Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Rapport HJT

Digger

Par Digger
dans Analyses et éradication malwares

 Partager

Messages recommandés

Digger Mega Power Member

Digger

Posté(e)
  • Auteur
Posté(e)
• tu fais un scan antivir vu que tu as déinstallé VirusTruc et tu postes son rapport.

 

• tu me presentes un rapport HJT correct, sans ligne passée|sautée. ;o)

J'ai oublié des lignes?

Pourtant j'ai fais un copié collé...

 

Ok pour le scan et le rapport.

 

Pour le HJT, il faut que je ferme firefox avant de l'effectuer ou pas?

Digger Mega Power Member

Digger

Posté(e)
  • Auteur
Posté(e) (modifié)
regarde par exemple::

 

http://forum.zebulon.fr/index.php?showtopi...t&p=1189936

 

**le rapport est plein! sans ligne qui depasse , regarde du coté de ton notepad \format\cocher retour à la ligne.......

 

 

présente le de la meme maniere ;o)

C'est mieux de femer toutes applis|Logs`... en cours pour effectuer un HJT

Alors, j'ai fait le nécessaire au niveau présentation...

Voici le rapport Avira.

AntiVir PersonalEdition Classic

Report file date: dimanche 9 mars 2008 20:08

 

Scanning for 835736 virus strains and unwanted programs.

 

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows 2000

Windows version: (Service Pack 4) [5.0.2195]

Username: EKAdmin

Computer name: patwlc5528

 

Version information:

BUILD.DAT : 270 15603 Bytes 9/19/2007 13:32:00

AVSCAN.EXE : 7.0.6.1 290856 Bytes 8/23/2007 13:16:29

AVSCAN.DLL : 7.0.6.0 49192 Bytes 8/16/2007 12:23:51

LUKE.DLL : 7.0.5.3 147496 Bytes 8/14/2007 15:32:47

LUKERES.DLL : 7.0.6.1 10280 Bytes 8/21/2007 12:35:20

ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 14:27:15

ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 9/13/2007 14:26:55

ANTIVIR2.VDF : 7.0.0.1 2048 Bytes 9/13/2007 14:27:04

ANTIVIR3.VDF : 7.0.0.2 2048 Bytes 9/13/2007 14:27:13

AVEWIN32.DLL : 7.6.0.15 2806272 Bytes 9/17/2007 17:43:56

AVWINLL.DLL : 1.0.0.7 14376 Bytes 2/26/2007 10:36:26

AVPREF.DLL : 7.0.2.2 25640 Bytes 7/18/2007 07:39:17

AVREP.DLL : 7.0.0.1 155688 Bytes 4/16/2007 13:16:24

AVPACK32.DLL : 7.3.0.15 360488 Bytes 8/3/2007 08:46:00

AVREG.DLL : 7.0.1.6 30760 Bytes 7/18/2007 07:17:06

AVARKT.DLL : 1.0.0.20 278568 Bytes 8/28/2007 12:26:33

AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 7/18/2007 07:10:18

NETNT.DLL : 7.0.0.0 7720 Bytes 3/8/2007 11:09:42

RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 8/7/2007 12:38:13

RCTEXT.DLL : 7.0.62.0 86056 Bytes 8/21/2007 12:50:37

SQLITE3.DLL : 3.3.17.1 339968 Bytes 7/23/2007 09:37:21

 

Configuration settings for the scan:

Jobname..........................: Local Drives

Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: off

Scan boot sector.................: on

Boot sectors.....................: E:,

Scan memory......................: on

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: off

Scan all files...................: Intelligent file selection

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Macro heuristic..................: on

File heuristic...................: medium

 

Start of the scan: dimanche 9 mars 2008 20:08

 

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'firefox.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'mspmspsv.exe' - '1' Module(s) have been scanned

Scan process 'WinMgmt.exe' - '1' Module(s) have been scanned

Scan process 'RCSERV.EXE' - '1' Module(s) have been scanned

Scan process 'mstask.exe' - '1' Module(s) have been scanned

Scan process 'hidserv.exe' - '1' Module(s) have been scanned

Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'a2service.exe' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'ibmpmsvc.exe' - '1' Module(s) have been scanned

Scan process 'LSASS.EXE' - '1' Module(s) have been scanned

Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned

Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned

Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned

Scan process 'SMSS.EXE' - '1' Module(s) have been scanned

26 processes with 26 modules were scanned

 

Start scanning boot sectors:

Boot sector 'C:\'

[NOTE] No virus was found!

Boot sector 'D:\'

[NOTE] No virus was found!

 

Starting to scan the registry.

The registry was scanned ( '5' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\' <LOCALDISK>

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip

[DETECTION] Contains suspicious code HEUR/PwdZIP

[iNFO] The file was moved to '483d38bf.qua'!

C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\YH0QJAWY\installer[1].exe

[DETECTION] Is the Trojan horse TR/Drop.Agent.79360

[iNFO] The file was moved to '484738cd.qua'!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\D2htls32.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Descr.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\elogger.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\elogger.exe

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\elogsvc.exe

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Licwiz.exe

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Lnq.exe

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Ndfedit.exe

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Nerrors.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\ninfo.exe

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\niu.exe

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\niulang.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Njeeves.exe

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Njev_Npt.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Njev_Pwr.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Noemrc.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Npipe.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Npt.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Nptbin.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Nptevlg2.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Nptndesk.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Nptndpip.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Nptpipx.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Nptpop.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Nptsms.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Nptsmtp.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Nptsnmp.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Nptxmit.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\nren.exe

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\NupdEx.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Nvccf.exe

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Nvccf0.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Nvccf0f.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Nvccf0g.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Nvccf0h.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Nvccf0o.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Nvccf0q.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Nvcevlog.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\nwscl.exe

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\PsapiNT4.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Zanda.exe

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Zlh.exe

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Zlhapi.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Zlh_npm.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nse\Bin\ncl.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nse\Bin\Ncm.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nse\Bin\Ndiskio.sys

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nse\Bin\Nse.exe

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nse\Bin\Nse_w32.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nse\Bin\zlh_nse.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\CClaw.exe

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Delnvc5.exe

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Ndlg.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nfshook.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nip.exe

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Niphk.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Njev_nfo.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nlog5.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Noemrc.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Npipe.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\NupdEx.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcc.exe

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvccf0A.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvccf0B.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvccf0C.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvccf0D.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvccf0E.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvccf0I.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvccx.exe

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcevlog.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcfsr.sys

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcioctl.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\nvcmflt.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcoa.exe

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcoafl4.sys

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcoafl5.sys

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcoafl51.sys

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcoaft4.sys

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcoaft5.sys

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcoaft51.sys

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcoarc4.sys

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcoarc5.sys

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcoarc51.sys

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcoas.exe

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcod.exe

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcodrc.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcsched.exe

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcse.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcte.exe

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcte0.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcte0A.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcut.exe

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcut0.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcut0A.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcut0B.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcut0E.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\nvcv32mf.sys

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\nvcv64mf.sys

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\nvcw32mf.sys

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\nvcw64mf.sys

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Zanda.exe

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Zlh.exe

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Zlhapi.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Zlh_nvc.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Qtn\Bin\D2htls32.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Qtn\Bin\Njev_Qtn.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Qtn\Bin\nqtn.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Qtn\Bin\nqtn.exe

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Qtn\Bin\Nvccf0p.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Qtn\Bin\zlh_qtn.dll

[WARNING] The file could not be opened!

Begin scan in 'D:\'

Begin scan in 'E:\'

Search path E:\ could not be opened!

Le périphérique n'est pas prêt.

 

 

 

End of the scan: dimanche 9 mars 2008 21:55

Used time: 1:46:24 min

 

The scan has been done completely.

 

4023 Scanning directories

1229125 Files were scanned

1 viruses and/or unwanted programs were found

1 Files were classified as suspicious:

0 files were deleted

0 files were repaired

2 files were moved to quarantine

0 files were renamed

111 Files cannot be scanned

1229124 Files not concerned

4587 Archives were scanned

111 Warnings

0 Notes

 

 

Je poste le rapport HJT ensuite.

 

A propos, il fait quel temps en BeZeh?

Modifié par Digger
Digger Mega Power Member

Digger

Posté(e)
  • Auteur
Posté(e)

Et voici le HJT report...

 

 

AntiVir PersonalEdition Classic

Report file date: dimanche 9 mars 2008 20:08

 

Scanning for 835736 virus strains and unwanted programs.

 

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows 2000

Windows version: (Service Pack 4) [5.0.2195]

Username: EKAdmin

Computer name: patwlc5528

 

Version information:

BUILD.DAT : 270 15603 Bytes 9/19/2007 13:32:00

AVSCAN.EXE : 7.0.6.1 290856 Bytes 8/23/2007 13:16:29

AVSCAN.DLL : 7.0.6.0 49192 Bytes 8/16/2007 12:23:51

LUKE.DLL : 7.0.5.3 147496 Bytes 8/14/2007 15:32:47

LUKERES.DLL : 7.0.6.1 10280 Bytes 8/21/2007 12:35:20

ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 14:27:15

ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 9/13/2007 14:26:55

ANTIVIR2.VDF : 7.0.0.1 2048 Bytes 9/13/2007 14:27:04

ANTIVIR3.VDF : 7.0.0.2 2048 Bytes 9/13/2007 14:27:13

AVEWIN32.DLL : 7.6.0.15 2806272 Bytes 9/17/2007 17:43:56

AVWINLL.DLL : 1.0.0.7 14376 Bytes 2/26/2007 10:36:26

AVPREF.DLL : 7.0.2.2 25640 Bytes 7/18/2007 07:39:17

AVREP.DLL : 7.0.0.1 155688 Bytes 4/16/2007 13:16:24

AVPACK32.DLL : 7.3.0.15 360488 Bytes 8/3/2007 08:46:00

AVREG.DLL : 7.0.1.6 30760 Bytes 7/18/2007 07:17:06

AVARKT.DLL : 1.0.0.20 278568 Bytes 8/28/2007 12:26:33

AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 7/18/2007 07:10:18

NETNT.DLL : 7.0.0.0 7720 Bytes 3/8/2007 11:09:42

RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 8/7/2007 12:38:13

RCTEXT.DLL : 7.0.62.0 86056 Bytes 8/21/2007 12:50:37

SQLITE3.DLL : 3.3.17.1 339968 Bytes 7/23/2007 09:37:21

 

Configuration settings for the scan:

Jobname..........................: Local Drives

Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: off

Scan boot sector.................: on

Boot sectors.....................: E:,

Scan memory......................: on

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: off

Scan all files...................: Intelligent file selection

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Macro heuristic..................: on

File heuristic...................: medium

 

Start of the scan: dimanche 9 mars 2008 20:08

 

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'firefox.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'mspmspsv.exe' - '1' Module(s) have been scanned

Scan process 'WinMgmt.exe' - '1' Module(s) have been scanned

Scan process 'RCSERV.EXE' - '1' Module(s) have been scanned

Scan process 'mstask.exe' - '1' Module(s) have been scanned

Scan process 'hidserv.exe' - '1' Module(s) have been scanned

Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'a2service.exe' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'ibmpmsvc.exe' - '1' Module(s) have been scanned

Scan process 'LSASS.EXE' - '1' Module(s) have been scanned

Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned

Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned

Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned

Scan process 'SMSS.EXE' - '1' Module(s) have been scanned

26 processes with 26 modules were scanned

 

Start scanning boot sectors:

Boot sector 'C:\'

[NOTE] No virus was found!

Boot sector 'D:\'

[NOTE] No virus was found!

 

Starting to scan the registry.

The registry was scanned ( '5' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\' <LOCALDISK>

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip

[DETECTION] Contains suspicious code HEUR/PwdZIP

[iNFO] The file was moved to '483d38bf.qua'!

C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\YH0QJAWY\installer[1].exe

[DETECTION] Is the Trojan horse TR/Drop.Agent.79360

[iNFO] The file was moved to '484738cd.qua'!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\D2htls32.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Descr.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\elogger.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\elogger.exe

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\elogsvc.exe

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Licwiz.exe

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Lnq.exe

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Ndfedit.exe

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Nerrors.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\ninfo.exe

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\niu.exe

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\niulang.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Njeeves.exe

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Njev_Npt.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Njev_Pwr.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Noemrc.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Npipe.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Npt.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Nptbin.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Nptevlg2.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Nptndesk.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Nptndpip.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Nptpipx.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Nptpop.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Nptsms.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Nptsmtp.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Nptsnmp.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Nptxmit.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\nren.exe

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\NupdEx.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Nvccf.exe

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Nvccf0.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Nvccf0f.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Nvccf0g.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Nvccf0h.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Nvccf0o.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Nvccf0q.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Nvcevlog.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\nwscl.exe

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\PsapiNT4.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Zanda.exe

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Zlh.exe

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Zlhapi.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Zlh_npm.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nse\Bin\ncl.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nse\Bin\Ncm.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nse\Bin\Ndiskio.sys

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nse\Bin\Nse.exe

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nse\Bin\Nse_w32.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nse\Bin\zlh_nse.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\CClaw.exe

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Delnvc5.exe

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Ndlg.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nfshook.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nip.exe

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Niphk.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Njev_nfo.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nlog5.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Noemrc.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Npipe.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\NupdEx.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcc.exe

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvccf0A.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvccf0B.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvccf0C.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvccf0D.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvccf0E.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvccf0I.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvccx.exe

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcevlog.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcfsr.sys

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcioctl.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\nvcmflt.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcoa.exe

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcoafl4.sys

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcoafl5.sys

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcoafl51.sys

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcoaft4.sys

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcoaft5.sys

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcoaft51.sys

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcoarc4.sys

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcoarc5.sys

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcoarc51.sys

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcoas.exe

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcod.exe

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcodrc.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcsched.exe

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcse.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcte.exe

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcte0.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcte0A.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcut.exe

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcut0.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcut0A.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcut0B.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcut0E.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\nvcv32mf.sys

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\nvcv64mf.sys

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\nvcw32mf.sys

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\nvcw64mf.sys

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Zanda.exe

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Zlh.exe

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Zlhapi.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Zlh_nvc.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Qtn\Bin\D2htls32.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Qtn\Bin\Njev_Qtn.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Qtn\Bin\nqtn.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Qtn\Bin\nqtn.exe

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Qtn\Bin\Nvccf0p.dll

[WARNING] The file could not be opened!

C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Qtn\Bin\zlh_qtn.dll

[WARNING] The file could not be opened!

Begin scan in 'D:\'

Begin scan in 'E:\'

Search path E:\ could not be opened!

Le périphérique n'est pas prêt.

 

 

 

End of the scan: dimanche 9 mars 2008 21:55

Used time: 1:46:24 min

 

The scan has been done completely.

 

4023 Scanning directories

1229125 Files were scanned

1 viruses and/or unwanted programs were found

1 Files were classified as suspicious:

0 files were deleted

0 files were repaired

2 files were moved to quarantine

0 files were renamed

111 Files cannot be scanned

1229124 Files not concerned

4587 Archives were scanned

111 Warnings

0 Notes

 

J'aime assez la remarque "virus truc"...!

Digger Mega Power Member

Digger

Posté(e)
  • Auteur
Posté(e) (modifié)
Yes Madame!!!

 

:P

Et voilà, corbeille vidée, quarantaine également.

Résultat:

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:44:57, on 10/03/2008

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Normal

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\System32\ibmpmsvc.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\Program Files\a-squared Anti-Malware\a2service.exe

C:\WINNT\System32\Ati2evxx.exe

C:\WINNT\system32\hidserv.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\RCSERV.EXE

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\System32\mspmspsv.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\Explorer.EXE

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\WINNT\System32\svchost.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =http://home.kodak.com/categories/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =http://www.google.fr/

R1 - HKLM\Software\Microsoft\InternetExplorer\Main,Default_Page_URL = http://home.kodak.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title =Microsoft Internet Explorer provided by Eastman Kodak

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\InternetSettings,AutoConfigURL = http://proxy.kodak.com:81/proxy.pac

R0 - HKCU\Software\Microsoft\InternetExplorer\Toolbar,LinksFolderName =

O2 - BHO: (no name) - {2B937E95-F9A9-D620-E5AE-001B0F1D0089} -(no file)

O2 - BHO: (no name) - {33FE8D24-899D-4413-BFDC-7FCA165C35DF} -(no file)

O2 - BHO: Spybot-S&D IE Protection -{53707962-6F74-2D53-2644-206D7942484F} - C:\ProgramFiles\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} -C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)

O2 - BHO: (no name) - {76E3BB9E-124A-4077-8A61-8C00FA112689} -(no file)

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVirPersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [uniblue RegistryBooster 2] C:\ProgramFiles\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

O4 - HKCU\..\Run: [E:\] C:\Program Files\Spybot - Search &Destroy\TeaTimer.exe

O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Defaultuser')

O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\ProgramFiles\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User'Defaultuser')

O4 - .DEFAULT Startup: ieproxychk.bat (User 'Default user')

O4 - .DEFAULT Startup: userdata.bat (User 'Default user')

O4 - .DEFAULT User Startup: ieproxychk.bat (User 'Default user')

O4 - .DEFAULT User Startup: userdata.bat (User 'Default user')

O4 - Global Startup: Collect Most Frequent Userid.lnk.disabled

O4 - Global Startup: McAfee Desktop Firewall Tray.lnk.disabled

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictionspresent

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\ControlPanel present

O9 - Extra button: (no name) -{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\ProgramFiles\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) -{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\ProgramFiles\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Create Mobile Favorite -{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} -C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) -{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Créer un favori mobile... -{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a}- C:\WINNT\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links -{c95fe080-8f5d-11d2-a20b-00aa003c157a} -C:\WINNT\web\related.htm

O9 - Extra button: (no name) -{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ProgramFiles\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration -{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ProgramFiles\Spybot - Search&Destroy\SDHelper.dll

O14 - IERESET.INF: START_PAGE_URL=http://home.kodak.com

O15 - Trusted Zone: http://www.chemicaldata.com

O15 - Trusted Zone: http://www.ctadvantage.com

O15 - Trusted Zone: http://rj.culturainglesaonline.com

O15 - Trusted Zone: http://ehlfod41.eloquent.com

O15 - Trusted Zone: http://helpcenter.eloquent.com

O15 - Trusted Zone: http://www.ibm.com

O15 - Trusted Zone: http://www.masconnexion.com

O15 - Trusted Zone: http://www.progressivesecure.co.nz

O15 - Trusted Zone: http://www.chemicaldata.com (HKLM)

O15 - Trusted Zone: http://www.ctadvantage.com (HKLM)

O15 - Trusted Zone: http://rj.culturainglesaonline.com (HKLM)

O15 - Trusted Zone: http://ehlfod41.eloquent.com (HKLM)

O15 - Trusted Zone: http://helpcenter.eloquent.com (HKLM)

O15 - Trusted Zone: http://www.ibm.com (HKLM)

O15 - Trusted Zone: http://www.masconnexion.com (HKLM)

O15 - Trusted Zone: http://www.progressivesecure.co.nz (HKLM)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain =fr.kodak.com

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain =fr.kodak.com

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain =fr.kodak.com

O21 - SSODL: SysRun - {D7FFD784-5276-42D1-887B-00267870A4C7} -(no file)

O21 - SSODL: ryrnIRTumoBEcS -{D08465A7-7A2E-CF0D-4440-B0FEB1D835A5} - (no file)

O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - EmsiSoftware GmbH - C:\Program Files\a-squaredAnti-Malware\a2service.exe

O23 - Service: McAfee Alert Manager (AlertManager) - McAfee Divisionof Network Associates, Inc. - C:\Program Files\NetworkAssociates\Alert Manager\amgrsrvc.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler(AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVirPersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) -Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEditionClassic\avguard.exe

O23 - Service: Ati HotKey Poller - Unknown owner -C:\WINNT\System32\Ati2evxx.exe

O23 - Service: Windows Host Services (DLLHOST32) - Unknown owner -C:\WINNT\system\dllhost.exe (file missing)

O23 - Service: Logical Disk Manager Administrative Service (dmadmin) -VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

O23 - Service: EKInstaller (EKInst) - Unknown owner -C:\WINNT\SYSTEM32\srvany.exe (file missing)

O23 - Service: IBM PM Service (IBMPMSVC) - IBM Corp. -C:\WINNT\System32\ibmpmsvc.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\ProgramFiles\iPod\bin\iPodService.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - EastmanKodak Company - C:\WINNT\system32\drivers\KodakCCS.exe

O23 - Service: Tivoli Endpoint (lcfd) - Unknown owner -C:\apps\Tivoli\lcf\bin\w32-ix86\mrt\LCFD.EXE (file missing)

O23 - Service: McAfee Framework Service (McAfeeFramework) -McAfee, Inc. - C:\Program Files\Network Associates\CommonFramework\FrameworkService.exe

O23 - Service: Network Associates Task Manager (McTaskManager) -Network Associates, Inc. - C:\Program Files\NetworkAssociates\VirusScan\vstskmgr.exe

O23 - Service: Macromedia Updater (mmupdate) - Unknown owner -C:\WINNT\TEMP\C.tmp (file missing)

O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner- C:\WINNT\system32\msasvc.exe (file missing)

O23 - Service: Microsoft Sata emulation (mside) - Unknown owner -C:\WINNT\system\mside.exe (file missing)

O23 - Service: Norman ZANDA - Unknown owner -C:\VIRUSfighter\Npm\Bin\Zanda.exe (file missing)

O23 - Service: Norman Virus Control on-access component (nvcoas) -Unknown owner - C:\VIRUSfighter\Nvc\bin\nvcoas.exe (file missing)

O23 - Service: Norman Virus Control Scheduler (NVCScheduler) -Unknown owner - C:\VIRUSfighter\Nvc\BIN\NVCSCHED.EXE (filemissing)

O23 - Service: Tivoli Remote Control Service (TME10RC) - TIVOLISystems - C:\WINNT\RCSERV.EXE

O23 - Service: wsmv(wsmv) (wsmv) - Unknown owner -C:\WINNT\system32\wmsv.exe (file missing)

--

End of file - 8362 bytes

Modifié par angelique
angelique Devil Member !

angelique

Posté(e)
Posté(e)

• relance HJT " do a system scan only" , coche uniquement et clic fixchecked:

 

O2 - BHO: (no name) - {2B937E95-F9A9-D620-E5AE-001B0F1D0089} -(no file)

O2 - BHO: (no name) - {33FE8D24-899D-4413-BFDC-7FCA165C35DF} -(no file)

O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} -C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)

O2 - BHO: (no name) - {76E3BB9E-124A-4077-8A61-8C00FA112689} -(no file)

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a}- C:\WINNT\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links -{c95fe080-8f5d-11d2-a20b-00aa003c157a} -C:\WINNT\web\related.htm

O21 - SSODL: SysRun - {D7FFD784-5276-42D1-887B-00267870A4C7} -(no file)

O21 - SSODL: ryrnIRTumoBEcS -{D08465A7-7A2E-CF0D-4440-B0FEB1D835A5} - (no file)

 

• Télécharger OTMoveIt2 par OldTimer.

 

http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe

 

* Enregistrer ce fichier sur le Bureau.

* Faire un double clic sur OTMoveIt2.exe pour lancer l'exécution de l'outil. (Note: Si vous utilisez Vista, faire un clic droit sur le fichier puis choisir Exécuter en tant qu'administrateur).

* Copier les lignes de la zone "Code" ci-dessous dans le Presse-papiers en les sélectionnant TOUTES puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier):

C:\WINNT\web\related.htm
C:\Program Files\EoRezo

* Retourner dans la fenêtre de OTMoveIt2, faire un clic droit dans la zone "Paste Standard List of Files/Folders to Move" (sous la barre bleu clair) puis choisir Coller.

* Copier les lignes de la zone "Code" ci-dessous dans le Presse-papiers en les sélectionnant TOUTES puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier):

EmptyTemp

* Retourner dans la fenêtre de OTMoveIt2, faire un clic droit dans la zone "Paste Custom List Of Files/Patterns To Move" (sous la barre jaune) puis choisir Coller.

* Cliquer sur le bouton rouge Moveit!.

* Copier tout ce qui se trouve dans la zone Results (sous la barre verte) dans le Presse-papiers en sélectionnant TOUTES LES LIGNES puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier), et coller ces résulats en réponse sur le forum.

* Fermer OTMoveIt2

 

Note: Si un fichier ou un dossier ne peut pas être déplacé immédiatement, un redémarrage sera peut-être nécessaire afin de terminer le processus de déplacement. Si le redémarrage de la machine vous est demandé, choisir Oui/Yes. Dans ce cas, après le redémarrage, ouvrir le Bloc-notes (Démarrer->Tous les programmes->Accessoires->Bloc-notes), cliquer sur Fichier->Ouvrir, dans la zone "Nom du fichier" taper *.log et appuyer sur la touche Entrée, naviguer jusqu'au dossier C:\_OTMoveIt\MovedFiles, puis ouvrir le fichier .log le plus récent; ensuite faire un copier/coller du contenu de ce document en réponse sur le forum.

 

• Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

Double clique sur SDFix.exe et choisis Install pour l'extraire en c:\SDFix.

 

Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :

 

Redémarre en mode Sans Échec : au redémarrage, tapote immédiatement la touche F8 ; tu verras un écran avec choix de démarrages apparaître. Utilisant les flèches du clavier, choisis "Mode Sans Échec" et valide avec "Entrée". Choisis ton compte usuel, et non Administrateur.

 

 

 

* Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.cmd pour lancer le script.

* Appuie sur Y pour commencer le processus de nettoyage.

* Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.

* Appuie sur une touche pour redémarrer le PC.

* Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.(laisse le s'executer sans rien toucher!!)

* Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.

* Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.(ne touche à rien!!laisse le faire)

* Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.

* Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum

 

• Téléchargez un fichier de script nommé ListOrphanservices.vbs à partir de cette adresse : http://windowsxp.mvps.org/reg/ListOrphanservices.vbs.

Double-cliquez sur ce fichier afin de lancer le processus de détection des services orphelins.

Un document Bloc-notes s'affiche automatiquement avec ce type de contenu :

Services with missing ImagePath value , poste le contenu.

Digger Mega Power Member

Digger

Posté(e)
  • Auteur
Posté(e)

J'ai fait le nécessaire pour HJT.

Mais pas moyen de télécharger Oldtimer.

J'ai fait plusieurs essais avec ce lien et d'autre, invariablement la réponse est: erreur de chargement de la page...

 

Que faire?

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...