of the worm WORM/Rbot.JV
[INFO] The file was moved to '47d76923.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064736.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.169472
[INFO] The file was moved to '46bf6efc.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064737.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Webdor.P Backdoor server programs
[INFO] The file was moved to '47d7691e.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064738.exe
[DETECTION] Is the Trojan horse TR/Dldr.Small.QD
[INFO] The file was moved to '46bf6ec7.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0064739.exe
[DETECTION] Is the Trojan horse TR/Dldr.Small.QD
[INFO] The file was moved to '47d76925.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0065638.dll
[DETECTION] Is the Trojan horse TR/EliteBar.H.2
[INFO] The file was moved to '46bf6efe.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0065646.exe
[DETECTION] Is the Trojan horse TR/EliteBar.H.1
[INFO] The file was moved to '47d76920.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0065755.exe
[DETECTION] Contains detection pattern of the dial-up program DIAL/57896.A
[INFO] The file was moved to '47d7692b.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0065756.exe
[DETECTION] Contains detection pattern of the dial-up program DIAL/57896.A
[INFO] The file was moved to '46bf6ef4.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0065769.dll
[DETECTION] Is the Trojan horse TR/EliteBar.H.2
[INFO] The file was moved to '47d7692d.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0065774.exe
[DETECTION] Is the Trojan horse TR/EliteBar.H.1
[INFO] The file was moved to '46bf6ef6.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP114\A0065775.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.GD.1
[INFO] The file was moved to '47d7692f.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP124\A0065875.exe
[DETECTION] Contains detection pattern of the dial-up program DIAL/79728.A
[INFO] The file was moved to '47d7693f.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP124\A0065876.exe
[DETECTION] Contains detection pattern of the dial-up program DIAL/56696.A
[INFO] The file was moved to '47d76940.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP124\A0065877.exe
[DETECTION] Contains detection pattern of the dial-up program DIAL/Generic
[INFO] The file was moved to '46bf6e99.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP124\A0065879.exe
[DETECTION] Contains detection pattern of the dial-up program DIAL/Generic
[INFO] The file was moved to '47d76941.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP124\A0065881.exe
[DETECTION] Contains detection pattern of the dial-up program DIAL/78520.A
[INFO] The file was moved to '47d76942.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP124\A0065882.exe
[DETECTION] Contains detection pattern of the dial-up program DIAL/57896.A
[INFO] The file was moved to '47d76943.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP124\A0065883.exe
[DETECTION] Contains detection pattern of the dial-up program DIAL/57896.A
[INFO] The file was moved to '46bf6e9c.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP124\A0065884.exe
[DETECTION] Contains detection pattern of the dial-up program DIAL/57896.A
[INFO] The file was moved to '47d76944.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP124\A0065885.exe
[DETECTION] Contains detection pattern of the dial-up program DIAL/57896.A
[INFO] The file was moved to '46bf6e9d.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP124\A0065886.exe
[DETECTION] Contains detection pattern of the dial-up program DIAL/57896.A
[INFO] The file was moved to '47d76946.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP124\A0065887.exe
[DETECTION] Contains detection pattern of the dial-up program DIAL/57896.A
[INFO] The file was moved to '47d76945.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP124\A0065888.exe
[DETECTION] Contains detection pattern of the dial-up program DIAL/57896.A
[INFO] The file was moved to '46bf6e9e.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP124\A0065889.exe
[DETECTION] Contains detection pattern of the dial-up program DIAL/57896.A
[INFO] The file was moved to '46bf6e9f.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP124\A0065890.exe
[DETECTION] Contains detection pattern of the dial-up program DIAL/57896.A
[INFO] The file was moved to '47d76978.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP124\A0065891.exe
[DETECTION] Contains detection pattern of the dial-up program DIAL/57896.A
[INFO] The file was moved to '46bf6ea1.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP124\A0065892.exe
[DETECTION] Contains detection pattern of the dial-up program DIAL/57896.A
[INFO] The file was moved to '47d76947.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP124\A0065893.exe
[DETECTION] Contains detection pattern of the dial-up program DIAL/57896.A
[INFO] The file was moved to '46bf6e90.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP124\A0065894.exe
[DETECTION] Contains detection pattern of the dial-up program DIAL/57896.A
[INFO] The file was moved to '47d76949.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP124\A0065895.exe
[DETECTION] Contains detection pattern of the dial-up program DIAL/57896.A
[INFO] The file was moved to '47d76948.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP124\A0065896.exe
[DETECTION] Contains detection pattern of the dial-up program DIAL/000228
[INFO] The file was moved to '46bf6e91.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP124\A0065897.exe
[DETECTION] Contains detection pattern of the dial-up program DIAL/57896.A
[INFO] The file was moved to '46bf6e92.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP135\A0070166.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.105472.4
[INFO] The file was moved to '47d76a3c.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP135\A0070167.exe
[DETECTION] Contains detection pattern of the worm WORM/Rbot.210944
[INFO] The file was moved to '47d76a3d.qua'!
C:\System Volume Information\_restore{097FA58F-1209-4999-BEA3-5CF721244C30}\RP142\A0070773.exe
[DETECTION] Is the Trojan horse TR/PSW.Delf.ZJ
[INFO] The file was moved to '47d76a72.qua'!
C:\temp\SearchRelevancy.exe
[DETECTION] Contains detection pattern of the dropper DR/Relevance.A
[INFO] The file was moved to '48086aaa.qua'!
Begin scan in 'D:\' <SYSTEM_SAV>
End of the scan: lundi 4 février 2008 21:26
Used time: 1:05:32 min
The scan has been done completely.
2171 Scanning directories
147698 Files were scanned
84 viruses and/or unwanted programs were found
6 Files were classified as suspicious:
0 files were deleted
0 files were repaired
90 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
147614 Files not concerned
6502 Archives were scanned
2 Warnings
0 Notes
au revoir bey
Bonsoir,
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.cmd pour lancer le scrïpt.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du scrïpt et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.cmd pour lancer le scrïpt.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du scrïpt et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !
slt !! dsl mais je n'ai pas pu repondre plus tot /
alor apres le avoir lancer le processus de nettoyage en cliquant sur runthis.cmd j'ai plusieur dossier :
apps
backupreg
backups
attrib
find
findstr
regedit
testned0
testnotif
testnotif1
testnotif3
mais pas de dossier report.terxt.
kan a hijackthis il plante avant que j'ai pu enregistrer le log
alor apres le avoir lancer le processus de nettoyage en cliquant sur runthis.cmd j'ai plusieur dossier :
apps
backupreg
backups
attrib
find
findstr
regedit
testned0
testnotif
testnotif1
testnotif3
mais pas de dossier report.terxt.
kan a hijackthis il plante avant que j'ai pu enregistrer le log
